Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
History of file src/http_ssl.c at check-in 8c50f807b73e3d41
|
2025-12-23
| ||
| 16:06 | Assorted fixes of typos and grammar in code comments. No functional changes. file: [21448e1598] check-in: [e2bdc10572] user: danield branch: trunk, size: 38197 | |
|
2025-12-21
| ||
| 00:49 | Rename a new routine for consistent naming in the http_socket.c source file. file: [002f2f672d] check-in: [fa63c94422] user: drh branch: ssl-with-socket, size: 38198 | |
| 00:38 | Remove extraneous includes that were left overs from alternative approach. file: [8d48f7184d] check-in: [e7386bb0b5] user: andybradford branch: ssl-with-socket, size: 38195 | |
|
2025-12-20
| ||
| 23:46 | When handling HTTPS urls, open a socket and then upgrade the socket to use TLS. See discussion starting with [forum:/forumpost/3726ae4219|forum post 3726ae4219]. file: [a7f589b053] check-in: [61b3f488a6] user: andybradford branch: ssl-with-socket, size: 38374 | |
|
2025-12-19
| ||
| 12:17 | Add the --ipv6 option to "fossil clone" to force the use of IPv6. file: [81f957ee92] check-in: [6f55dbd00b] user: drh branch: trunk, size: 40799 | |
|
2025-12-05
| ||
| 16:04 | Update OpenSSL usage to avoid deprecated APIs. file: [2ad69a8494] check-in: [0d239b52b0] user: drh branch: trunk, size: 40129 | |
|
2025-07-23
| ||
| 15:58 | Minor optimization: replace calls to mprintf("%s", X) with fossil_strdup(X). file: [5050cdd144] check-in: [4c3e1728e1] user: danield branch: trunk, size: 39995 | |
|
2025-04-18
| ||
| 07:08 | Amend [2b6ad00ea3]: Minor wording improvements to `fossil ssl-config show -v' output. file: [c378b9724a] check-in: [a9b075af83] user: florian branch: trunk, size: 39995 | |
|
2025-04-14
| ||
| 16:53 | Disable the Windows root certificate store on OpenSSL 3.5.0, due to [https://github.com/openssl/openssl/issues/27355|OpenSSL bug #27355]. file: [ced33faeae] check-in: [2b6ad00ea3] user: drh branch: trunk, size: 39983 | |
|
2025-03-21
| ||
| 23:29 | Work around missing BIO_set_conn_ip_family() API in LibreSSL. This fixes [forum:/forumpost/a52cbed8f228397e|forum post a52cbed8f], I'm told. file: [b6e82531b7] check-in: [50ff741f6f] user: drh branch: trunk, size: 39967 | |
| 13:50 | Fix the SSL transport so that it honors the --ipv4 flag. See [forum:/forumpost/ea4b2ec3fe577e79|forum post ea4b2ec3f]. To facilitate testing, add the --ipv4 flag to the test-httpmsg command and report the IP-address when the -v flag is present. file: [8147c414a6] check-in: [136dbe9ce0] user: drh branch: trunk, size: 39743 | |
|
2025-03-19
| ||
| 11:31 | Simplify the command property of "abbreviated-subcommands" to just "abbrv-subcom" and the setting property of "show-only-if-changed" to just "if-chng". file: [b06b61ff18] check-in: [3e7c7e2277] user: drh branch: trunk, size: 39573 | |
|
2025-03-02
| ||
| 20:36 | Merge from trunk. file: [633df7e1ae] check-in: [b591622016] user: brickviking branch: bv-infotool, size: 40862 | |
|
2025-03-01
| ||
| 16:02 | Improvements to rendering in the "fossil help" command, especially in combination with the -u/--usage and -o/--options command-line options. file: [b0951dca51] check-in: [62cb8ea785] user: drh branch: trunk, size: 39595 | |
|
2024-11-04
| ||
| 13:09 | Fix (harmless) off-by-one error in the new test-trust-store command. file: [4e6a653891] check-in: [735bd3dccb] user: drh branch: httpmsg-debug, size: 40761 | |
| 12:54 | Improvements to the diagnostic output from the test-trust-store command. file: [d864b016d9] check-in: [aa5bddda68] user: drh branch: httpmsg-debug, size: 40736 | |
| 11:22 | Add the test-trust-store command for debugging TLS problems. *Updated 2024-11-06:* These changes should not be in a release candidate. Therefore moved into a branch. file: [e5d4a5e1e9] check-in: [28ea88e770] user: drh branch: httpmsg-debug, size: 39896 | |
|
2024-10-21
| ||
| 21:38 | Fix 'off-by-one' error within establish_proxy_tunnel() routine introduced in [e8d328cbd32]. file: [cffdb9d69b] check-in: [5a282cfb80] user: george branch: trunk, size: 39494 | |
|
2024-10-14
| ||
| 01:31 | Fix the establish_proxy_tunnel() routine so that it works even if CRs are omitted from the protocol by the proxy. file: [a87c36f354] check-in: [e8d328cbd3] user: drh branch: trunk, size: 39494 | |
|
2024-10-12
| ||
| 12:03 | Emit only \n, not \r\n, even in places where protocols technically require a full \r\n. Provide a compile-time option -DSEND_CR=1 that includes the CRs when necessary. file: [567c607fc2] check-in: [0dcce257b0] user: drh branch: omit-cr, size: 39503 | |
|
2024-07-15
| ||
| 10:42 | Reduce the WARNING that the Windows root certificates cannot be loaded to a NOTICE and output it on the same channel as the "Unable to verify SSL cert from ... accept this cert and continue (y/N/fingerprint)?" prompt. file: [724d17ae23] check-in: [5d993d5439] user: florian branch: trunk, size: 39511 | |
|
2024-07-13
| ||
| 08:23 | Amend the previous commit: Display a warning on failure to load the Windows root certificates, which may be helpful until the feature has proven to work well. Add a hint how to list the Windows root certificates. Use consistent code style. file: [1706fa3b93] check-in: [de6a059493] user: florian branch: trunk, size: 39510 | |
|
2024-07-12
| ||
| 17:50 | Enable OpenSSL to use the Windows certificate store. file: [5b561db235] check-in: [6fc64abe34] user: florian branch: trunk, size: 39296 | |
|
2024-02-02
| ||
| 22:18 | Remove trailing whitespace from non-external C files. file: [476d51b554] check-in: [7db0a2d910] user: danield branch: fix-overlength-lines, size: 37978 | |
|
2023-08-30
| ||
| 19:42 | Improvements to the tools/codecheck1.c injection-attack static analyzer tool. file: [d8f90458ff] check-in: [2afff83e7e] user: drh branch: trunk, size: 37988 | |
|
2023-07-24
| ||
| 11:58 | Deal with two C++-style comments. No functional changes. file: [e13f46d2ae] check-in: [99ab5cd8d6] user: danield branch: trunk, size: 37970 | |
|
2023-02-17
| ||
| 14:37 | A large collection of compiler warning fixes re. signed/unsigned comparison from Daniel D. file: [6327207da2] check-in: [c71f711ec9] user: stephan branch: compiler-warnings, size: 37967 | |
|
2022-11-16
| ||
| 20:05 | Fix harmless typos reported by [forum:/forumpost/15f7327318|forum post 15f7327318]. file: [09a2d5be64] check-in: [f3adbd8874] user: drh branch: trunk, size: 37962 | |
|
2022-11-13
| ||
| 16:26 | Apply fixes to all web views to pass WCAG 2.1 tests performed by "axe DevTools" browser extension. Most fixes related to screen reader compatibility, like making sure that form elements have labels. Some color changes to improve contrast on Default skin. Made more HTML5 compliant. Minor improvement to select combo boxes for UX. Improved Search form UX. Two minor bug fixes for malformed HTML. Fixed help pages to resolve issues with non-compliant HTML being generated. Mostly documented at https://fossil-scm.org/forum/forumpost/aafb17a981df4166 file: [18affa5f6b] check-in: [1f231db380] user: ericwikman branch: wcag-2.1, size: 37954 | |
|
2022-07-17
| ||
| 23:48 | Changed a number of "a" articles followed by vowels in docs and comments to "an", per [forum:/forumpost/3e6e40293f03f089 | a forum post]. file: [29537acefe] check-in: [99a319bdbf] user: wyoung branch: trunk, size: 37963 | |
|
2022-05-11
| ||
| 11:50 | Show the OpenSSL version and the SERVER_SOFTWARE to administrators on the /stat page. file: [d281da4c5f] check-in: [bb09ff84ae] user: drh branch: trunk, size: 37965 | |
|
2022-01-28
| ||
| 14:51 | Swapped semantics of the new argument to ssl_read_server(), [forum:2f818850abb72719 | per forum discussion]. Adjacent doc touchups. file: [a2531821ba] check-in: [9110662fd1] user: stephan branch: ssl-read-loops2, size: 37601 | |
| 06:37 | Minor code style fixes. file: [2eb4619099] check-in: [d4ef61538c] user: florian branch: ssl-read-loops2, size: 37300 | |
| 05:51 | Another attempt to fix the SSL_read() loops on Windows. Not necessarily more elegant, but at least working around a well-defined problem, making the code easier to maintain. file: [15be2cd9e7] check-in: [4d8a71be8c] user: florian branch: ssl-read-loops2, size: 37302 | |
|
2022-01-26
| ||
| 14:36 | Fix compiler warning of unused function for builds without OpenSSL. file: [feb548774f] check-in: [2a563d60bf] user: drh branch: trunk, size: 37328 | |
| 14:33 | One more compiler warning fix. file: [06aebe1801] check-in: [317c665ce6] user: drh branch: trunk, size: 37272 | |
| 14:32 | Fix "unused variable" compiler warnings when building without OpenSSL. file: [36dd21ffd0] check-in: [c1350c8a44] user: drh branch: trunk, size: 37272 | |
| 07:41 | Alternative to [b890451cfb], [b70557f690] and [acffc8f785] to fix the SSL_read() loops on Windows. Pending tests on non-Windows platforms. file: [f0f37b4345] check-in: [95256636e4] user: florian branch: ssl-read-loops, size: 37468 | |
|
2022-01-25
| ||
| 18:14 | ssl_read_server() now returns 0 on read error and lets the higher-level code deal with the short read. This might resolve the issue under discussion in [forum:/forumpost/2f818850abb72719 | forum post 2f818850abb72719]. file: [03f3aebccd] check-in: [acffc8f785] user: stephan branch: trunk, size: 37234 | |
|
2022-01-24
| ||
| 08:27 | Simplified version of the previous patch which also catches SSL_read() errors on Windows. file: [f20c397d40] check-in: [b70557f690] user: stephan branch: trunk, size: 37284 | |
| 08:23 | Preliminary workaround for Windows-specific SSL_read() behavior described in [forum:/forumpost/2f818850abb72719 | forum post 2f818850abb72719]. Patch tested by Florian (Windows) and myself (Linux). file: [1c1e0a16b9] check-in: [b890451cfb] user: stephan branch: trunk, size: 37303 | |
| 06:54 | Replaced the "manual" TLS EOF tracking with BIO_eof(), analog to how is done in althttpd. file: [b2623c09d2] check-in: [06e300e5bd] user: stephan branch: trunk, size: 37041 | |
|
2022-01-19
| ||
| 16:00 | If there is a global ssl-ca-location setting, make sure it is used when trying to locate the trust store for any client TLS operation. file: [471446b2e3] check-in: [0ca1fc4d98] user: drh branch: trunk, size: 37149 | |
| 15:35 | Change the priority of trust-store location search so that environment variables SSL_CERT_FILE and SSL_CERT_DIR take precedence over the ssl-ca-location setting. This allows a one-command override of the ssl-ca-location for testing or debugging. file: [d737722235] check-in: [e225dc9dec] user: drh branch: trunk, size: 37094 | |
|
2022-01-18
| ||
| 14:20 | For the "fossil ssl-config" command, show the five possible locations of the trust store in priority order, and show the one that is actually used at the end. In -v mode, show the hash for each exception. file: [cd4baa1dae] check-in: [0abeed1118] user: drh branch: trunk, size: 36909 | |
|
2022-01-17
| ||
| 16:56 | A general simplification of the server-side TLS logic: Do not store server-certs in settings. Remove the ssl-config subcommands that try to do that. Change command-line options for server-TLS mode on "fossil server" and "fossil http": --cert for the cert file, --pkey for the private key, and omit --tls and --ssl. This check-in supercedes [/timeline?r=tls-server-fix|the tls-server-fix branch]. See [forum:/forumpost/de470658fdf45100|forum post de470658fdf45100]. file: [69903d0525] check-in: [d7008b3457] user: drh branch: trunk, size: 35226 | |
|
2022-01-16
| ||
| 11:29 | merge latest trunk file: [cc00ea465a] check-in: [8dde277768] user: rdb branch: tls-server-fix, size: 39536 | |
| 03:29 | fix c90 forbids mixed declarations and code wanrning file: [37f0e22311] check-in: [ad66227c8d] user: rdb branch: tls-server-fix, size: 39195 | |
| 02:03 | When reading POST via TLS, fail fatally on a read error. Add SERVER_SOFTWARE to the environment when running in server mode. file: [fe3bf76f37] check-in: [ba95498d36] user: stephan branch: trunk, size: 39472 | |
|
2022-01-15
| ||
| 13:54 | In standalone TLS mode, SSL_read() must be performed in a loop to avoid truncated POST data. Discussed in [https://sqlite.org/althttpd/forumpost/11c263b822fde80d | althttpd forum post 11c263b822fde80d]. file: [631c49fe03] check-in: [5fd1ca6fba] user: stephan branch: markdown-tagrefs, size: 39422 | |
| 08:33 | tls: fixes fossil ssl-config load-cert --filename so that the cert and keys are combined and stored in the config table. fossil ui --tls and fossil server --tls now reads the certificate from the config table field ssl-cert. file: [4fb1be0a03] check-in: [c2562490d4] user: rdb branch: tls-server-fix, size: 39195 | |
| 04:41 | ssl-config show typo fixes reported in [forum:/forumpost/dde10203ae3dfe36 | forum post dde10203ae3dfe36]. file: [342884a745] check-in: [2d3bee3b67] user: stephan branch: trunk, size: 39131 | |
|
2022-01-12
| ||
| 00:46 | Possibly fix the assertion fault reported by [forum:/forumpost/4baa888c5743e3e1|forum post 4baa888c5743e3e1] file: [0b988c2fbf] check-in: [3f8ee9e1f3] user: drh branch: trunk, size: 39131 | |
|
2022-01-10
| ||
| 07:16 | Replaced a call to SSL_CTX_use_certificate_file() with SSL_CTX_use_certificate_chain_file(), per [forum:054f637e002683e3| forum post 054f637e002683e3]. file: [6c57620b62] check-in: [82c62e5f8d] user: stephan branch: trunk, size: 39131 | |
|
2022-01-09
| ||
| 00:22 | Another help text typo fix: s/clear-certs/clear-cert/. file: [ec7d759204] check-in: [c4ab04b59d] user: stephan branch: trunk, size: 39142 | |
| 00:21 | Doc/help fix for the ssl-config command: s/load-certs/load-cert/, per forum report. file: [cb6b04f31a] check-in: [67e0be1ec0] user: stephan branch: trunk, size: 39143 | |
|
2021-12-29
| ||
| 03:15 | Adapted ssl_new_server() docs to account for code changes. file: [c2a7b14c3f] check-in: [258479650b] user: stephan branch: trunk, size: 39144 | |
| 02:59 | Fix the SSL-server code so that the "fossil ui --tls" command (and similar) now work on Windows. file: [29165f69b6] check-in: [7a3bf55f54] user: drh branch: trunk, size: 39189 | |
|
2021-12-28
| ||
| 19:00 | Omit the "ssl-acme" setting. Access to ".well-known" is now controlled by the --acme command-line option on "fossil http" and "fossil server". This change is required for when those commands specify a directory rather than a particular repository, since without a specific repository, there are no settings to check. file: [64a6c4dc80] check-in: [4ef059bc2a] user: drh branch: ssl-server, size: 39271 | |
|
2021-12-27
| ||
| 21:43 | Sanitize the pathname on the /.well-known webpage. [forum:/forumpost/ba46d8e333|Forum post ba46d8e333]. file: [a72e04f747] check-in: [b265013b66] user: drh branch: ssl-server, size: 40263 | |
| 17:13 | Improved documentation for server-side SSL settings. file: [089f365233] check-in: [f81d64cace] user: drh branch: ssl-server, size: 39857 | |
| 17:01 | Enable access to the ".well-known" subdirectory, to facilitate ACME. file: [40ddf12165] check-in: [6d447b8669] user: drh branch: ssl-server, size: 39855 | |
| 16:13 | Rename the "tls-config" command into "ssl-config" for consistency. The older "tls-config" command is retained as an alias. Enhance the command to support server certificate management. file: [d80af26a05] check-in: [f6051784c5] user: drh branch: ssl-server, size: 37659 | |
| 12:49 | Add a built-in self-signed certificate for use with TLS servers. Add --tls and --ssl options to active TLS for "fossil ui" and "fossil server". Add the "tls-server-cert" setting. Automatically start servers as TLS if the redirect-to-https property is 2. file: [6059c35300] check-in: [7532ffa4e3] user: drh branch: ssl-server, size: 30432 | |
|
2021-12-26
| ||
| 21:27 | Now actually works. file: [ee08eb8435] check-in: [977fa519d3] user: drh branch: ssl-server, size: 24995 | |
| 20:35 | Code is in place to do SSL servers. It compiles. But it does not work. This is an incremental check-in. file: [6d9b37bc5d] check-in: [89af3b0a47] user: drh branch: ssl-server, size: 24997 | |
|
2021-11-05
| ||
| 15:54 | Remove OpenSSL initialization call that is not needed and which is deprecated in newer versions of OpenSSL. file: [3b47015114] check-in: [8c1263754c] user: drh branch: trunk, size: 20767 | |
|
2021-11-02
| ||
| 15:52 | Work around a warning in older versions of OpenSSL (e.g. 1.0.2g) where ASN1_time_check() is declared with a non-const ASN1_TIME* parameter. file: [de5e6b0ab8] check-in: [af8109c00d] user: danield branch: trunk, size: 20795 | |
|
2021-10-29
| ||
| 15:22 | Display SSL certificate validity timestamps in ISO8601 format file: [8a9ff761de] check-in: [d847300f3b] user: danield branch: trunk, size: 20795 | |
|
2021-10-22
| ||
| 19:26 | Show notBefore and notAfter timestamps for unknown TLS certificates. file: [7c021edd86] check-in: [5623188de3] user: danield branch: trunk, size: 19301 | |
|
2021-10-13
| ||
| 10:01 | Applied SSL fingerprint comparison patch from [forum:c1e3c18afb|forum post c1e3c18afb]. Incremented version to 2.18. file: [402c477350] check-in: [48a860f658] user: stephan branch: trunk, size: 18885 | |
|
2021-10-11
| ||
| 10:18 | Fix the "fossil tls-config remove-exception" command so that it works without triggering authorizer exceptions. [forum:/forumpost/64d919b2cf|Forum post 64d919b2cf]. file: [fc935b971a] check-in: [156c890a2e] user: drh branch: trunk, size: 18804 | |
|
2021-09-03
| ||
| 12:21 | Fix to the --ssl-identity issue described at [forum:/forumpost/6e2b2ee5316b7aef|forum post 6e2b2ee5316b7aef]. file: [e414dce084] check-in: [82b42943b1] user: drh branch: trunk, size: 18808 | |
|
2021-08-20
| ||
| 22:41 | After prompting to save an SSL cert verification, ensure that the config db is opened to avoid a fatal error when saving. See forum posts [forum:c53d1915a4e0a051|c53d1915a4e0a051] and [forum:4dcd2f16c289848c|4dcd2f16c289848c]. file: [1b352f7ae0] check-in: [edd280c3b6] user: stephan branch: trunk, size: 18819 | |
|
2021-07-08
| ||
| 17:43 | Enhancement to codecheck1.c to verify that routines like db_set() use a string literal as the setting argument, and are thus impervious to injection attacks. file: [09e56d0f97] check-in: [0a5d0e191c] user: drh branch: trunk, size: 18790 | |
|
2021-06-15
| ||
| 01:00 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. file: [824388ad09] check-in: [8126093ee9] user: drh branch: branch-2.14, size: 18840 | |
| 00:58 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. file: [1b21d27b5b] check-in: [7d85e21fd2] user: drh branch: branch-2.15, size: 18836 | |
| 00:39 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. file: [e41634a8e4] check-in: [aaab2a15d1] user: drh branch: trunk, size: 18836 | |
|
2021-03-25
| ||
| 01:32 | Reduce fossil_panic() calls to those indicating bugs and internal errors. Also clarify effects and purposes of fossil_fatal() vs. fossil_panic(). file: [0906e22ac4] check-in: [91a4652f22] user: larrybr branch: panic-reduction, size: 18464 | |
|
2021-02-09
| ||
| 13:34 | The canonical Fossil homepage is now https://fossil-scm.org/home without the "www." in the domain and with the main path at /home, not /index.html or /fossil. Update all URLs in documentation to reflect this fact. file: [0ec4f86727] check-in: [09908ab058] user: drh branch: trunk, size: 18464 | |
|
2020-08-18
| ||
| 01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. file: [602ef87736] check-in: [ca9156aa0a] user: drh branch: sec2020, size: 18468 | |
|
2020-07-05
| ||
| 13:14 | Fix output formatting in the "fossil tls-config show" command. file: [dbc7cacde2] check-in: [8c50f807b7] user: drh branch: trunk, size: 18408 | |
|
2020-06-09
| ||
| 17:44 | Enhancements to OpenSSL user-prompt buffer handling. file: [1cc21c6f4d] check-in: [82d177fa14] user: mistachkin branch: trunk, size: 18410 | |
|
2020-05-18
| ||
| 11:48 | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. file: [2b0bf07b9e] check-in: [64d79ad457] user: drh branch: trunk, size: 18354 | |
| 10:55 | Fix harmless compiler warnings in http_ssl.c that occur when building without SSL support. file: [00c793933b] check-in: [b2824009b2] user: drh branch: trunk, size: 18135 | |
|
2020-04-27
| ||
| 17:10 | Use a SHA2-256 hash instead of a SHA3-256 hash for remembered cert exceptions, because older versions of OpenSSL do not support SHA3. file: [570011d4b2] check-in: [3b529d9cd4] user: drh branch: trunk, size: 18135 | |
| 16:58 | Minor fixes to the previous check-in. file: [12663a3e88] check-in: [9f8dc18f70] user: drh branch: trunk, size: 18133 | |
| 16:53 | Rework the SSL cert exception mechanism so that it remembers the SHA3 hash of the cert that failed to verify, rather than the PEM of the complete cert. Simplify the error prompts. Always verify the cert hash before accepting the exception. file: [4a058c67ec] check-in: [3c194e2b89] user: drh branch: trunk, size: 18150 | |
| 15:26 | Add the "tls-config" command for managing the OpenSSL configuration and for viewing and deleting certificate exceptions. file: [09476725e8] check-in: [bc23620121] user: drh branch: trunk, size: 18430 | |
| 11:57 | Update comment. No changes to code. file: [76727ef467] check-in: [455b2aa67b] user: drh branch: trunk, size: 15282 | |
|
2020-04-26
| ||
| 20:41 | Fix overlength lines and commenting irregularities in http_ssl.c. No code changes. file: [8089edfabc] check-in: [483ac3db83] user: drh branch: trunk, size: 15221 | |
| 15:39 | Add the "test-ssl-trust-store" command for testing and diagnostics. file: [394d8205a8] check-in: [67147dd6be] user: drh branch: trunk, size: 15129 | |
|
2020-02-06
| ||
| 15:32 | When using HTTPS combined with HTTP AUTH, the SSL connection may go away and any further operations on it, including the implied SSL_shutdown() that occurs as a result of BIO_reset() or BIO_free_all() will crash Fossil. Attempt to deal with this by signaling a quiet shutdown if SSL_peek() returns an error. file: [ccfd580e83] check-in: [616de1fef2] user: andybradford branch: fix-ssl-crash, size: 14890 | |
|
2019-05-23
| ||
| 06:44 | Since libressl abuses OPENSSL_VERSION_NUMBER, don't let fossil being confused by that. file: [e0eeef129c] check-in: [5c40d6b0d4] user: jan.nijtmans branch: trunk, size: 14630 | |
|
2019-05-20
| ||
| 12:43 | Better solution than [344a3331d34d896], which doesn't involve runtime-detection. Works with both Openssl 1.0.2 and 1.1.x. file: [516d174698] check-in: [f23d509b48] user: jan.nijtmans branch: trunk, size: 14419 | |
|
2019-04-01
| ||
| 00:43 | Clean up the detection of BIO_ADDR_hostname_string by removing redundant definitions; apparently autosetup has a feature which automatically creates a define with HAVE_ prepended for whatever function is intended to be detected. file: [1184472f4b] check-in: [3d82794348] user: andybradford branch: trunk, size: 14379 | |
|
2019-03-25
| ||
| 14:02 | Check for the presence of BIO_ADDR_hostname_string before using it. file: [03d598b6ba] check-in: [0ef9501cfa] user: andybradford branch: trunk, size: 14366 | |
| 11:31 | Use the BIO_ADDR_hostname_string() function from OpenSSL to obtain the IP address of the remote side, if that function is available. file: [0c6d543a1a] check-in: [8a4ad5cb54] user: drh branch: trunk, size: 14382 | |
|
2018-07-15
| ||
| 19:56 | Clarify the difference between fossil_fatal() and fossil_panic(). The fossil_panic() interface puts a message on the error log when generating webpages. Otherwise the two routines are identical. Convert some fossil_fatal() calls into fossil_panic() where appropriate. The goal here is to limit messages on the error log to things that require attention from the system administrator, or represent bugs. file: [a2a8106994] check-in: [3f5ab71744] user: drh branch: trunk, size: 14195 | |
|
2017-11-30
| ||
| 17:58 | Refactor the symlink processing logic so that most of the file access routines take a new parameter indicating the conditions under which symlinks should and should not be followed. This should fix a few bugs related to symlink processing. Lots of testing required before merging to trunk. file: [55266e0d4b] check-in: [e7767de263] user: drh branch: symlink-refactor, size: 14195 | |
|
2017-03-14
| ||
| 12:11 | Fix [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847556#10|Debian bug 847556]: Cannot clone/sync over HTTPS file: [91aa0e52c5] check-in: [04168f5170] user: jan.nijtmans branch: trunk, size: 14186 | |
|
2016-09-07
| ||
| 10:41 | Update referenced OpenSSL version file: [0d21a4842a] check-in: [958f1a89dc] user: jan.nijtmans branch: openssl-1.1, size: 14191 | |
|
2016-04-02
| ||
| 04:47 | Use retry logic for SSL read/write as described in the OpenSSL docs. file: [dea4a130ab] check-in: [c13b6ba727] user: mistachkin branch: sslRetry, size: 14160 | |
|
2014-12-18
| ||
| 08:17 | Merge trunk. Disable SSLv3 without setting to re-enabled it. file: [3bb5fed661] check-in: [d6e8e26d41] user: jan.nijtmans branch: disable-sslv3, size: 14031 | |
|
2014-12-17
| ||
| 21:22 | Disable SSLv3 by default, but provide a new setting "ssl-enable-v3" to enable it. file: [5ce8516373] check-in: [9f1f3f3409] user: jan.nijtmans branch: disable-sslv3, size: 14150 | |
|
2014-12-16
| ||
| 02:37 | Improvements to HTTP redirect on sync. file: [e36ab021a3] check-in: [3a00b612d4] user: drh branch: trunk, size: 14005 | |
|
2014-06-26
| ||
| 07:40 | Make format parameter in socket_set_errmsg() and ssl_set_errmsg() functions a const. file: [ed0b33af9b] check-in: [cfb8d6604f] user: jan.nijtmans branch: trunk, size: 13988 | |
|
2014-03-31
| ||
| 16:48 | Get rid of the GLOBAL_URL() kludge. Change the global "g" variable to contain an instance of the UrlData object instead of individual fields of the UrlData object. file: [3867581485] check-in: [5fdad9bd8c] user: drh branch: trunk, size: 14012 | |
|
2014-02-08
| ||
| 08:54 | Fix harmless compiler warning file: [8638fbf0fb] check-in: [0681b39b82] user: jan.nijtmans branch: trunk, size: 14009 | |
|
2014-02-06
| ||
| 13:59 | Use the same "User-Agent" string everywhere file: [6eef325ed7] check-in: [a7a7df7072] user: jan.nijtmans branch: trunk, size: 14007 | |
| 13:42 | Add support for tunneling https through a http proxy (Ticket [e854101c4f]) file: [477c21fb52] check-in: [3a33435666] user: jan.nijtmans branch: trunk, size: 14016 | |
|
2014-02-05
| ||
| 15:20 | one more ..... file: [d7268a17b9] check-in: [4f1709d71b] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 14023 | |
| 14:59 | Use hostname in stead of proxy name in certificate handling. Attempt to fix the problem described here: [https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg13898.html] file: [4c795ae1b2] check-in: [6673f163ea] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13989 | |
|
2014-01-29
| ||
| 10:21 | fix comment file: [913e196b9e] check-in: [ca0a58fac5] user: jan.nijtmans branch: trunk, size: 11620 | |
| 09:36 | Don't use global data any more in establish_proxy_tunnel() file: [7165011589] check-in: [12e917a1cd] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13799 | |
| 09:22 | merge trunk file: [c8cff5d31d] check-in: [1f1848dd07] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13734 | |
|
2013-11-14
| ||
| 04:34 | Set the error message to indicate the HTTP status code returned on CONNECT to avoid segfault. file: [0759dce965] check-in: [87d5fef9ce] user: andybradford branch: jan-httpsproxytunnel, size: 13530 | |
|
2013-10-26
| ||
| 22:51 | Accept return codes 2xx when establishing tunnel. file: [25e445fe1b] check-in: [a672018374] user: jan branch: jan-httpsproxytunnel, size: 13450 | |
|
2013-10-21
| ||
| 17:21 | Slight modularization when building the request to establish https tunnel over proxy. file: [72d75fc602] check-in: [491e6d30fc] user: jan branch: jan-httpsproxytunnel, size: 13444 | |
|
2013-10-17
| ||
| 15:21 | Fixed typo. file: [15ee1a399d] check-in: [4ca5aa356c] user: jan branch: jan-httpsproxytunnel, size: 13534 | |
| 10:04 | Include User-Agent when connecting to proxy for https tunnels. Fixed a misplaced EOL. file: [dc99106526] check-in: [08b02fe828] user: jan branch: jan-httpsproxytunnel, size: 13535 | |
| 09:31 | Add keep-alive for unauthenticated proxy tunnels. Remove port number from host. file: [93d9aae7e3] check-in: [ca61c5e992] user: jan branch: jan-httpsproxytunnel, size: 13423 | |
| 09:07 | Make proxy connection 'keep-alive' for https tunnel. file: [aa8d1a0536] check-in: [ca82d0c1fa] user: jan branch: jan-httpsproxytunnel, size: 13418 | |
|
2013-10-14
| ||
| 07:08 | Phase 3, the TH1 http command now uses non-global URL data. This also required heavy refactoring of some other callers that use the global URL data. file: [b8265d5917] check-in: [8ce9c1af8f] user: mistachkin branch: tkt-change-hook, size: 11627 | |
|
2013-10-07
| ||
| 13:27 | Support for tunneling https through http proxy. file: [e121b650a3] check-in: [c039efde83] user: jan branch: jan-httpsproxytunnel, size: 13373 | |
|
2013-01-09
| ||
| 15:59 | Fix incorrect license statement on the http_ssl.c file. No code changes. file: [bfdb21dd47] check-in: [c7133bd79d] user: drh branch: trunk, size: 11480 | |
|
2012-11-04
| ||
| 12:59 | Fix typos. file: [0b10e86737] check-in: [45065c5c28] user: dmitry branch: spelling, size: 11754 | |
|
2012-10-28
| ||
| 21:52 | now tested with ssl enabled as well file: [a55074729a] check-in: [101a53cfc9] user: jan.nijtmans branch: trunk, size: 11753 | |
| 21:38 | - finally, do the ++j update in looks_like_text() right - More consistancy in prompt handling: accept Capitals everywhere, use '(' not '[', and abbreviate yes/no to y/N everywhere file: [853a8105a6] check-in: [7c527165a6] user: jan.nijtmans branch: trunk, size: 11736 | |
|
2012-08-29
| ||
| 13:57 | Allow UTF-8 characters in sources. translate.exe will translate it to ASCII file: [ad601603ed] check-in: [9f6abc5968] user: jan.nijtmans branch: msvc-broken, size: 11673 | |
|
2012-03-29
| ||
| 14:54 | Add vim modline everywhere file: [ac458ee32a] check-in: [a496d8e88d] user: mgagnon branch: mgagnon_fix, size: 11716 | |
|
2011-12-23
| ||
| 14:00 | Use the SSL_set_tlsext_host_name() function only if it is available. file: [0c52f90e41] check-in: [cb52442608] user: drh branch: trunk, size: 11674 | |
|
2011-12-16
| ||
| 22:00 | Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. file: [01cd2d2dc8] check-in: [132dbcedbc] user: dmitry branch: dmitry-fixes, size: 11594 | |
|
2011-10-12
| ||
| 15:21 | Making the http ssl code output the verification error, in case of verification failure. I also make the user question state the host the certificate is related to. file: [3cd92249f9] check-in: [79c31f9b73] user: viriketo branch: trunk, size: 11463 | |
|
2011-10-10
| ||
| 13:05 | Additional formatting fixes: shorten lines to 80 characters or less. file: [8c2ac3bbd3] check-in: [c1d78e0556] user: drh branch: trunk, size: 11308 | |
| 12:59 | Adjust SSL trust fix to skip prompting for certificates that already have an explicitly negative trust setting. file: [a3958e41ac] check-in: [636804745b] user: mistachkin branch: trunk, size: 11436 | |
| 12:55 | Fix indentation and formatting in http_ssl.c. Limit line length to 80 characters per the coding style spec. file: [fd9eaf4587] check-in: [5eb8f0157a] user: drh branch: trunk, size: 11393 | |
| 08:56 | Fix constant prompting on already saved SSL certificates that are not trusted for some reason (e.g. host mismatch, etc). file: [9f5e72f781] check-in: [25169506b7] user: mistachkin branch: ssl-trust-fix, size: 11319 | |
|
2011-09-24
| ||
| 01:39 | Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. file: [e37af8e62a] check-in: [ea1d369d23] user: dmitry branch: trunk, size: 10838 | |
|
2011-09-16
| ||
| 18:53 | replaced two C++-style comments. file: [4894315fa5] check-in: [693ab93b7d] user: stephan branch: trunk, size: 10764 | |
|
2011-09-06
| ||
| 20:12 | catch up with trunk. Remove C++ style comments from http_ssl.c. file: [f2268870a1] check-in: [0f1c41bc20] user: martin.weber branch: msw-hack, size: 10766 | |
|
2011-09-01
| ||
| 20:38 | I think I fix a possible bug on platforms where 'char' has signed meaning, on the code about noting the 'rcvfrom' ipv4 address. file: [06f6d5f174] check-in: [9ce6771c78] user: viriketo branch: ssl_peer_ip, size: 10760 | |
| 20:33 | Adding some ipv4-only code to get the ip where we took the content from for the https connections. The "rcvfrom" information was lost in the case of https connections. I don't know how to make it work well for ipv6 too. file: [abf9bec524] check-in: [daa6a0eb9b] user: viriketo branch: ssl_peer_ip, size: 10727 | |
|
2011-06-05
| ||
| 08:49 | Minor code cleanup: reformat code to 80 char line length file: [131941f506] check-in: [6aa5b85f0e] user: ben branch: ben-testing, size: 10381 | |
| 08:46 | Add ssl-ca-location setting to specify file/directory to pass to OpenSSL as the server CA location. This allows specification of CAs properly on platforms without usable centralised CA certificate lists, or management by external programs. Add note to certificate warning about this setting, and stronger instructions about what to do if the server certificate could not be verified. file: [e66e614627] check-in: [636cc595e1] user: ben branch: ben-testing, size: 10360 | |
|
2011-05-29
| ||
| 12:49 | Support for client side SSL certificates for extra authentication to https servers. Adds --ssl-identity command line option and ssl-identity setting to specify the filename of a identity file containing a PEM encoded certificate and private key. file: [53274f2426] check-in: [e06ea26e97] user: ben branch: ben-security, size: 8924 | |
|
2011-05-22
| ||
| 14:53 | When displaying an unknown certificate, also display the certificate fingerprint so the user can verify they're seeing the certificate they expect. Just displaying the textual names in the certificate does not give enough information to be certain someone isn't doing a man in the middle attack. file: [ddbdabc2d5] check-in: [fc93bfb0f7] user: ben branch: ben-security, size: 7769 | |
|
2011-04-10
| ||
| 00:27 | Cache passphrase for protected PEM files to avoid having to re-type passphrase for each new https connection. file: [6ff01a19e9] check-in: [0c0392af3d] user: jan branch: jan-clientcert, size: 17581 | |
|
2011-04-02
| ||
| 13:40 | Use the dedicated certs table for server certificate cache. Only attempt to use client certificate if one was actually specified for a cert bundle. Assume client key is in same file as certificate if one wasn't explicitly specified. file: [fec4848792] check-in: [c44bb083e9] user: jan branch: jan-clientcert, size: 16678 | |
|
2011-03-31
| ||
| 15:30 | Some rephrasing and code cleanup. file: [562f72c568] check-in: [cff102fe85] user: jan branch: jan-clientcert, size: 16086 | |
|
2011-03-30
| ||
| 21:00 | Code cleanup. Fix the "cert" command so that it compiles even if FOSSIL_ENABLE_SSL is not used. file: [442c395ec9] check-in: [ebe1faabbc] user: drh branch: jan-clientcert, size: 16002 | |
| 20:58 | Fix two potential SQL injection attacks. file: [1937a2ba6e] check-in: [71384ce668] user: drh branch: jan-clientcert, size: 18147 | |
| 18:49 | Use the new certificate bundle management for https connections, and deactivate the old environment variable code. Added support for specifying certificate/key bundle to clone/push/pull/sync commands. file: [77378f62c0] check-in: [1a1aa98a40] user: jan branch: jan-clientcert, size: 18147 | |
| 15:40 | Added a 'cert' subcommand to manage certificate groups, and added a certificate table to the global db. Minor code formatting change. file: [7d3a07ebbb] check-in: [1156ad25db] user: jan branch: jan-clientcert, size: 15549 | |
| 10:53 | Minor code formatting changes in http_ssl.c. file: [45fa3355c0] check-in: [662c83513f] user: drh branch: jan-clientcert, size: 10310 | |
|
2011-03-29
| ||
| 15:06 | Cosmetic: Removed some tabbed indentation. file: [3a88e8b1ab] check-in: [b261c4a33b] user: jan branch: jan-clientcert, size: 10318 | |
| 14:12 | Add support for feeding OpenSSL a CA certificate file/path for proper chain verification. This is one of several possible solutions to ticket [727af73f46]. Also cache the CA certificate file/path, client certificate/key file/path references in the global config (similar to how the server certificates are cached), and attempt to use them if the corresponding environment variables have not been set. Prefixed a function with ssl_ to conform to existing naming conventions. file: [5fa80ec874] check-in: [b28995ccbd] user: jan branch: jan-clientcert, size: 10300 | |
|
2011-03-25
| ||
| 18:20 | Added very basic client certificate support for https. file: [e83a276054] check-in: [513ea81005] user: jan branch: jan-clientcert, size: 8629 | |
|
2010-10-22
| ||
| 01:06 | Merge in some ui enhancements from the ssl_platform_fixes branch. file: [0532ba5ac1] check-in: [3c19422b6e] user: bcsmith branch: ui-improvements, size: 11736 | |
|
2010-10-06
| ||
| 12:15 | SLL uses system-wide default CAs. Ticket [f696bc85f8b91d263f5bf4c5bbd2]. file: [54bf448ea6] check-in: [8995df3aee] user: drh branch: trunk, size: 7500 | |
|
2010-10-03
| ||
| 19:24 | More descriptive SSL error messages. file: [b88e716440] check-in: [6b8b6d2e23] user: bcsmith branch: ssl_platform_fixes, size: 11670 | |
|
2010-08-28
| ||
| 20:22 | Added ssl support to msc msc doesn't like declaring vars in the middle of a block! added the extra needed libs in a commented LIBS line file: [56d783c4e1] check-in: [29c728f4b3] user: renez branch: windowscompilers, size: 7434 | |
|
2010-06-23
| ||
| 13:30 | Prompt the user for permission to overwrite files on "fossil open". Ticket [17389900b2e5bd816] file: [b861d80781] check-in: [d778ffea81] user: drh branch: trunk, size: 7425 | |
|
2010-03-21
| ||
| 22:42 | Comparison typo. file: [f41997da2c] check-in: [624bc1c662] user: linuxfood branch: ssl_platform_fixes, size: 8461 | |
| 22:38 | Fix case when trying to free a non-malloced pointer. file: [6f64488a73] check-in: [ee59ca74b8] user: linuxfood branch: ssl_platform_fixes, size: 8461 | |
| 22:14 | Merge in trunk and local fixes. file: [a24ae7b848] check-in: [3b06c951cf] user: linuxfood branch: ssl_platform_fixes, size: 8375 | |
|
2010-03-06
| ||
| 15:21 | Fix a compiler warning in the SSL module. file: [65bb20fd9b] check-in: [5825707088] user: drh branch: trunk, size: 7424 | |
|
2009-11-09
| ||
| 21:22 | Reformat some code in http_ssl.c file: [9abcae4fb5] check-in: [d92945e5da] user: dmitry branch: ssl, size: 7418 | |
| 15:32 | Added: Add SSL support. file: [77d02aa7e4] check-in: [16f6fd904a] user: dmitry branch: ssl, size: 7422 | |