Re: [fossil-users] Testing new features
On Thu, 02 Jun 2011 16:27:16 -0700, Jan Danielsson wrote: On 06/02/11 22:05, Ben Summers wrote: I've created a new branch, ben-testing, with the new features I've been working on. I'm going to be using this version from now on to make sure it's well tested before it's considered for merging into trunk. It adds: * SSL client certificate support [---] See http://www.fossil-scm.org/index.html/timeline?r=jan-clientcert for alternative SSL client certificate support. I'm quite annoyed at myself for not noticing your implementation until after I'd written mine. The difference between the two is that I've implemented the simplest possible thing which could work, and you've added complete certificate management, including managing the server's certificate. Your implementation avoids the need to specify the client certificate on every clone command, but mine requires it for each repo, storing the pathname in the ssl-identity setting for later operations. Personally I just want to be able to use client certificates, and don't mind which approach is taken. Ben -- http://bens.me.uk/ ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] Testing new features
I've created a new branch, ben-testing, with the new features I've been working on. I'm going to be using this version from now on to make sure it's well tested before it's considered for merging into trunk. It adds: * SSL client certificate support * Versionable settings (eg specify ignore-glob as the file .fossil-settings/ignore-glob) * empty-dirs setting, for creating empty directories on update or checkout I'd appreciate any help in testing it, and feedback on the implementation. Unless you want to use empty-dirs as a non-versioned setting, you can use a normal release on the server. I'll keep the branch up to date with releases as they're made. To get started with the settings changes, type fossil help settings, and for the SSL certs, connect to a server which requests a client certificate for instructions, or type fossil help clone. Thanks! Ben -- http://bens.me.uk/ ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Testing new features
On 06/02/11 22:05, Ben Summers wrote: I've created a new branch, ben-testing, with the new features I've been working on. I'm going to be using this version from now on to make sure it's well tested before it's considered for merging into trunk. It adds: * SSL client certificate support [---] See http://www.fossil-scm.org/index.html/timeline?r=jan-clientcert for alternative SSL client certificate support. My client certificate system works as follows: Step 1: Create a certificate bundle (stored in the global database): $ fossil cert add myfoo --key ~/.certs/myid.key --cert ~/.certs/myid.crt --cafile ~/.certs/foo-ca.crt Step 2: Clone using the bundle $ fossil clone --certbundle myfoo https://repos.foo.org/projects/projectX projectx.fossil Fossil has now made an implicit association between the URL repos.foo.org and the user's certificate bundle myfoo. One can see this using the cert list sub-command: $ fossil cert list myfoo ckey=/home/anonymous/.certs/myid.key ckey=/home/anonymous/.certs/myid.crt cafile=/home/anonymous/.certs/foo-ca.crt Associations repos.foo.org What this means is that any time the user uses https to access repos.foo.org, fossil will automatically use the certificate bundle myfoo. Should one want to break the association, without removing the certificate bundle, use the command: $ fossil cert disassociate repos.foo.org Each time one uses clone/push/pull/sync with the --certbundle option, the implicit association will be made. Finally, if one would need to remove the certificate bundle, and all its associations, use the command: $ fossil cert delete myfoo -- Kind regards, Jan Danielsson signature.asc Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
