Fossil SCM
Update the TLS doc to mention the use of the Windows root certificates (intented more as a reminder from a non-tech-writer and non-security-expert to properly document the feature once more people have used it and not reported any problems).
Commit
b8b22d795e5b51b55aca70e770f90b2c3430e63606029b409338be5005d08d30
Parent
5d993d54394bcff…
1 file changed
+16
+16
| --- www/ssl.wiki | ||
| +++ www/ssl.wiki | ||
| @@ -189,10 +189,26 @@ | ||
| 189 | 189 | |
| 190 | 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | 192 | work in that case, too. |
| 193 | 193 | |
| 194 | +<blockquote> | |
| 195 | +OpenSSL 3.2.0 or greater is able to use the stock CA certificates | |
| 196 | +managed by Windows, and Fossil 2.25 (still in development as of | |
| 197 | +2024-07-15) takes advantage of this feature. This <em>possibly</em> | |
| 198 | +eliminates the need to manually install the Mozilla certificate package, | |
| 199 | +for example when connecting to Fossil servers secured by the widely-used | |
| 200 | +Let's Encrypt certificates. Run the following command to check if the | |
| 201 | +feature is supported: | |
| 202 | + | |
| 203 | +<pre> | |
| 204 | +fossil tls-config show -v | |
| 205 | +</pre> | |
| 206 | + | |
| 207 | +(See the "OpenSSL-winstore" section, requires Fossil 2.25 or greater.) | |
| 208 | +</blockquote> | |
| 209 | + | |
| 194 | 210 | When you build Fossil on Linux platforms against the binary OpenSSL |
| 195 | 211 | package provided with the OS, you typically get a root cert store along |
| 196 | 212 | with the platform OpenSSL package, either built-in or as a hard |
| 197 | 213 | dependency. |
| 198 | 214 | |
| 199 | 215 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -189,10 +189,26 @@ | |
| 189 | |
| 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | work in that case, too. |
| 193 | |
| 194 | When you build Fossil on Linux platforms against the binary OpenSSL |
| 195 | package provided with the OS, you typically get a root cert store along |
| 196 | with the platform OpenSSL package, either built-in or as a hard |
| 197 | dependency. |
| 198 | |
| 199 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -189,10 +189,26 @@ | |
| 189 | |
| 190 | This can also happen if you've linked Fossil to a version of OpenSSL |
| 191 | [#openssl-src|built from source]. That same <tt>cacert.pem</tt> fix can |
| 192 | work in that case, too. |
| 193 | |
| 194 | <blockquote> |
| 195 | OpenSSL 3.2.0 or greater is able to use the stock CA certificates |
| 196 | managed by Windows, and Fossil 2.25 (still in development as of |
| 197 | 2024-07-15) takes advantage of this feature. This <em>possibly</em> |
| 198 | eliminates the need to manually install the Mozilla certificate package, |
| 199 | for example when connecting to Fossil servers secured by the widely-used |
| 200 | Let's Encrypt certificates. Run the following command to check if the |
| 201 | feature is supported: |
| 202 | |
| 203 | <pre> |
| 204 | fossil tls-config show -v |
| 205 | </pre> |
| 206 | |
| 207 | (See the "OpenSSL-winstore" section, requires Fossil 2.25 or greater.) |
| 208 | </blockquote> |
| 209 | |
| 210 | When you build Fossil on Linux platforms against the binary OpenSSL |
| 211 | package provided with the OS, you typically get a root cert store along |
| 212 | with the platform OpenSSL package, either built-in or as a hard |
| 213 | dependency. |
| 214 | |
| 215 |