Fossil

Check-in [67147dd6be]
Login

Check-in [67147dd6be]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add the "test-ssl-trust-store" command for testing and diagnostics.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 67147dd6be1acdb1f30008c20be1cb292af0f8a8c69f1a5360b9976458e7e3e2
User & Date: drh 2020-04-26 15:39:00.636
Context
2020-04-26
20:41
Fix overlength lines and commenting irregularities in http_ssl.c. No code changes. ... (check-in: 483ac3db83 user: drh tags: trunk)
15:39
Add the "test-ssl-trust-store" command for testing and diagnostics. ... (check-in: 67147dd6be user: drh tags: trunk)
03:58
Expanded on the "Certificates" section of www/ssl.wiki to fill in some details. The key improvement is making the first line of the OpenSSL error when the CA trust store isn't set up searchable. As it was, you pretty much had to know the solution already in order to seek out this documentation! ... (check-in: b3c0c07c07 user: wyoung tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/http_ssl.c. 
28
29
30
31
32
33
34

35
36
37
38
39
40
41

#include "config.h"

#ifdef FOSSIL_ENABLE_SSL

#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>


#include "http_ssl.h"
#include <assert.h>
#include <sys/types.h>

/*
** There can only be a single OpenSSL IO connection open at a time.








>








28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

#include "config.h"

#ifdef FOSSIL_ENABLE_SSL

#include <openssl/bio.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509.h>

#include "http_ssl.h"
#include <assert.h>
#include <sys/types.h>

/*
** There can only be a single OpenSSL IO connection open at a time.

496
497
498
499
500
501
502




















    N -= got;
    pContent = (void*)&((char*)pContent)[got];
  }
  return total;
}

#endif /* FOSSIL_ENABLE_SSL */



























>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522

    N -= got;
    pContent = (void*)&((char*)pContent)[got];
  }
  return total;
}

#endif /* FOSSIL_ENABLE_SSL */

/*
** COMMAND: test-ssl-trust-store
**
** Show the file and directory where OpenSSL looks for certificates
** of trusted CAs.
*/
void test_ssl_info(void){
#if !defined(FOSSIL_ENABLE_SSL)
  fossil_print("SSL disabled in this build\n");
#else
  fossil_print("file:  %-14s  %s\n",
     X509_get_default_cert_file_env(),
     X509_get_default_cert_file());
  fossil_print("dir:   %-14s  %s\n",
     X509_get_default_cert_dir_env(),
     X509_get_default_cert_dir());
#endif
}