Fossil

Check-in [0ca1fc4d98]
Login
Home Timeline Docs Branches Tickets Wiki DownloadMore...

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:If there is a global ssl-ca-location setting, make sure it is used when trying to locate the trust store for any client TLS operation.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 0ca1fc4d98b8e4190a6e05f4aff8bc4be5cf7143cae669a84b63d908348b7dfd
User & Date: drh 2022-01-19 16:00:21.347
Context
2022-01-19
16:55
For Solaris, omit the XOPEN_SOURCE define, as this is no longer recommended, according to private email from Claes Nästén. Also disable some obsolete compile-time options to SQLite. check-in: 5b0c71d1fc user: drh tags: trunk
16:00
If there is a global ssl-ca-location setting, make sure it is used when trying to locate the trust store for any client TLS operation. check-in: 0ca1fc4d98 user: drh tags: trunk
15:35
Change the priority of trust-store location search so that environment variables SSL_CERT_FILE and SSL_CERT_DIR take precedence over the ssl-ca-location setting. This allows a one-command override of the ssl-ca-location for testing or debugging. check-in: e225dc9dec user: drh tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/http_ssl.c. 
272
273
274
275
276
277
278

279
280
281
282
283
284
285

        case 0: /* First priority is environmentn variables */
          zFile = fossil_getenv(X509_get_default_cert_file_env());
          break;
        case 1:
          zFile = fossil_getenv(X509_get_default_cert_dir_env());
          break;
        case 2:

          zFile = db_get("ssl-ca-location",0);
          break;
        case 3:
          zFile = X509_get_default_cert_file();
          break;
        case 4:
          zFile = X509_get_default_cert_dir();








>








272
273
274
275
276
277
278
279
280
281
282
283
284
285
286

        case 0: /* First priority is environmentn variables */
          zFile = fossil_getenv(X509_get_default_cert_file_env());
          break;
        case 1:
          zFile = fossil_getenv(X509_get_default_cert_dir_env());
          break;
        case 2:
          if( !g.repositoryOpen ) db_open_config(0,0);
          zFile = db_get("ssl-ca-location",0);
          break;
        case 3:
          zFile = X509_get_default_cert_file();
          break;
        case 4:
          zFile = X509_get_default_cert_dir();
This page was generated in about 0.014s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32