Fossil SCM
Applied SSL fingerprint comparison patch from [forum:c1e3c18afb|forum post c1e3c18afb]. Incremented version to 2.18.
Commit
48a860f658cbf7f94d9124aeebc0f8471411b8b095c8e9119f3452d9fefa303e
Parent
9d693ef80a00290…
2 files changed
+1
-1
+4
-3
M
VERSION
+1
-1
| --- VERSION | ||
| +++ VERSION | ||
| @@ -1,1 +1,1 @@ | ||
| 1 | -2.17 | |
| 1 | +2.18 | |
| 2 | 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.17 |
| 2 |
| --- VERSION | |
| +++ VERSION | |
| @@ -1,1 +1,1 @@ | |
| 1 | 2.18 |
| 2 |
+4
-3
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -379,24 +379,25 @@ | ||
| 379 | 379 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE); |
| 380 | 380 | BIO_printf(mem, "\n sha256: %s", zHash); |
| 381 | 381 | desclen = BIO_get_mem_data(mem, &desc); |
| 382 | 382 | |
| 383 | 383 | prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n" |
| 384 | - "accept this cert and continue (y/N)? ", | |
| 384 | + "accept this cert and continue (y/N/fingerprint)? ", | |
| 385 | 385 | pUrlData->name, desclen, desc); |
| 386 | 386 | BIO_free(mem); |
| 387 | 387 | |
| 388 | 388 | prompt_user(prompt, &ans); |
| 389 | 389 | free(prompt); |
| 390 | 390 | cReply = blob_str(&ans)[0]; |
| 391 | - blob_reset(&ans); | |
| 392 | - if( cReply!='y' && cReply!='Y' ){ | |
| 391 | + if( cReply!='y' && cReply!='Y' && fossil_stricmp(blob_str(&ans),zHash)!=0 ){ | |
| 393 | 392 | X509_free(cert); |
| 394 | 393 | ssl_set_errmsg("SSL cert declined"); |
| 395 | 394 | ssl_close(); |
| 395 | + blob_reset(&ans); | |
| 396 | 396 | return 1; |
| 397 | 397 | } |
| 398 | + blob_reset(&ans); | |
| 398 | 399 | ssl_one_time_exception(pUrlData, zHash); |
| 399 | 400 | prompt_user("remember this exception (y/N)? ", &ans); |
| 400 | 401 | cReply = blob_str(&ans)[0]; |
| 401 | 402 | if( cReply=='y' || cReply=='Y') { |
| 402 | 403 | db_open_config(0,0); |
| 403 | 404 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -379,24 +379,25 @@ | |
| 379 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE); |
| 380 | BIO_printf(mem, "\n sha256: %s", zHash); |
| 381 | desclen = BIO_get_mem_data(mem, &desc); |
| 382 | |
| 383 | prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n" |
| 384 | "accept this cert and continue (y/N)? ", |
| 385 | pUrlData->name, desclen, desc); |
| 386 | BIO_free(mem); |
| 387 | |
| 388 | prompt_user(prompt, &ans); |
| 389 | free(prompt); |
| 390 | cReply = blob_str(&ans)[0]; |
| 391 | blob_reset(&ans); |
| 392 | if( cReply!='y' && cReply!='Y' ){ |
| 393 | X509_free(cert); |
| 394 | ssl_set_errmsg("SSL cert declined"); |
| 395 | ssl_close(); |
| 396 | return 1; |
| 397 | } |
| 398 | ssl_one_time_exception(pUrlData, zHash); |
| 399 | prompt_user("remember this exception (y/N)? ", &ans); |
| 400 | cReply = blob_str(&ans)[0]; |
| 401 | if( cReply=='y' || cReply=='Y') { |
| 402 | db_open_config(0,0); |
| 403 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -379,24 +379,25 @@ | |
| 379 | X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 0, XN_FLAG_ONELINE); |
| 380 | BIO_printf(mem, "\n sha256: %s", zHash); |
| 381 | desclen = BIO_get_mem_data(mem, &desc); |
| 382 | |
| 383 | prompt = mprintf("Unable to verify SSL cert from %s\n%.*s\n" |
| 384 | "accept this cert and continue (y/N/fingerprint)? ", |
| 385 | pUrlData->name, desclen, desc); |
| 386 | BIO_free(mem); |
| 387 | |
| 388 | prompt_user(prompt, &ans); |
| 389 | free(prompt); |
| 390 | cReply = blob_str(&ans)[0]; |
| 391 | if( cReply!='y' && cReply!='Y' && fossil_stricmp(blob_str(&ans),zHash)!=0 ){ |
| 392 | X509_free(cert); |
| 393 | ssl_set_errmsg("SSL cert declined"); |
| 394 | ssl_close(); |
| 395 | blob_reset(&ans); |
| 396 | return 1; |
| 397 | } |
| 398 | blob_reset(&ans); |
| 399 | ssl_one_time_exception(pUrlData, zHash); |
| 400 | prompt_user("remember this exception (y/N)? ", &ans); |
| 401 | cReply = blob_str(&ans)[0]; |
| 402 | if( cReply=='y' || cReply=='Y') { |
| 403 | db_open_config(0,0); |
| 404 |