Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
History for src/http_ssl.c
|
2021-09-03
| ||
| 12:21 | Fix to the --ssl-identity issue described at [forum:/forumpost/6e2b2ee5316b7aef|forum post 6e2b2ee5316b7aef]. ... (file: [e414dce084] check-in: [82b42943b1] user: drh branch: trunk, size: 18808) | |
|
2021-08-20
| ||
| 22:41 | After prompting to save an SSL cert verification, ensure that the config db is opened to avoid a fatal error when saving. See forum posts [forum:c53d1915a4e0a051|c53d1915a4e0a051] and [forum:4dcd2f16c289848c|4dcd2f16c289848c]. ... (file: [1b352f7ae0] check-in: [edd280c3b6] user: stephan branch: trunk, size: 18819) | |
|
2021-07-08
| ||
| 17:43 | Enhancement to codecheck1.c to verify that routines like db_set() use a string literal as the setting argument, and are thus impervious to injection attacks. ... (file: [09e56d0f97] check-in: [0a5d0e191c] user: drh branch: trunk, size: 18790) | |
|
2021-06-15
| ||
| 01:00 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. ... (file: [824388ad09] check-in: [8126093ee9] user: drh branch: branch-2.14, size: 18840) | |
| 00:58 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. ... (file: [1b21d27b5b] check-in: [7d85e21fd2] user: drh branch: branch-2.15, size: 18836) | |
| 00:39 | Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. ... (file: [e41634a8e4] check-in: [aaab2a15d1] user: drh branch: trunk, size: 18836) | |
|
2021-03-25
| ||
| 01:32 | Reduce fossil_panic() calls to those indicating bugs and internal errors. Also clarify effects and purposes of fossil_fatal() vs. fossil_panic(). ... (file: [0906e22ac4] check-in: [91a4652f22] user: larrybr branch: panic-reduction, size: 18464) | |
|
2021-02-09
| ||
| 13:34 | The canonical Fossil homepage is now https://fossil-scm.org/home without the "www." in the domain and with the main path at /home, not /index.html or /fossil. Update all URLs in documentation to reflect this fact. ... (file: [0ec4f86727] check-in: [09908ab058] user: drh branch: trunk, size: 18464) | |
|
2020-08-18
| ||
| 01:54 | Disable writes the CONFIG and USER tables by default. Permission to write to those tables is turned on as needed. Note - might have missed a few places so expect bugs. ... (file: [602ef87736] check-in: [ca9156aa0a] user: drh branch: sec2020, size: 18468) | |
|
2020-07-05
| ||
| 13:14 | Fix output formatting in the "fossil tls-config show" command. ... (file: [dbc7cacde2] check-in: [8c50f807b7] user: drh branch: trunk, size: 18408) | |
|
2020-06-09
| ||
| 17:44 | Enhancements to OpenSSL user-prompt buffer handling. ... (file: [1cc21c6f4d] check-in: [82d177fa14] user: mistachkin branch: trunk, size: 18410) | |
|
2020-05-18
| ||
| 11:48 | When compiling with older versions of OpenSSL that do not support SHA256, hash certs using SHA1 instead. ... (file: [2b0bf07b9e] check-in: [64d79ad457] user: drh branch: trunk, size: 18354) | |
| 10:55 | Fix harmless compiler warnings in http_ssl.c that occur when building without SSL support. ... (file: [00c793933b] check-in: [b2824009b2] user: drh branch: trunk, size: 18135) | |
|
2020-04-27
| ||
| 17:10 | Use a SHA2-256 hash instead of a SHA3-256 hash for remembered cert exceptions, because older versions of OpenSSL do not support SHA3. ... (file: [570011d4b2] check-in: [3b529d9cd4] user: drh branch: trunk, size: 18135) | |
| 16:58 | Minor fixes to the previous check-in. ... (file: [12663a3e88] check-in: [9f8dc18f70] user: drh branch: trunk, size: 18133) | |
| 16:53 | Rework the SSL cert exception mechanism so that it remembers the SHA3 hash of the cert that failed to verify, rather than the PEM of the complete cert. Simplify the error prompts. Always verify the cert hash before accepting the exception. ... (file: [4a058c67ec] check-in: [3c194e2b89] user: drh branch: trunk, size: 18150) | |
| 15:26 | Add the "tls-config" command for managing the OpenSSL configuration and for viewing and deleting certificate exceptions. ... (file: [09476725e8] check-in: [bc23620121] user: drh branch: trunk, size: 18430) | |
| 11:57 | Update comment. No changes to code. ... (file: [76727ef467] check-in: [455b2aa67b] user: drh branch: trunk, size: 15282) | |
|
2020-04-26
| ||
| 20:41 | Fix overlength lines and commenting irregularities in http_ssl.c. No code changes. ... (file: [8089edfabc] check-in: [483ac3db83] user: drh branch: trunk, size: 15221) | |
| 15:39 | Add the "test-ssl-trust-store" command for testing and diagnostics. ... (file: [394d8205a8] check-in: [67147dd6be] user: drh branch: trunk, size: 15129) | |
|
2020-02-06
| ||
| 15:32 | When using HTTPS combined with HTTP AUTH, the SSL connection may go away and any further operations on it, including the implied SSL_shutdown() that occurs as a result of BIO_reset() or BIO_free_all() will crash Fossil. Attempt to deal with this by signaling a quiet shutdown if SSL_peek() returns an error. ... (file: [ccfd580e83] check-in: [616de1fef2] user: andybradford branch: fix-ssl-crash, size: 14890) | |
|
2019-05-23
| ||
| 06:44 | Since libressl abuses OPENSSL_VERSION_NUMBER, don't let fossil being confused by that. ... (file: [e0eeef129c] check-in: [5c40d6b0d4] user: jan.nijtmans branch: trunk, size: 14630) | |
|
2019-05-20
| ||
| 12:43 | Better solution than [344a3331d34d896], which doesn't involve runtime-detection. Works with both Openssl 1.0.2 and 1.1.x. ... (file: [516d174698] check-in: [f23d509b48] user: jan.nijtmans branch: trunk, size: 14419) | |
|
2019-04-01
| ||
| 00:43 | Clean up the detection of BIO_ADDR_hostname_string by removing redundant definitions; apparently autosetup has a feature which automatically creates a define with HAVE_ prepended for whatever function is intended to be detected. ... (file: [1184472f4b] check-in: [3d82794348] user: andybradford branch: trunk, size: 14379) | |
|
2019-03-25
| ||
| 14:02 | Check for the presence of BIO_ADDR_hostname_string before using it. ... (file: [03d598b6ba] check-in: [0ef9501cfa] user: andybradford branch: trunk, size: 14366) | |
| 11:31 | Use the BIO_ADDR_hostname_string() function from OpenSSL to obtain the IP address of the remote side, if that function is available. ... (file: [0c6d543a1a] check-in: [8a4ad5cb54] user: drh branch: trunk, size: 14382) | |
|
2018-07-15
| ||
| 19:56 | Clarify the difference between fossil_fatal() and fossil_panic(). The fossil_panic() interface puts a message on the error log when generating webpages. Otherwise the two routines are identical. Convert some fossil_fatal() calls into fossil_panic() where appropriate. The goal here is to limit messages on the error log to things that require attention from the system administrator, or represent bugs. ... (file: [a2a8106994] check-in: [3f5ab71744] user: drh branch: trunk, size: 14195) | |
|
2017-11-30
| ||
| 17:58 | Refactor the symlink processing logic so that most of the file access routines take a new parameter indicating the conditions under which symlinks should and should not be followed. This should fix a few bugs related to symlink processing. Lots of testing required before merging to trunk. ... (file: [55266e0d4b] check-in: [e7767de263] user: drh branch: symlink-refactor, size: 14195) | |
|
2017-03-14
| ||
| 12:11 | Fix [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847556#10|Debian bug 847556]: Cannot clone/sync over HTTPS ... (file: [91aa0e52c5] check-in: [04168f5170] user: jan.nijtmans branch: trunk, size: 14186) | |
|
2016-09-07
| ||
| 10:41 | Update referenced OpenSSL version ... (file: [0d21a4842a] check-in: [958f1a89dc] user: jan.nijtmans branch: openssl-1.1, size: 14191) | |
|
2016-04-02
| ||
| 04:47 | Use retry logic for SSL read/write as described in the OpenSSL docs. ... (file: [dea4a130ab] check-in: [c13b6ba727] user: mistachkin branch: sslRetry, size: 14160) | |
|
2014-12-18
| ||
| 08:17 | Merge trunk. Disable SSLv3 without setting to re-enabled it. ... (file: [3bb5fed661] check-in: [d6e8e26d41] user: jan.nijtmans branch: disable-sslv3, size: 14031) | |
|
2014-12-17
| ||
| 21:22 | Disable SSLv3 by default, but provide a new setting "ssl-enable-v3" to enable it. ... (file: [5ce8516373] check-in: [9f1f3f3409] user: jan.nijtmans branch: disable-sslv3, size: 14150) | |
|
2014-12-16
| ||
| 02:37 | Improvements to HTTP redirect on sync. ... (file: [e36ab021a3] check-in: [3a00b612d4] user: drh branch: trunk, size: 14005) | |
|
2014-06-26
| ||
| 07:40 | Make format parameter in socket_set_errmsg() and ssl_set_errmsg() functions a const. ... (file: [ed0b33af9b] check-in: [cfb8d6604f] user: jan.nijtmans branch: trunk, size: 13988) | |
|
2014-03-31
| ||
| 16:48 | Get rid of the GLOBAL_URL() kludge. Change the global "g" variable to contain an instance of the UrlData object instead of individual fields of the UrlData object. ... (file: [3867581485] check-in: [5fdad9bd8c] user: drh branch: trunk, size: 14012) | |
|
2014-02-08
| ||
| 08:54 | Fix harmless compiler warning ... (file: [8638fbf0fb] check-in: [0681b39b82] user: jan.nijtmans branch: trunk, size: 14009) | |
|
2014-02-06
| ||
| 13:59 | Use the same "User-Agent" string everywhere ... (file: [6eef325ed7] check-in: [a7a7df7072] user: jan.nijtmans branch: trunk, size: 14007) | |
| 13:42 | Add support for tunneling https through a http proxy (Ticket [e854101c4f]) ... (file: [477c21fb52] check-in: [3a33435666] user: jan.nijtmans branch: trunk, size: 14016) | |
|
2014-02-05
| ||
| 15:20 | one more ..... ... (file: [d7268a17b9] check-in: [4f1709d71b] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 14023) | |
| 14:59 | Use hostname in stead of proxy name in certificate handling. Attempt to fix the problem described here: [https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg13898.html] ... (file: [4c795ae1b2] check-in: [6673f163ea] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13989) | |
|
2014-01-29
| ||
| 10:21 | fix comment ... (file: [913e196b9e] check-in: [ca0a58fac5] user: jan.nijtmans branch: trunk, size: 11620) | |
| 09:36 | Don't use global data any more in establish_proxy_tunnel() ... (file: [7165011589] check-in: [12e917a1cd] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13799) | |
| 09:22 | merge trunk ... (file: [c8cff5d31d] check-in: [1f1848dd07] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13734) | |
|
2013-11-14
| ||
| 04:34 | Set the error message to indicate the HTTP status code returned on CONNECT to avoid segfault. ... (file: [0759dce965] check-in: [87d5fef9ce] user: andybradford branch: jan-httpsproxytunnel, size: 13530) | |
|
2013-10-26
| ||
| 22:51 | Accept return codes 2xx when establishing tunnel. ... (file: [25e445fe1b] check-in: [a672018374] user: jan branch: jan-httpsproxytunnel, size: 13450) | |
|
2013-10-21
| ||
| 17:21 | Slight modularization when building the request to establish https tunnel over proxy. ... (file: [72d75fc602] check-in: [491e6d30fc] user: jan branch: jan-httpsproxytunnel, size: 13444) | |
|
2013-10-17
| ||
| 15:21 | Fixed typo. ... (file: [15ee1a399d] check-in: [4ca5aa356c] user: jan branch: jan-httpsproxytunnel, size: 13534) | |
| 10:04 | Include User-Agent when connecting to proxy for https tunnels. Fixed a misplaced EOL. ... (file: [dc99106526] check-in: [08b02fe828] user: jan branch: jan-httpsproxytunnel, size: 13535) | |
| 09:31 | Add keep-alive for unauthenticated proxy tunnels. Remove port number from host. ... (file: [93d9aae7e3] check-in: [ca61c5e992] user: jan branch: jan-httpsproxytunnel, size: 13423) | |
| 09:07 | Make proxy connection 'keep-alive' for https tunnel. ... (file: [aa8d1a0536] check-in: [ca82d0c1fa] user: jan branch: jan-httpsproxytunnel, size: 13418) | |
|
2013-10-14
| ||
| 07:08 | Phase 3, the TH1 http command now uses non-global URL data. This also required heavy refactoring of some other callers that use the global URL data. ... (file: [b8265d5917] check-in: [8ce9c1af8f] user: mistachkin branch: tkt-change-hook, size: 11627) | |
|
2013-10-07
| ||
| 13:27 | Support for tunneling https through http proxy. ... (file: [e121b650a3] check-in: [c039efde83] user: jan branch: jan-httpsproxytunnel, size: 13373) | |
|
2013-01-09
| ||
| 15:59 | Fix incorrect license statement on the http_ssl.c file. No code changes. ... (file: [bfdb21dd47] check-in: [c7133bd79d] user: drh branch: trunk, size: 11480) | |
|
2012-11-04
| ||
| 12:59 | Fix typos. ... (file: [0b10e86737] check-in: [45065c5c28] user: dmitry branch: spelling, size: 11754) | |
|
2012-10-28
| ||
| 21:52 | now tested with ssl enabled as well ... (file: [a55074729a] check-in: [101a53cfc9] user: jan.nijtmans branch: trunk, size: 11753) | |
| 21:38 | - finally, do the ++j update in looks_like_text() right - More consistancy in prompt handling: accept Capitals everywhere, use '(' not '[', and abbreviate yes/no to y/N everywhere ... (file: [853a8105a6] check-in: [7c527165a6] user: jan.nijtmans branch: trunk, size: 11736) | |
|
2012-08-29
| ||
| 13:57 | Allow UTF-8 characters in sources. translate.exe will translate it to ASCII ... (file: [ad601603ed] check-in: [9f6abc5968] user: jan.nijtmans branch: msvc-broken, size: 11673) | |
|
2012-03-29
| ||
| 14:54 | Add vim modline everywhere ... (file: [ac458ee32a] check-in: [a496d8e88d] user: mgagnon branch: mgagnon_fix, size: 11716) | |
|
2011-12-23
| ||
| 14:00 | Use the SSL_set_tlsext_host_name() function only if it is available. ... (file: [0c52f90e41] check-in: [cb52442608] user: drh branch: trunk, size: 11674) | |
|
2011-12-16
| ||
| 22:00 | Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. ... (file: [01cd2d2dc8] check-in: [132dbcedbc] user: dmitry branch: dmitry-fixes, size: 11594) | |
|
2011-10-12
| ||
| 15:21 | Making the http ssl code output the verification error, in case of verification failure. I also make the user question state the host the certificate is related to. ... (file: [3cd92249f9] check-in: [79c31f9b73] user: viriketo branch: trunk, size: 11463) | |
|
2011-10-10
| ||
| 13:05 | Additional formatting fixes: shorten lines to 80 characters or less. ... (file: [8c2ac3bbd3] check-in: [c1d78e0556] user: drh branch: trunk, size: 11308) | |
| 12:59 | Adjust SSL trust fix to skip prompting for certificates that already have an explicitly negative trust setting. ... (file: [a3958e41ac] check-in: [636804745b] user: mistachkin branch: trunk, size: 11436) | |
| 12:55 | Fix indentation and formatting in http_ssl.c. Limit line length to 80 characters per the coding style spec. ... (file: [fd9eaf4587] check-in: [5eb8f0157a] user: drh branch: trunk, size: 11393) | |
| 08:56 | Fix constant prompting on already saved SSL certificates that are not trusted for some reason (e.g. host mismatch, etc). ... (file: [9f5e72f781] check-in: [25169506b7] user: mistachkin branch: ssl-trust-fix, size: 11319) | |
|
2011-09-24
| ||
| 01:39 | Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. ... (file: [e37af8e62a] check-in: [ea1d369d23] user: dmitry branch: trunk, size: 10838) | |
|
2011-09-16
| ||
| 18:53 | replaced two C++-style comments. ... (file: [4894315fa5] check-in: [693ab93b7d] user: stephan branch: trunk, size: 10764) | |
|
2011-09-06
| ||
| 20:12 | catch up with trunk. Remove C++ style comments from http_ssl.c. ... (file: [f2268870a1] check-in: [0f1c41bc20] user: martin.weber branch: msw-hack, size: 10766) | |
|
2011-09-01
| ||
| 20:38 | I think I fix a possible bug on platforms where 'char' has signed meaning, on the code about noting the 'rcvfrom' ipv4 address. ... (file: [06f6d5f174] check-in: [9ce6771c78] user: viriketo branch: ssl_peer_ip, size: 10760) | |
| 20:33 | Adding some ipv4-only code to get the ip where we took the content from for the https connections. The "rcvfrom" information was lost in the case of https connections. I don't know how to make it work well for ipv6 too. ... (file: [abf9bec524] check-in: [daa6a0eb9b] user: viriketo branch: ssl_peer_ip, size: 10727) | |
|
2011-06-05
| ||
| 08:49 | Minor code cleanup: reformat code to 80 char line length ... (file: [131941f506] check-in: [6aa5b85f0e] user: ben branch: ben-testing, size: 10381) | |
| 08:46 | Add ssl-ca-location setting to specify file/directory to pass to OpenSSL as the server CA location. This allows specification of CAs properly on platforms without usable centralised CA certificate lists, or management by external programs. Add note to certificate warning about this setting, and stronger instructions about what to do if the server certificate could not be verified. ... (file: [e66e614627] check-in: [636cc595e1] user: ben branch: ben-testing, size: 10360) | |
|
2011-05-29
| ||
| 12:49 | Support for client side SSL certificates for extra authentication to https servers. Adds --ssl-identity command line option and ssl-identity setting to specify the filename of a identity file containing a PEM encoded certificate and private key. ... (file: [53274f2426] check-in: [e06ea26e97] user: ben branch: ben-security, size: 8924) | |
|
2011-05-22
| ||
| 14:53 | When displaying an unknown certificate, also display the certificate fingerprint so the user can verify they're seeing the certificate they expect. Just displaying the textual names in the certificate does not give enough information to be certain someone isn't doing a man in the middle attack. ... (file: [ddbdabc2d5] check-in: [fc93bfb0f7] user: ben branch: ben-security, size: 7769) | |
|
2011-04-10
| ||
| 00:27 | Cache passphrase for protected PEM files to avoid having to re-type passphrase for each new https connection. ... (file: [6ff01a19e9] check-in: [0c0392af3d] user: jan branch: jan-clientcert, size: 17581) | |
|
2011-04-02
| ||
| 13:40 | Use the dedicated certs table for server certificate cache. Only attempt to use client certificate if one was actually specified for a cert bundle. Assume client key is in same file as certificate if one wasn't explicitly specified. ... (file: [fec4848792] check-in: [c44bb083e9] user: jan branch: jan-clientcert, size: 16678) | |
|
2011-03-31
| ||
| 15:30 | Some rephrasing and code cleanup. ... (file: [562f72c568] check-in: [cff102fe85] user: jan branch: jan-clientcert, size: 16086) | |
|
2011-03-30
| ||
| 21:00 | Code cleanup. Fix the "cert" command so that it compiles even if FOSSIL_ENABLE_SSL is not used. ... (file: [442c395ec9] check-in: [ebe1faabbc] user: drh branch: jan-clientcert, size: 16002) | |
| 20:58 | Fix two potential SQL injection attacks. ... (file: [1937a2ba6e] check-in: [71384ce668] user: drh branch: jan-clientcert, size: 18147) | |
| 18:49 | Use the new certificate bundle management for https connections, and deactivate the old environment variable code. Added support for specifying certificate/key bundle to clone/push/pull/sync commands. ... (file: [77378f62c0] check-in: [1a1aa98a40] user: jan branch: jan-clientcert, size: 18147) | |
| 15:40 | Added a 'cert' subcommand to manage certificate groups, and added a certificate table to the global db. Minor code formatting change. ... (file: [7d3a07ebbb] check-in: [1156ad25db] user: jan branch: jan-clientcert, size: 15549) | |
| 10:53 | Minor code formatting changes in http_ssl.c. ... (file: [45fa3355c0] check-in: [662c83513f] user: drh branch: jan-clientcert, size: 10310) | |
|
2011-03-29
| ||
| 15:06 | Cosmetic: Removed some tabbed indentation. ... (file: [3a88e8b1ab] check-in: [b261c4a33b] user: jan branch: jan-clientcert, size: 10318) | |
| 14:12 | Add support for feeding OpenSSL a CA certificate file/path for proper chain verification. This is one of several possible solutions to ticket [727af73f46]. Also cache the CA certificate file/path, client certificate/key file/path references in the global config (similar to how the server certificates are cached), and attempt to use them if the corresponding environment variables have not been set. Prefixed a function with ssl_ to conform to existing naming conventions. ... (file: [5fa80ec874] check-in: [b28995ccbd] user: jan branch: jan-clientcert, size: 10300) | |
|
2011-03-25
| ||
| 18:20 | Added very basic client certificate support for https. ... (file: [e83a276054] check-in: [513ea81005] user: jan branch: jan-clientcert, size: 8629) | |
|
2010-10-22
| ||
| 01:06 | Merge in some ui enhancements from the ssl_platform_fixes branch. ... (file: [0532ba5ac1] check-in: [3c19422b6e] user: bcsmith branch: ui-improvements, size: 11736) | |
|
2010-10-06
| ||
| 12:15 | SLL uses system-wide default CAs. Ticket [f696bc85f8b91d263f5bf4c5bbd2]. ... (file: [54bf448ea6] check-in: [8995df3aee] user: drh branch: trunk, size: 7500) | |
|
2010-10-03
| ||
| 19:24 | More descriptive SSL error messages. ... (file: [b88e716440] check-in: [6b8b6d2e23] user: bcsmith branch: ssl_platform_fixes, size: 11670) | |
|
2010-08-28
| ||
| 20:22 | Added ssl support to msc msc doesn't like declaring vars in the middle of a block! added the extra needed libs in a commented LIBS line ... (file: [56d783c4e1] check-in: [29c728f4b3] user: renez branch: windowscompilers, size: 7434) | |
|
2010-06-23
| ||
| 13:30 | Prompt the user for permission to overwrite files on "fossil open". Ticket [17389900b2e5bd816] ... (file: [b861d80781] check-in: [d778ffea81] user: drh branch: trunk, size: 7425) | |
|
2010-03-21
| ||
| 22:42 | Comparison typo. ... (file: [f41997da2c] check-in: [624bc1c662] user: linuxfood branch: ssl_platform_fixes, size: 8461) | |
| 22:38 | Fix case when trying to free a non-malloced pointer. ... (file: [6f64488a73] check-in: [ee59ca74b8] user: linuxfood branch: ssl_platform_fixes, size: 8461) | |
| 22:14 | Merge in trunk and local fixes. ... (file: [a24ae7b848] check-in: [3b06c951cf] user: linuxfood branch: ssl_platform_fixes, size: 8375) | |
|
2010-03-06
| ||
| 15:21 | Fix a compiler warning in the SSL module. ... (file: [65bb20fd9b] check-in: [5825707088] user: drh branch: trunk, size: 7424) | |
|
2009-11-09
| ||
| 21:22 | Reformat some code in http_ssl.c ... (file: [9abcae4fb5] check-in: [d92945e5da] user: dmitry branch: ssl, size: 7418) | |
| 15:32 | Add SSL support. ... (file: [77d02aa7e4] check-in: [16f6fd904a] user: dmitry branch: ssl, size: 7422) | |