Fossil SCM
Warn against adding the private-key used by Fossil's built-in self-signed cert to the OS's trust store.
Commit
890b49f8e00f90835eb9c3674afab840dd2450450251b5cbdc9198b8b5967926
Parent
0423fb8d7b2a642…
3 files changed
+1
+1
+5
-3
+1
| --- www/mkindex.tcl | ||
| +++ www/mkindex.tcl | ||
| @@ -107,10 +107,11 @@ | ||
| 107 | 107 | /sitemap {Site Map} |
| 108 | 108 | shunning.wiki {Shunning: Deleting Content From Fossil} |
| 109 | 109 | stats.wiki {Performance Statistics} |
| 110 | 110 | style.wiki {Source Code Style Guidelines} |
| 111 | 111 | ssl.wiki {Using SSL with Fossil} |
| 112 | + ssl-server.md {SSL/TLS Server Mode} | |
| 112 | 113 | sync.wiki {The Fossil Sync Protocol} |
| 113 | 114 | tech_overview.wiki {A Technical Overview Of The Design And Implementation |
| 114 | 115 | Of Fossil} |
| 115 | 116 | tech_overview.wiki {SQLite Databases Used By Fossil} |
| 116 | 117 | th1.md {The TH1 Scripting Language} |
| 117 | 118 |
| --- www/mkindex.tcl | |
| +++ www/mkindex.tcl | |
| @@ -107,10 +107,11 @@ | |
| 107 | /sitemap {Site Map} |
| 108 | shunning.wiki {Shunning: Deleting Content From Fossil} |
| 109 | stats.wiki {Performance Statistics} |
| 110 | style.wiki {Source Code Style Guidelines} |
| 111 | ssl.wiki {Using SSL with Fossil} |
| 112 | sync.wiki {The Fossil Sync Protocol} |
| 113 | tech_overview.wiki {A Technical Overview Of The Design And Implementation |
| 114 | Of Fossil} |
| 115 | tech_overview.wiki {SQLite Databases Used By Fossil} |
| 116 | th1.md {The TH1 Scripting Language} |
| 117 |
| --- www/mkindex.tcl | |
| +++ www/mkindex.tcl | |
| @@ -107,10 +107,11 @@ | |
| 107 | /sitemap {Site Map} |
| 108 | shunning.wiki {Shunning: Deleting Content From Fossil} |
| 109 | stats.wiki {Performance Statistics} |
| 110 | style.wiki {Source Code Style Guidelines} |
| 111 | ssl.wiki {Using SSL with Fossil} |
| 112 | ssl-server.md {SSL/TLS Server Mode} |
| 113 | sync.wiki {The Fossil Sync Protocol} |
| 114 | tech_overview.wiki {A Technical Overview Of The Design And Implementation |
| 115 | Of Fossil} |
| 116 | tech_overview.wiki {SQLite Databases Used By Fossil} |
| 117 | th1.md {The TH1 Scripting Language} |
| 118 |
| --- www/permutedindex.html | ||
| +++ www/permutedindex.html | ||
| @@ -104,10 +104,11 @@ | ||
| 104 | 104 | <li><a href="chroot.md">Server Chroot Jail</a></li> |
| 105 | 105 | <li><a href="shunning.wiki">Shunning: Deleting Content From Fossil</a></li> |
| 106 | 106 | <li><a href="../../../sitemap">Site Map</a></li> |
| 107 | 107 | <li><a href="style.wiki">Source Code Style Guidelines</a></li> |
| 108 | 108 | <li><a href="tech_overview.wiki">SQLite Databases Used By Fossil</a></li> |
| 109 | +<li><a href="ssl-server.md">SSL/TLS Server Mode</a></li> | |
| 109 | 110 | <li><a href="backoffice.md">The "Backoffice" mechanism of Fossil</a></li> |
| 110 | 111 | <li><a href="patchcmd.md">The "fossil patch" Command</a></li> |
| 111 | 112 | <li><a href="blame.wiki">The Annotate/Blame Algorithm Of Fossil</a></li> |
| 112 | 113 | <li><a href="defcsp.md">The Default Content Security Policy</a></li> |
| 113 | 114 | <li><a href="fileedit-page.md">The fileedit Page</a></li> |
| 114 | 115 |
| --- www/permutedindex.html | |
| +++ www/permutedindex.html | |
| @@ -104,10 +104,11 @@ | |
| 104 | <li><a href="chroot.md">Server Chroot Jail</a></li> |
| 105 | <li><a href="shunning.wiki">Shunning: Deleting Content From Fossil</a></li> |
| 106 | <li><a href="../../../sitemap">Site Map</a></li> |
| 107 | <li><a href="style.wiki">Source Code Style Guidelines</a></li> |
| 108 | <li><a href="tech_overview.wiki">SQLite Databases Used By Fossil</a></li> |
| 109 | <li><a href="backoffice.md">The "Backoffice" mechanism of Fossil</a></li> |
| 110 | <li><a href="patchcmd.md">The "fossil patch" Command</a></li> |
| 111 | <li><a href="blame.wiki">The Annotate/Blame Algorithm Of Fossil</a></li> |
| 112 | <li><a href="defcsp.md">The Default Content Security Policy</a></li> |
| 113 | <li><a href="fileedit-page.md">The fileedit Page</a></li> |
| 114 |
| --- www/permutedindex.html | |
| +++ www/permutedindex.html | |
| @@ -104,10 +104,11 @@ | |
| 104 | <li><a href="chroot.md">Server Chroot Jail</a></li> |
| 105 | <li><a href="shunning.wiki">Shunning: Deleting Content From Fossil</a></li> |
| 106 | <li><a href="../../../sitemap">Site Map</a></li> |
| 107 | <li><a href="style.wiki">Source Code Style Guidelines</a></li> |
| 108 | <li><a href="tech_overview.wiki">SQLite Databases Used By Fossil</a></li> |
| 109 | <li><a href="ssl-server.md">SSL/TLS Server Mode</a></li> |
| 110 | <li><a href="backoffice.md">The "Backoffice" mechanism of Fossil</a></li> |
| 111 | <li><a href="patchcmd.md">The "fossil patch" Command</a></li> |
| 112 | <li><a href="blame.wiki">The Annotate/Blame Algorithm Of Fossil</a></li> |
| 113 | <li><a href="defcsp.md">The Default Content Security Policy</a></li> |
| 114 | <li><a href="fileedit-page.md">The fileedit Page</a></li> |
| 115 |
+5
-3
| --- www/ssl-server.md | ||
| +++ www/ssl-server.md | ||
| @@ -74,13 +74,15 @@ | ||
| 74 | 74 | |
| 75 | 75 | If you do not tell Fossil about a cert and private key, it uses a |
| 76 | 76 | generic "private key" and self-signed cert that is built into Fossil. |
| 77 | 77 | This is wildly insecure, since the private key is not really private - |
| 78 | 78 | it is [in plain sight](/info/c2a7b14c3f541edb96?ln=89-116) in the Fossil |
| 79 | -source tree for anybody to read. So the built-in cert is only useful | |
| 80 | -for testing. If you want actual security, you will need to come up with | |
| 81 | -your own private key and cert. | |
| 79 | +source tree for anybody to read. <b>Never add the private key that is | |
| 80 | +built into Fossil to your OS's trust store</b> as doing so will severely | |
| 81 | +compromise your computer. The built-in cert is only useful for testing. | |
| 82 | +If you want actual security, you will need to come up with your own private | |
| 83 | +key and cert. | |
| 82 | 84 | |
| 83 | 85 | Fossil wants to read certs and public keys in the |
| 84 | 86 | [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). |
| 85 | 87 | PEM is a pure ASCII text format. The private key consists of text |
| 86 | 88 | like this: |
| 87 | 89 |
| --- www/ssl-server.md | |
| +++ www/ssl-server.md | |
| @@ -74,13 +74,15 @@ | |
| 74 | |
| 75 | If you do not tell Fossil about a cert and private key, it uses a |
| 76 | generic "private key" and self-signed cert that is built into Fossil. |
| 77 | This is wildly insecure, since the private key is not really private - |
| 78 | it is [in plain sight](/info/c2a7b14c3f541edb96?ln=89-116) in the Fossil |
| 79 | source tree for anybody to read. So the built-in cert is only useful |
| 80 | for testing. If you want actual security, you will need to come up with |
| 81 | your own private key and cert. |
| 82 | |
| 83 | Fossil wants to read certs and public keys in the |
| 84 | [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). |
| 85 | PEM is a pure ASCII text format. The private key consists of text |
| 86 | like this: |
| 87 |
| --- www/ssl-server.md | |
| +++ www/ssl-server.md | |
| @@ -74,13 +74,15 @@ | |
| 74 | |
| 75 | If you do not tell Fossil about a cert and private key, it uses a |
| 76 | generic "private key" and self-signed cert that is built into Fossil. |
| 77 | This is wildly insecure, since the private key is not really private - |
| 78 | it is [in plain sight](/info/c2a7b14c3f541edb96?ln=89-116) in the Fossil |
| 79 | source tree for anybody to read. <b>Never add the private key that is |
| 80 | built into Fossil to your OS's trust store</b> as doing so will severely |
| 81 | compromise your computer. The built-in cert is only useful for testing. |
| 82 | If you want actual security, you will need to come up with your own private |
| 83 | key and cert. |
| 84 | |
| 85 | Fossil wants to read certs and public keys in the |
| 86 | [PEM format](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail). |
| 87 | PEM is a pure ASCII text format. The private key consists of text |
| 88 | like this: |
| 89 |