Fossil

Check-in [3c0565ab5e]
Login

Check-in [3c0565ab5e]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:The error message Fossil gives on TLS certificate check failure changed in Fossil 2.11, so updated www/ssl.wiki to show the new message. Left the old message in place, since many people will be running versions of Fossil that still use that format, and a big part of the reason why we have this error message in the document is to make it come up in web searches for the error, since we give solutions later in the same doc.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3c0565ab5e9725b7975ba57a4a55c5826349c5dfe09d842d3dabbf880337671a
User & Date: wyoung 2020-05-27 16:56:42.939
Context
2020-05-27
17:56
Added a top-level "tags" Makefile target for updating a Vim tags file using Exuberant Ctags (requires -R feature). It also updates a cscope file if we find cscope at configuration time. One so interested could add etags support to this as well. ... (check-in: ebb67be487 user: wyoung tags: trunk)
16:56
The error message Fossil gives on TLS certificate check failure changed in Fossil 2.11, so updated www/ssl.wiki to show the new message. Left the old message in place, since many people will be running versions of Fossil that still use that format, and a big part of the reason why we have this error message in the document is to make it come up in web searches for the error, since we give solutions later in the same doc. ... (check-in: 3c0565ab5e user: wyoung tags: trunk)
2020-05-26
18:30
Fix a bug in the "Delete Ad-Unit" button in the setup pages. ... (check-in: 48dca1b4c9 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to www/ssl.wiki. 
119
120
121
122
123
124
125
126
127










128
129
130
131
132
133
134

know that it can trust your certificate, so you'll be asked if you want
to accept the certificate the first time you communicate with the
server. Verify the certificate fingerprint is correct, then answer
"always" if you want Fossil to remember your decision.

If you are cloning from or syncing to Fossil servers that use a
certificate signed by a well-known CA or one of its delegates, Fossil
still has to know which CA roots to trust. When this fails, you get a
big long error message that starts with this text:











<pre>
    SSL verification failed: unable to get local issuer certificate
</pre>

Fossil relies on the OpenSSL library to have some way to check a trusted
list of CA signing keys. There are two common ways this fails:








|
|
>
>
>
>
>
>
>
>
>
>








119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144

know that it can trust your certificate, so you'll be asked if you want
to accept the certificate the first time you communicate with the
server. Verify the certificate fingerprint is correct, then answer
"always" if you want Fossil to remember your decision.

If you are cloning from or syncing to Fossil servers that use a
certificate signed by a well-known CA or one of its delegates, Fossil
still has to know which CA roots to trust. When this fails, you get an
error message that looks like this in Fossil 2.11 and newer:

<pre>
    Unable to verify SSL cert from www.fossil-scm.org
      subject: CN = sqlite.org
      issuer:  C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
      sha256:  bf26092dd97df6e4f7bf1926072e7e8d200129e1ffb8ef5276c1e5dd9bc95d52
    accept this cert and continue (y/N)?
</pre>

In older versions, the message was much longer and began with this line:

<pre>
    SSL verification failed: unable to get local issuer certificate
</pre>

Fossil relies on the OpenSSL library to have some way to check a trusted
list of CA signing keys. There are two common ways this fails: