Fossil SCM
Add the "test-ssl-trust-store" command for testing and diagnostics.
Commit
67147dd6be1acdb1f30008c20be1cb292af0f8a8c69f1a5360b9976458e7e3e2
Parent
b3c0c07c0703a21…
1 file changed
+20
+20
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -30,10 +30,11 @@ | ||
| 30 | 30 | #ifdef FOSSIL_ENABLE_SSL |
| 31 | 31 | |
| 32 | 32 | #include <openssl/bio.h> |
| 33 | 33 | #include <openssl/ssl.h> |
| 34 | 34 | #include <openssl/err.h> |
| 35 | +#include <openssl/x509.h> | |
| 35 | 36 | |
| 36 | 37 | #include "http_ssl.h" |
| 37 | 38 | #include <assert.h> |
| 38 | 39 | #include <sys/types.h> |
| 39 | 40 | |
| @@ -498,5 +499,24 @@ | ||
| 498 | 499 | } |
| 499 | 500 | return total; |
| 500 | 501 | } |
| 501 | 502 | |
| 502 | 503 | #endif /* FOSSIL_ENABLE_SSL */ |
| 504 | + | |
| 505 | +/* | |
| 506 | +** COMMAND: test-ssl-trust-store | |
| 507 | +** | |
| 508 | +** Show the file and directory where OpenSSL looks for certificates | |
| 509 | +** of trusted CAs. | |
| 510 | +*/ | |
| 511 | +void test_ssl_info(void){ | |
| 512 | +#if !defined(FOSSIL_ENABLE_SSL) | |
| 513 | + fossil_print("SSL disabled in this build\n"); | |
| 514 | +#else | |
| 515 | + fossil_print("file: %-14s %s\n", | |
| 516 | + X509_get_default_cert_file_env(), | |
| 517 | + X509_get_default_cert_file()); | |
| 518 | + fossil_print("dir: %-14s %s\n", | |
| 519 | + X509_get_default_cert_dir_env(), | |
| 520 | + X509_get_default_cert_dir()); | |
| 521 | +#endif | |
| 522 | +} | |
| 503 | 523 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -30,10 +30,11 @@ | |
| 30 | #ifdef FOSSIL_ENABLE_SSL |
| 31 | |
| 32 | #include <openssl/bio.h> |
| 33 | #include <openssl/ssl.h> |
| 34 | #include <openssl/err.h> |
| 35 | |
| 36 | #include "http_ssl.h" |
| 37 | #include <assert.h> |
| 38 | #include <sys/types.h> |
| 39 | |
| @@ -498,5 +499,24 @@ | |
| 498 | } |
| 499 | return total; |
| 500 | } |
| 501 | |
| 502 | #endif /* FOSSIL_ENABLE_SSL */ |
| 503 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -30,10 +30,11 @@ | |
| 30 | #ifdef FOSSIL_ENABLE_SSL |
| 31 | |
| 32 | #include <openssl/bio.h> |
| 33 | #include <openssl/ssl.h> |
| 34 | #include <openssl/err.h> |
| 35 | #include <openssl/x509.h> |
| 36 | |
| 37 | #include "http_ssl.h" |
| 38 | #include <assert.h> |
| 39 | #include <sys/types.h> |
| 40 | |
| @@ -498,5 +499,24 @@ | |
| 499 | } |
| 500 | return total; |
| 501 | } |
| 502 | |
| 503 | #endif /* FOSSIL_ENABLE_SSL */ |
| 504 | |
| 505 | /* |
| 506 | ** COMMAND: test-ssl-trust-store |
| 507 | ** |
| 508 | ** Show the file and directory where OpenSSL looks for certificates |
| 509 | ** of trusted CAs. |
| 510 | */ |
| 511 | void test_ssl_info(void){ |
| 512 | #if !defined(FOSSIL_ENABLE_SSL) |
| 513 | fossil_print("SSL disabled in this build\n"); |
| 514 | #else |
| 515 | fossil_print("file: %-14s %s\n", |
| 516 | X509_get_default_cert_file_env(), |
| 517 | X509_get_default_cert_file()); |
| 518 | fossil_print("dir: %-14s %s\n", |
| 519 | X509_get_default_cert_dir_env(), |
| 520 | X509_get_default_cert_dir()); |
| 521 | #endif |
| 522 | } |
| 523 |