Fossil SCM
Removed manual indents in command and file examples in the ssl doc.
Commit
1e0c0d0414bbfaa4aeacd78ee9e6db3fb7836031be13ebf88301631e7ea1c854
Parent
c2c55014b0b5b6d…
1 file changed
+17
-17
+17
-17
| --- www/ssl.wiki | ||
| +++ www/ssl.wiki | ||
| @@ -82,19 +82,19 @@ | ||
| 82 | 82 | |
| 83 | 83 | Another option is to download the source code to OpenSSL and build |
| 84 | 84 | Fossil against that private version of OpenSSL: |
| 85 | 85 | |
| 86 | 86 | <pre> |
| 87 | - cd compat # relative to the Fossil source tree root | |
| 88 | - tar xf /path/to/openssl-*.tar.gz | |
| 89 | - ln -fs openssl-x.y.z openssl | |
| 90 | - cd openssl | |
| 91 | - ./config # or, e.g. ./Configure darwin64-x86_64-cc | |
| 92 | - make -j11 | |
| 93 | - cd ../.. | |
| 94 | - ./configure --with-openssl=tree | |
| 95 | - make -j11 | |
| 87 | +cd compat # relative to the Fossil source tree root | |
| 88 | +tar xf /path/to/openssl-*.tar.gz | |
| 89 | +ln -fs openssl-x.y.z openssl | |
| 90 | +cd openssl | |
| 91 | +./config # or, e.g. ./Configure darwin64-x86_64-cc | |
| 92 | +make -j11 | |
| 93 | +cd ../.. | |
| 94 | +./configure --with-openssl=tree | |
| 95 | +make -j11 | |
| 96 | 96 | </pre> |
| 97 | 97 | |
| 98 | 98 | That will get you a Fossil binary statically linked to this in-tree |
| 99 | 99 | version of OpenSSL. |
| 100 | 100 | |
| @@ -124,21 +124,21 @@ | ||
| 124 | 124 | certificate signed by a well-known CA or one of its delegates, Fossil |
| 125 | 125 | still has to know which CA roots to trust. When this fails, you get an |
| 126 | 126 | error message that looks like this in Fossil 2.11 and newer: |
| 127 | 127 | |
| 128 | 128 | <pre> |
| 129 | - Unable to verify SSL cert from fossil-scm.org | |
| 130 | - subject: CN = sqlite.org | |
| 131 | - issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |
| 132 | - sha256: bf26092dd97df6e4f7bf1926072e7e8d200129e1ffb8ef5276c1e5dd9bc95d52 | |
| 133 | - accept this cert and continue (y/N)? | |
| 129 | +Unable to verify SSL cert from fossil-scm.org | |
| 130 | + subject: CN = sqlite.org | |
| 131 | + issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 | |
| 132 | + sha256: bf26092dd97df6e4f7bf1926072e7e8d200129e1ffb8ef5276c1e5dd9bc95d52 | |
| 133 | +accept this cert and continue (y/N)? | |
| 134 | 134 | </pre> |
| 135 | 135 | |
| 136 | 136 | In older versions, the message was much longer and began with this line: |
| 137 | 137 | |
| 138 | 138 | <pre> |
| 139 | - SSL verification failed: unable to get local issuer certificate | |
| 139 | +SSL verification failed: unable to get local issuer certificate | |
| 140 | 140 | </pre> |
| 141 | 141 | |
| 142 | 142 | Fossil relies on the OpenSSL library to have some way to check a trusted |
| 143 | 143 | list of CA signing keys. There are two common ways this fails: |
| 144 | 144 | |
| @@ -153,11 +153,11 @@ | ||
| 153 | 153 | certificates signed by a local private CA, as often happens in large |
| 154 | 154 | enterprises. You can solve this sort of problem by getting your local |
| 155 | 155 | CA's signing certificate in PEM format and pointing OpenSSL at it: |
| 156 | 156 | |
| 157 | 157 | <pre> |
| 158 | - fossil set --global ssl-ca-location /path/to/local-ca.pem | |
| 158 | +fossil set --global ssl-ca-location /path/to/local-ca.pem | |
| 159 | 159 | </pre> |
| 160 | 160 | |
| 161 | 161 | The use of <tt>--global</tt> with this option is common, since you may |
| 162 | 162 | have multiple repositories served under certificates signed by that same |
| 163 | 163 | CA. However, if you have a mix of publicly-signed and locally-signed |
| @@ -182,11 +182,11 @@ | ||
| 182 | 182 | a [https://curl.se/docs/caextract.html | third party source] for the |
| 183 | 183 | <tt>cacert.pem</tt> file. I suggest placing the file into your Windows |
| 184 | 184 | user home directory so that you can then point Fossil at it like so: |
| 185 | 185 | |
| 186 | 186 | <pre> |
| 187 | - fossil set --global ssl-ca-location %userprofile%\cacert.pem | |
| 187 | +fossil set --global ssl-ca-location %userprofile%\cacert.pem | |
| 188 | 188 | </pre> |
| 189 | 189 | |
| 190 | 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | 192 | work in that case, too. |
| 193 | 193 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -82,19 +82,19 @@ | |
| 82 | |
| 83 | Another option is to download the source code to OpenSSL and build |
| 84 | Fossil against that private version of OpenSSL: |
| 85 | |
| 86 | <pre> |
| 87 | cd compat # relative to the Fossil source tree root |
| 88 | tar xf /path/to/openssl-*.tar.gz |
| 89 | ln -fs openssl-x.y.z openssl |
| 90 | cd openssl |
| 91 | ./config # or, e.g. ./Configure darwin64-x86_64-cc |
| 92 | make -j11 |
| 93 | cd ../.. |
| 94 | ./configure --with-openssl=tree |
| 95 | make -j11 |
| 96 | </pre> |
| 97 | |
| 98 | That will get you a Fossil binary statically linked to this in-tree |
| 99 | version of OpenSSL. |
| 100 | |
| @@ -124,21 +124,21 @@ | |
| 124 | certificate signed by a well-known CA or one of its delegates, Fossil |
| 125 | still has to know which CA roots to trust. When this fails, you get an |
| 126 | error message that looks like this in Fossil 2.11 and newer: |
| 127 | |
| 128 | <pre> |
| 129 | Unable to verify SSL cert from fossil-scm.org |
| 130 | subject: CN = sqlite.org |
| 131 | issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 |
| 132 | sha256: bf26092dd97df6e4f7bf1926072e7e8d200129e1ffb8ef5276c1e5dd9bc95d52 |
| 133 | accept this cert and continue (y/N)? |
| 134 | </pre> |
| 135 | |
| 136 | In older versions, the message was much longer and began with this line: |
| 137 | |
| 138 | <pre> |
| 139 | SSL verification failed: unable to get local issuer certificate |
| 140 | </pre> |
| 141 | |
| 142 | Fossil relies on the OpenSSL library to have some way to check a trusted |
| 143 | list of CA signing keys. There are two common ways this fails: |
| 144 | |
| @@ -153,11 +153,11 @@ | |
| 153 | certificates signed by a local private CA, as often happens in large |
| 154 | enterprises. You can solve this sort of problem by getting your local |
| 155 | CA's signing certificate in PEM format and pointing OpenSSL at it: |
| 156 | |
| 157 | <pre> |
| 158 | fossil set --global ssl-ca-location /path/to/local-ca.pem |
| 159 | </pre> |
| 160 | |
| 161 | The use of <tt>--global</tt> with this option is common, since you may |
| 162 | have multiple repositories served under certificates signed by that same |
| 163 | CA. However, if you have a mix of publicly-signed and locally-signed |
| @@ -182,11 +182,11 @@ | |
| 182 | a [https://curl.se/docs/caextract.html | third party source] for the |
| 183 | <tt>cacert.pem</tt> file. I suggest placing the file into your Windows |
| 184 | user home directory so that you can then point Fossil at it like so: |
| 185 | |
| 186 | <pre> |
| 187 | fossil set --global ssl-ca-location %userprofile%\cacert.pem |
| 188 | </pre> |
| 189 | |
| 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | work in that case, too. |
| 193 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -82,19 +82,19 @@ | |
| 82 | |
| 83 | Another option is to download the source code to OpenSSL and build |
| 84 | Fossil against that private version of OpenSSL: |
| 85 | |
| 86 | <pre> |
| 87 | cd compat # relative to the Fossil source tree root |
| 88 | tar xf /path/to/openssl-*.tar.gz |
| 89 | ln -fs openssl-x.y.z openssl |
| 90 | cd openssl |
| 91 | ./config # or, e.g. ./Configure darwin64-x86_64-cc |
| 92 | make -j11 |
| 93 | cd ../.. |
| 94 | ./configure --with-openssl=tree |
| 95 | make -j11 |
| 96 | </pre> |
| 97 | |
| 98 | That will get you a Fossil binary statically linked to this in-tree |
| 99 | version of OpenSSL. |
| 100 | |
| @@ -124,21 +124,21 @@ | |
| 124 | certificate signed by a well-known CA or one of its delegates, Fossil |
| 125 | still has to know which CA roots to trust. When this fails, you get an |
| 126 | error message that looks like this in Fossil 2.11 and newer: |
| 127 | |
| 128 | <pre> |
| 129 | Unable to verify SSL cert from fossil-scm.org |
| 130 | subject: CN = sqlite.org |
| 131 | issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 |
| 132 | sha256: bf26092dd97df6e4f7bf1926072e7e8d200129e1ffb8ef5276c1e5dd9bc95d52 |
| 133 | accept this cert and continue (y/N)? |
| 134 | </pre> |
| 135 | |
| 136 | In older versions, the message was much longer and began with this line: |
| 137 | |
| 138 | <pre> |
| 139 | SSL verification failed: unable to get local issuer certificate |
| 140 | </pre> |
| 141 | |
| 142 | Fossil relies on the OpenSSL library to have some way to check a trusted |
| 143 | list of CA signing keys. There are two common ways this fails: |
| 144 | |
| @@ -153,11 +153,11 @@ | |
| 153 | certificates signed by a local private CA, as often happens in large |
| 154 | enterprises. You can solve this sort of problem by getting your local |
| 155 | CA's signing certificate in PEM format and pointing OpenSSL at it: |
| 156 | |
| 157 | <pre> |
| 158 | fossil set --global ssl-ca-location /path/to/local-ca.pem |
| 159 | </pre> |
| 160 | |
| 161 | The use of <tt>--global</tt> with this option is common, since you may |
| 162 | have multiple repositories served under certificates signed by that same |
| 163 | CA. However, if you have a mix of publicly-signed and locally-signed |
| @@ -182,11 +182,11 @@ | |
| 182 | a [https://curl.se/docs/caextract.html | third party source] for the |
| 183 | <tt>cacert.pem</tt> file. I suggest placing the file into your Windows |
| 184 | user home directory so that you can then point Fossil at it like so: |
| 185 | |
| 186 | <pre> |
| 187 | fossil set --global ssl-ca-location %userprofile%\cacert.pem |
| 188 | </pre> |
| 189 | |
| 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | work in that case, too. |
| 193 |