Fossil SCM
Use hostname in stead of proxy name in certificate handling. Attempt to fix the problem described here: [https://www.mail-archive.com/[email protected]/msg13898.html]
Commit
6673f163ea4f1c4ef9aaeeaa319226c514b54eb7
Parent
12e917a1cd150b9…
1 file changed
+5
-5
+5
-5
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -357,11 +357,11 @@ | ||
| 357 | 357 | " certificates list\n\n" |
| 358 | 358 | "If you are not expecting this message, answer no and " |
| 359 | 359 | "contact your server\nadministrator.\n\n" |
| 360 | 360 | "Accept certificate for host %s (a=always/y/N)? ", |
| 361 | 361 | X509_verify_cert_error_string(e), desc, warning, |
| 362 | - pUrlData->name); | |
| 362 | + pUrlData->useProxy?pUrlData->hostname:pUrlData->name); | |
| 363 | 363 | BIO_free(mem); |
| 364 | 364 | |
| 365 | 365 | prompt_user(prompt, &ans); |
| 366 | 366 | free(prompt); |
| 367 | 367 | cReply = blob_str(&ans)[0]; |
| @@ -407,14 +407,14 @@ | ||
| 407 | 407 | |
| 408 | 408 | mem = BIO_new(BIO_s_mem()); |
| 409 | 409 | PEM_write_bio_X509(mem, cert); |
| 410 | 410 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 411 | 411 | BIO_get_mem_data(mem, &zCert); |
| 412 | - zHost = mprintf("cert:%s", pUrlData->name); | |
| 412 | + zHost = mprintf("cert:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); | |
| 413 | 413 | db_set(zHost, zCert, 1); |
| 414 | 414 | free(zHost); |
| 415 | - zHost = mprintf("trusted:%s", pUrlData->name); | |
| 415 | + zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); | |
| 416 | 416 | db_set_int(zHost, trusted, 1); |
| 417 | 417 | free(zHost); |
| 418 | 418 | BIO_free(mem); |
| 419 | 419 | } |
| 420 | 420 | |
| @@ -425,18 +425,18 @@ | ||
| 425 | 425 | X509 *ssl_get_certificate(UrlData *pUrlData, int *pTrusted){ |
| 426 | 426 | char *zHost, *zCert; |
| 427 | 427 | BIO *mem; |
| 428 | 428 | X509 *cert; |
| 429 | 429 | |
| 430 | - zHost = mprintf("cert:%s", pUrlData->name); | |
| 430 | + zHost = mprintf("cert:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); | |
| 431 | 431 | zCert = db_get(zHost, NULL); |
| 432 | 432 | free(zHost); |
| 433 | 433 | if ( zCert==NULL ) |
| 434 | 434 | return NULL; |
| 435 | 435 | |
| 436 | 436 | if ( pTrusted!=0 ){ |
| 437 | - zHost = mprintf("trusted:%s", pUrlData->name); | |
| 437 | + zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); | |
| 438 | 438 | *pTrusted = db_get_int(zHost, 0); |
| 439 | 439 | free(zHost); |
| 440 | 440 | } |
| 441 | 441 | |
| 442 | 442 | mem = BIO_new(BIO_s_mem()); |
| 443 | 443 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -357,11 +357,11 @@ | |
| 357 | " certificates list\n\n" |
| 358 | "If you are not expecting this message, answer no and " |
| 359 | "contact your server\nadministrator.\n\n" |
| 360 | "Accept certificate for host %s (a=always/y/N)? ", |
| 361 | X509_verify_cert_error_string(e), desc, warning, |
| 362 | pUrlData->name); |
| 363 | BIO_free(mem); |
| 364 | |
| 365 | prompt_user(prompt, &ans); |
| 366 | free(prompt); |
| 367 | cReply = blob_str(&ans)[0]; |
| @@ -407,14 +407,14 @@ | |
| 407 | |
| 408 | mem = BIO_new(BIO_s_mem()); |
| 409 | PEM_write_bio_X509(mem, cert); |
| 410 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 411 | BIO_get_mem_data(mem, &zCert); |
| 412 | zHost = mprintf("cert:%s", pUrlData->name); |
| 413 | db_set(zHost, zCert, 1); |
| 414 | free(zHost); |
| 415 | zHost = mprintf("trusted:%s", pUrlData->name); |
| 416 | db_set_int(zHost, trusted, 1); |
| 417 | free(zHost); |
| 418 | BIO_free(mem); |
| 419 | } |
| 420 | |
| @@ -425,18 +425,18 @@ | |
| 425 | X509 *ssl_get_certificate(UrlData *pUrlData, int *pTrusted){ |
| 426 | char *zHost, *zCert; |
| 427 | BIO *mem; |
| 428 | X509 *cert; |
| 429 | |
| 430 | zHost = mprintf("cert:%s", pUrlData->name); |
| 431 | zCert = db_get(zHost, NULL); |
| 432 | free(zHost); |
| 433 | if ( zCert==NULL ) |
| 434 | return NULL; |
| 435 | |
| 436 | if ( pTrusted!=0 ){ |
| 437 | zHost = mprintf("trusted:%s", pUrlData->name); |
| 438 | *pTrusted = db_get_int(zHost, 0); |
| 439 | free(zHost); |
| 440 | } |
| 441 | |
| 442 | mem = BIO_new(BIO_s_mem()); |
| 443 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -357,11 +357,11 @@ | |
| 357 | " certificates list\n\n" |
| 358 | "If you are not expecting this message, answer no and " |
| 359 | "contact your server\nadministrator.\n\n" |
| 360 | "Accept certificate for host %s (a=always/y/N)? ", |
| 361 | X509_verify_cert_error_string(e), desc, warning, |
| 362 | pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 363 | BIO_free(mem); |
| 364 | |
| 365 | prompt_user(prompt, &ans); |
| 366 | free(prompt); |
| 367 | cReply = blob_str(&ans)[0]; |
| @@ -407,14 +407,14 @@ | |
| 407 | |
| 408 | mem = BIO_new(BIO_s_mem()); |
| 409 | PEM_write_bio_X509(mem, cert); |
| 410 | BIO_write(mem, "", 1); /* nul-terminate mem buffer */ |
| 411 | BIO_get_mem_data(mem, &zCert); |
| 412 | zHost = mprintf("cert:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 413 | db_set(zHost, zCert, 1); |
| 414 | free(zHost); |
| 415 | zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 416 | db_set_int(zHost, trusted, 1); |
| 417 | free(zHost); |
| 418 | BIO_free(mem); |
| 419 | } |
| 420 | |
| @@ -425,18 +425,18 @@ | |
| 425 | X509 *ssl_get_certificate(UrlData *pUrlData, int *pTrusted){ |
| 426 | char *zHost, *zCert; |
| 427 | BIO *mem; |
| 428 | X509 *cert; |
| 429 | |
| 430 | zHost = mprintf("cert:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 431 | zCert = db_get(zHost, NULL); |
| 432 | free(zHost); |
| 433 | if ( zCert==NULL ) |
| 434 | return NULL; |
| 435 | |
| 436 | if ( pTrusted!=0 ){ |
| 437 | zHost = mprintf("trusted:%s", pUrlData->useProxy?pUrlData->hostname:pUrlData->name); |
| 438 | *pTrusted = db_get_int(zHost, 0); |
| 439 | free(zHost); |
| 440 | } |
| 441 | |
| 442 | mem = BIO_new(BIO_s_mem()); |
| 443 |