Fossil

Check-in [48a860f6]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Applied SSL fingerprint comparison patch from forum post c1e3c18afb. Incremented version to 2.18.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 48a860f658cbf7f94d9124aeebc0f8471411b8b095c8e9119f3452d9fefa303e
User & Date: stephan 2021-10-13 10:01:46
Context
2021-10-16
06:52
Removed the docs for the merge command's --case-sensitive flag, as it does not seem to be applied anywhere. ... (check-in: e340af58 user: stephan tags: trunk)
2021-10-13
10:01
Applied SSL fingerprint comparison patch from forum post c1e3c18afb. Incremented version to 2.18. ... (check-in: 48a860f6 user: stephan tags: trunk)
2021-10-12
20:28
/chat: fixed an error reporting bug which could cause server-triggered errors to not be displayed. When sending a message fails, the failed message is now presented as an error message, along with buttons to either retry or discard the message. ... (check-in: 9d693ef8 user: stephan tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to VERSION.

1
2.17
|
1
2.18

Changes to src/http_ssl.c.

377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395

396
397

398
399
400
401
402
403
404
      X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE);
      BIO_puts(mem,   "\n  issuer:  ");
      X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE);
      BIO_printf(mem, "\n  sha256:  %s", zHash);
      desclen = BIO_get_mem_data(mem, &desc);
  
      prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n"
          "accept this cert and continue (y/N)? ",
          pUrlData->name, desclen, desc);
      BIO_free(mem);
  
      prompt_user(prompt, &ans);
      free(prompt);
      cReply = blob_str(&ans)[0];
      blob_reset(&ans);
      if( cReply!='y' && cReply!='Y' ){
        X509_free(cert);
        ssl_set_errmsg("SSL cert declined");
        ssl_close();

        return 1;
      }

      ssl_one_time_exception(pUrlData, zHash);
      prompt_user("remember this exception (y/N)? ", &ans);
      cReply = blob_str(&ans)[0];
      if( cReply=='y' || cReply=='Y') {
        db_open_config(0,0);
        ssl_remember_certificate_exception(pUrlData, zHash);
      }







|






<
|



>


>







377
378
379
380
381
382
383
384
385
386
387
388
389
390

391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
      X509_NAME_print_ex(mem, X509_get_subject_name(cert), 0, XN_FLAG_ONELINE);
      BIO_puts(mem,   "\n  issuer:  ");
      X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE);
      BIO_printf(mem, "\n  sha256:  %s", zHash);
      desclen = BIO_get_mem_data(mem, &desc);
  
      prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n"
          "accept this cert and continue (y/N/fingerprint)? ",
          pUrlData->name, desclen, desc);
      BIO_free(mem);
  
      prompt_user(prompt, &ans);
      free(prompt);
      cReply = blob_str(&ans)[0];

      if( cReply!='y' && cReply!='Y' && fossil_stricmp(blob_str(&ans),zHash)!=0 ){
        X509_free(cert);
        ssl_set_errmsg("SSL cert declined");
        ssl_close();
        blob_reset(&ans);
        return 1;
      }
      blob_reset(&ans);
      ssl_one_time_exception(pUrlData, zHash);
      prompt_user("remember this exception (y/N)? ", &ans);
      cReply = blob_str(&ans)[0];
      if( cReply=='y' || cReply=='Y') {
        db_open_config(0,0);
        ssl_remember_certificate_exception(pUrlData, zHash);
      }