Fossil SCM
Adjust SSL trust fix to skip prompting for certificates that already have an explicitly negative trust setting.
Commit
636804745b08edeca6196106729ce66fee1368e8
Parent
5eb8f0157a1bbee…
1 file changed
+7
-5
+7
-5
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -287,16 +287,18 @@ | ||
| 287 | 287 | ssl_set_errmsg("SSL certificate declined"); |
| 288 | 288 | ssl_close(); |
| 289 | 289 | return 1; |
| 290 | 290 | } |
| 291 | 291 | if( blob_str(&ans)[0]=='a' ) { |
| 292 | - Blob ans2; | |
| 293 | - prompt_user("\nSave this certificate as fully trusted [a=always/N]? ", | |
| 294 | - &ans2); | |
| 295 | - trusted = (blob_str(&ans2)[0]=='a'); | |
| 292 | + if ( trusted==0 ){ | |
| 293 | + Blob ans2; | |
| 294 | + prompt_user("\nSave this certificate as fully trusted [a=always/N]? ", | |
| 295 | + &ans2); | |
| 296 | + trusted = (blob_str(&ans2)[0]=='a'); | |
| 297 | + blob_reset(&ans2); | |
| 298 | + } | |
| 296 | 299 | ssl_save_certificate(cert, trusted); |
| 297 | - blob_reset(&ans2); | |
| 298 | 300 | } |
| 299 | 301 | blob_reset(&ans); |
| 300 | 302 | } |
| 301 | 303 | |
| 302 | 304 | /* Set the Global.zIpAddr variable to the server we are talking to. |
| 303 | 305 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -287,16 +287,18 @@ | |
| 287 | ssl_set_errmsg("SSL certificate declined"); |
| 288 | ssl_close(); |
| 289 | return 1; |
| 290 | } |
| 291 | if( blob_str(&ans)[0]=='a' ) { |
| 292 | Blob ans2; |
| 293 | prompt_user("\nSave this certificate as fully trusted [a=always/N]? ", |
| 294 | &ans2); |
| 295 | trusted = (blob_str(&ans2)[0]=='a'); |
| 296 | ssl_save_certificate(cert, trusted); |
| 297 | blob_reset(&ans2); |
| 298 | } |
| 299 | blob_reset(&ans); |
| 300 | } |
| 301 | |
| 302 | /* Set the Global.zIpAddr variable to the server we are talking to. |
| 303 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -287,16 +287,18 @@ | |
| 287 | ssl_set_errmsg("SSL certificate declined"); |
| 288 | ssl_close(); |
| 289 | return 1; |
| 290 | } |
| 291 | if( blob_str(&ans)[0]=='a' ) { |
| 292 | if ( trusted==0 ){ |
| 293 | Blob ans2; |
| 294 | prompt_user("\nSave this certificate as fully trusted [a=always/N]? ", |
| 295 | &ans2); |
| 296 | trusted = (blob_str(&ans2)[0]=='a'); |
| 297 | blob_reset(&ans2); |
| 298 | } |
| 299 | ssl_save_certificate(cert, trusted); |
| 300 | } |
| 301 | blob_reset(&ans); |
| 302 | } |
| 303 | |
| 304 | /* Set the Global.zIpAddr variable to the server we are talking to. |
| 305 |