Fossil

Differences From Artifact [c2bec741c6]:

• File www/ssl.wiki — part of check-in [ad47a447c8] at 2024-03-30 20:48:35 on branch trunk — Removed all references to "Fossil 2.1x" from the docs, excepting the changelog and the hashpolicy doc. The bulk of these were for 2.14 or older — *ten* versions back now! — and there is no reason to suppose such old versions are still in use any more. These notes were justified when they informed users about surprising changes and feature additions, but they now do nothing but clutter the docs. If I am wrong about people being surprised by these things, we still have the changelog, the timeline, and the forum. (user: wyoung size: 14151) [more...]

To Artifact [d1fc950cf5]:

• File www/ssl.wiki — part of check-in [b8b22d795e] at 2024-07-15 16:42:00 on branch trunk — Update the TLS doc to mention the use of the Windows root certificates (intented more as a reminder from a non-tech-writer and non-security-expert to properly document the feature once more people have used it and not reported any problems). (user: florian size: 14727) [more...]

187
188
189
190
191
192
193
















194
195
196
197
198
199
200

187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

fossil set --global ssl-ca-location %userprofile%\cacert.pem
</pre>

This can also happen if you've linked Fossil to a version of OpenSSL
[#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can
work in that case, too.

<blockquote>
OpenSSL 3.2.0 or greater is able to use the stock CA certificates
managed by Windows, and Fossil 2.25 (still in development as of
2024-07-15) takes advantage of this feature. This <em>possibly</em>
eliminates the need to manually install the Mozilla certificate package,
for example when connecting to Fossil servers secured by the widely-used
Let's Encrypt certificates. Run the following command to check if the
feature is supported:

<pre>
fossil tls-config show -v
</pre>

(See the "OpenSSL-winstore" section, requires Fossil 2.25 or greater.)
</blockquote>

When you build Fossil on Linux platforms against the binary OpenSSL
package provided with the OS, you typically get a root cert store along
with the platform OpenSSL package, either built-in or as a hard
dependency.


<h4>Client-Side Certificates</h4>