Fossil

Check-in [474850cff5]
Login
Home Timeline Docs Forum Download

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Merge the ben-security branch into the trunk.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk | release
Files: files | file ages | folders
SHA1: 474850cff598d76f4e23f7df1f2ea26e93478c45
User & Date: drh 2011-05-23 15:11:12.321
References
2011-05-27
11:33 New ticket [49db5c3993] windows-i18n: "fossil extras" does not see files with non-ascii chars in their name. ... (artifact: 67e356f427 user: anonymous)
2011-05-26
12:28 Closed ticket [b67996c1e6]: Fossil can no longer find files in open checkouts with non-ascii chars in directory plus 2 other changes ... (artifact: a8e5afdd67 user: anonymous)
05:51 Ticket [b67996c1e6]: 1 change ... (artifact: 64e2883253 user: anonymous)
Context
2011-05-25
13:54
Update the Mac icon for the download page. ... (check-in: a2e1c48373 user: drh tags: trunk)
2011-05-24
12:02
Merge the latest trunk changes into the versionable-settings branch. ... (check-in: 9c915adb0a user: drh tags: versionable-settings)
12:00
Merge the latest trunk changes into the arjen-doc-updates branch. ... (check-in: 5d4ef37a9d user: drh tags: arjen-doc-updates)
2011-05-23
15:11
Merge the ben-security branch into the trunk. ... (check-in: 474850cff5 user: drh tags: trunk, release)
15:06
Merge the solaris10 branch into the trunk. ... (check-in: 3e0efc3827 user: drh tags: trunk)
2011-05-22
15:08
Follow web app best practise by marking cookies as HttpOnly and, if it's over an https connection, as 'secure' so they will only be transmitted over https. Options supported by major browsers, and harmless where not supported. ... (check-in: e4b57a3230 user: ben tags: ben-security)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/cgi.c. 
189
190
191
192
193
194
195

196



197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

*/
void cgi_set_cookie(
  const char *zName,    /* Name of the cookie */
  const char *zValue,   /* Value of the cookie.  Automatically escaped */
  const char *zPath,    /* Path cookie applies to.  NULL means "/" */
  int lifetime          /* Expiration of the cookie in seconds from now */
){

  if( zPath==0 ) zPath = g.zTop;



  if( lifetime>0 ){
    lifetime += (int)time(0);
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; expires=%z; Version=1\r\n",
        zName, zValue, zPath, cgi_rfc822_datestamp(lifetime));
  }else{
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; Version=1\r\n",
       zName, zValue, zPath);
  }
}

#if 0
/*
** Add an ETag header line
*/








>

>
>
>



|
|


|
|








189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

*/
void cgi_set_cookie(
  const char *zName,    /* Name of the cookie */
  const char *zValue,   /* Value of the cookie.  Automatically escaped */
  const char *zPath,    /* Path cookie applies to.  NULL means "/" */
  int lifetime          /* Expiration of the cookie in seconds from now */
){
  char *zSecure = "";
  if( zPath==0 ) zPath = g.zTop;
  if( g.zBaseURL!=0 && strncmp(g.zBaseURL, "https:", 6)==0 ){
    zSecure = " secure;";
  }
  if( lifetime>0 ){
    lifetime += (int)time(0);
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; expires=%z; HttpOnly;%s Version=1\r\n",
        zName, zValue, zPath, cgi_rfc822_datestamp(lifetime), zSecure);
  }else{
    blob_appendf(&extraHeader,
       "Set-Cookie: %s=%t; Path=%s; HttpOnly;%s Version=1\r\n",
       zName, zValue, zPath, zSecure);
  }
}

#if 0
/*
** Add an ETag header line
*/
Changes to src/http_ssl.c. 
180
181
182
183
184
185
186


187
188
189
190
191







192
193
194
195
196
197
198

  }

  if( SSL_get_verify_result(ssl) != X509_V_OK ){
    char *desc, *prompt;
    char *warning = "";
    Blob ans;
    BIO *mem;


    
    mem = BIO_new(BIO_s_mem());
    X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE);
    BIO_puts(mem, "\n\nIssued By:\n\n");
    X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE);







    BIO_write(mem, "", 1); // null-terminate mem buffer
    BIO_get_mem_data(mem, &desc);
    
    if( hasSavedCertificate ){
      warning = "WARNING: Certificate doesn't match the "
                "saved certificate for this host!";
    }








>
>





>
>
>
>
>
>
>








180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207

  }

  if( SSL_get_verify_result(ssl) != X509_V_OK ){
    char *desc, *prompt;
    char *warning = "";
    Blob ans;
    BIO *mem;
    unsigned char md[32];
    unsigned int mdLength = 31;
    
    mem = BIO_new(BIO_s_mem());
    X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE);
    BIO_puts(mem, "\n\nIssued By:\n\n");
    X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE);
    BIO_puts(mem, "\n\nSHA1 Fingerprint:\n\n ");
    if(X509_digest(cert, EVP_sha1(), md, &mdLength)){
      int j;
      for( j = 0; j < mdLength; ++j ) {
        BIO_printf(mem, " %02x", md[j]);
      }
    }
    BIO_write(mem, "", 1); // null-terminate mem buffer
    BIO_get_mem_data(mem, &desc);
    
    if( hasSavedCertificate ){
      warning = "WARNING: Certificate doesn't match the "
                "saved certificate for this host!";
    }
This page was generated in about 0.03s by Fossil 2.26 [1205ec86cb] 2025-04-30 16:57:32