2013/11/13 Andy Bradford
<amb-sendok-1386919672.amajdcdofcnkifmbj...@bradfords.org>:
> Thus said Jan Nijtmans on Tue, 12 Nov 2013 16:52:57 +0100:
>
>> I think it works fine, but I would appreciate more eyes having a final
>> look at it.
>
> Here's another observation. Now that I got around the proxy problem (the
> proxy I was using was returning 403), I get prompted to accept the
> self-signed certificate, but the host listed is that of the proxy:
>
> Accept certificate for host proxy.host.dom (a=always/y/N)?
Hm. Looking back at my mail from oct 28:
2013/10/28 Jan Nijtmans <jan.nijtm...@gmail.com>:
> If you are not expecting this message, answer no and contact your
> server administrator.
>
> Accept certificate for host 130.139.104.40 (a=always/y/N)? y
This was indeed wrong: the certificate should be accepted for
"sqlite.org", not for the IP address of my proxy. That's why
the certificate was not accepted: the hostname didn't
match the expected hostname, because the hostname
of the proxy was used not the hostname of the server!
> Is this how it is supposed to work when using a proxy? Or should it
> actually display the name of the host that is in the Fossil clone URL?
It should display the name of the host, and it should also
verify the certificate against the hostname of the server,
not the hostname of the proxy. Thank you for noting
this, it's clearly a bug. Jan (Danielsson), can you have
a look at it? It was not easy to note, because once the
certificate is accepted manually (by answering 'a')
everything works as expected.
Thanks!
Regards,
Jan Nijtmans
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
