Fossil

Check-in [c563be15]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: c563be15526be6f215521fd3fc084b95907fd93b9f613e275ec8741698d9fdda
User & Date: wyoung 2019-01-28 19:58:26
Context
2019-01-28
19:59
Markdownism fixes in previous check-in: 39825691 user: wyoung tags: trunk
19:58
Noted that linking Fossil to an OpenSSL built from source opens the user to the "no root certs" problem previously solved in www/ssl.wiki. check-in: c563be15 user: wyoung tags: trunk
19:52
Clarified the "build from source" option for linking Fossil to a non-platform version of OpenSSL. check-in: 1e21abda user: wyoung tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to www/ssl.wiki.

   152    152   <tt>cacert.pem</tt> file. Install it somewhere on your system, then
   153    153   point Fossil at it like so:
   154    154   
   155    155   <pre>
   156    156        fossil set --global ssl-ca-location /path/to/cacert.pem
   157    157   </pre>
   158    158   
   159         -Linux platforms tend to provide such a root cert store along with the
   160         -platform OpenSSL package, either built-in or as a hard dependency.
          159  +This can also happen if you've linked Fossil to a version of OpenSSL
          160  +[built from source](#openssl-src). That same `cacert.pem` fix can work
          161  +in that case, too.
          162  +
          163  +When you build Fossil on Linux platforms against the binary OpenSSL
          164  +package provided with the OS, you typically get a root cert store along
          165  +with the platform OpenSSL package, either built-in or as a hard
          166  +dependency.
   161    167   
   162    168   
   163    169   <h4>Client-Side Certificates</h4>
   164    170   
   165    171   You can also use client side certificates to add an extra layer of
   166    172   authentication, over and above Fossil's built in user management. If you
   167    173   are particularly paranoid, you'll want to use this to remove the ability