Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.
|Comment:||Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki.|
|Downloads:||Tarball | ZIP archive | SQL archive|
|Timelines:||family | ancestors | descendants | both | trunk|
|Files:||files | file ages | folders|
|User & Date:||wyoung 2019-01-28 19:58:26|
|19:59||Markdownism fixes in previous check-in: 39825691 user: wyoung tags: trunk|
|19:58||Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. check-in: c563be15 user: wyoung tags: trunk|
|19:52||Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. check-in: 1e21abda user: wyoung tags: trunk|
Changes to www/ssl.wiki.
152 152 <tt>cacert.pem</tt> file. Install it somewhere on your system, then 153 153 point Fossil at it like so: 154 154 155 155 <pre> 156 156 fossil set --global ssl-ca-location /path/to/cacert.pem 157 157 </pre> 158 158 159 -Linux platforms tend to provide such a root cert store along with the 160 -platform OpenSSL package, either built-in or as a hard dependency. 159 +This can also happen if you've linked Fossil to a version of OpenSSL 160 +[built from source](#openssl-src). That same `cacert.pem` fix can work 161 +in that case, too. 162 + 163 +When you build Fossil on Linux platforms against the binary OpenSSL 164 +package provided with the OS, you typically get a root cert store along 165 +with the platform OpenSSL package, either built-in or as a hard 166 +dependency. 161 167 162 168 163 169 <h4>Client-Side Certificates</h4> 164 170 165 171 You can also use client side certificates to add an extra layer of 166 172 authentication, over and above Fossil's built in user management. If you 167 173 are particularly paranoid, you'll want to use this to remove the ability