Fossil

Diff
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...
Annotate Patch Side-by-side Diff

Differences From Artifact [476d51b554]:

To Artifact [5b561db235]:

305
306
307
308
309
310
311















312
313
314
315
316
317
318

305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+








      }
    }
    if( zFile==0 ){
      /* fossil_fatal("Cannot find a trust store"); */
    }else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){
      fossil_fatal("Cannot load CA root certificates from %s", zFile);
    }

/* Enable OpenSSL to use the Windows system ROOT certificate store to search for
** certificates missing in the file and directory trust stores already loaded by
** `SSL_CTX_load_verify_locations()'.
** This feature was introduced with OpenSSL 3.2.0, and may be enabled by default
** for future versions of OpenSSL, and explicit initialization may be redundant.
** NOTE TO HACKERS TWEAKING THEIR OPENSSL CONFIGURATION:
** The following OpenSSL configuration options must not be used for this feature
** to be available: `no-autoalginit', `no-winstore'. The Fossil makefiles do not
** currently set these options when building OpenSSL for Windows. */
#if defined (_WIN32)
#if OPENSSL_VERSION_NUMBER >= 0x030200000
    SSL_CTX_load_verify_store(sslCtx, "org.openssl.winstore:");
#endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
#endif /* _WIN32 */

    /* Load client SSL identity, preferring the filename specified on the
    ** command line */
    if( g.zSSLIdentity!=0 ){
      identityFile = g.zSSLIdentity;
    }else{
      identityFile = db_get("ssl-identity", 0);

1028
1029
1030
1031
1032
1033
1034














1035
1036
1037
1038
1039
1040
1041

1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070








+
+
+
+
+
+
+
+
+
+
+
+
+
+








         "    The default locations for the set of root certificates\n"
         "    used by the \"fossil sync\" and similar commands to verify\n"
         "    the identity of servers for \"https:\" URLs. These values\n"
         "    come into play when Fossil is used as a TLS client.  These\n"
         "    values are built into your OpenSSL library.\n\n"
      );
    }

#if defined (_WIN32)
#if OPENSSL_VERSION_NUMBER >= 0x030200000
    fossil_print("  OpenSSL-winstore:   Yes\n");
#else /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
    fossil_print("  OpenSSL-winstore:   No\n");
#endif /* OPENSSL_VERSION_NUMBER >= 0x030200000 */
    if( verbose ){
      fossil_print("\n"
         "    OpenSSL 3.2.0 (or newer) also uses the certificates managed by\n"
         "    the Windows operating system.\n\n"
      );
    }
#endif /* _WIN32 */

    if( zUsed==0 ) zUsed = "";
    fossil_print("  Trust store used:   %s\n", zUsed);
    if( verbose ){
      fossil_print("\n"
         "    The location that is actually used for the root certificates\n"
         "    used to verify the identity of servers for \"https:\" URLs.\n"
This page was generated in about 0.015s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32