Check-in [9c68e9f8ca]
Not logged in
Home Timeline Branches Tags Tickets Wiki Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:add FOSSIL_ENABLE_SSL guards to new code
Timelines: family | ancestors | descendants | both | tls-server-fix
Files: files | file ages | folders
SHA3-256: 9c68e9f8ca554e0b8c83fb1672336e79e3254975757f3bbbcca41c5be211fc51
User & Date: rdb 2022-01-15 16:49:06.921
Context
2022-01-16
03:29
fix c90 forbids mixed declarations and code wanrning check-in: ad66227c8d user: rdb tags: tls-server-fix
2022-01-15
16:49
add FOSSIL_ENABLE_SSL guards to new code check-in: 9c68e9f8ca user: rdb tags: tls-server-fix
16:44
tls: fix reading a loaded cert to be used with fossil server --tls repo.fossil talked about in forum thread https://fossil-scm.org/forum/forumpost/46f7dfc63f check-in: 81c486badf user: rdb tags: tls-server-fix
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/main.c. 
3117
3118
3119
3120
3121
3122
3123

3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135


  /* 
  ** get tls / ssl options, the calls that use these options need 
  ** access to the repo database which has not been found yet.
  ** we get and store them now, as find_option removes them from
  ** argv
  */

  zCertFile = find_option("tls-cert-file",0,1);
  if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){
    zTls = 1;
  }

  if( find_option("localhost", 0, 0)!=0 ){
    flags |= HTTP_SERVER_LOCALHOST;
  }
  g.zCkoutAlias = find_option("ckout-alias",0,1);
  g.zMainMenuFile = find_option("mainmenu",0,1);
  if( g.zMainMenuFile!=0 && file_size(g.zMainMenuFile,ExtFILE)<0 ){
    fossil_fatal("Cannot read --mainmenu file %s", g.zMainMenuFile);








>




|








3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136


  /* 
  ** get tls / ssl options, the calls that use these options need 
  ** access to the repo database which has not been found yet.
  ** we get and store them now, as find_option removes them from
  ** argv
  */
#if FOSSIL_ENABLE_SSL
  zCertFile = find_option("tls-cert-file",0,1);
  if( find_option("tls",0,0)!=0 || find_option("ssl",0,0)!=0 ){
    zTls = 1;
  }
#endif
  if( find_option("localhost", 0, 0)!=0 ){
    flags |= HTTP_SERVER_LOCALHOST;
  }
  g.zCkoutAlias = find_option("ckout-alias",0,1);
  g.zMainMenuFile = find_option("mainmenu",0,1);
  if( g.zMainMenuFile!=0 && file_size(g.zMainMenuFile,ExtFILE)<0 ){
    fossil_fatal("Cannot read --mainmenu file %s", g.zMainMenuFile);

3191
3192
3193
3194
3195
3196
3197

3198

3199
3200
3201
3202
3203
3204
3205

  }
  /* 
  ** We need call enable TLS / SSL here as we need query the 
  ** repo database to access the certificate if its been loaded
  **     
  ** The database has only just been found and made available
  */

  init_ssl_decoder(zCertFile, zTls);

  if( find_option("https",0,0)!=0 || g.httpUseSSL ){
    cgi_replace_parameter("HTTPS","on");
  }
  if( g.httpUseSSL && (flags & HTTP_SERVER_SCGI)!=0 ){
    fossil_fatal("SCGI does not (yet) support TLS-encrypted connections");
  }









>
|
>








3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208

  }
  /* 
  ** We need call enable TLS / SSL here as we need query the 
  ** repo database to access the certificate if its been loaded
  **     
  ** The database has only just been found and made available
  */
#if FOSSIL_ENABLE_SSL
    init_ssl_decoder(zCertFile, zTls);
#endif
  if( find_option("https",0,0)!=0 || g.httpUseSSL ){
    cgi_replace_parameter("HTTPS","on");
  }
  if( g.httpUseSSL && (flags & HTTP_SERVER_SCGI)!=0 ){
    fossil_fatal("SCGI does not (yet) support TLS-encrypted connections");
  }
Fossil version [1205ec86cb] 2025-04-30 16:57:32