Fossil SCM

Some rephrasing and code cleanup.

jan 2011-03-31 15:30 UTC jan-clientcert

Commit cff102fe85949448d93305a246c02884fa5d76f0

Parent ebe1faabbc586ce…

4 files changed +2 -2 +44 -43 +1 -1 +4 -4

~ src/clone.c ~ src/http_ssl.c ~ src/main.c ~ src/sync.c

M src/clone.c

+2 -2

		--- src/clone.c
		+++ src/clone.c
		@@ -37,11 +37,11 @@
37	37	**
38	38	** Options:
39	39	**
40	40	** --admin-user\|-A USERNAME Make USERNAME the administrator
41	41	** --private Also clone private branches
42		-** --certgroup NAME Use certificate group NAME for https
	42	+** --certbundle NAME Use certificate bundle NAME for https
43	43	** connections
44	44	**
45	45	*/
46	46	void clone_cmd(void){
47	47	char *zPassword;
		@@ -48,11 +48,11 @@
48	48	const char zDefaultUser; / Optional name of the default user */
49	49	int nErr = 0;
50	50	int bPrivate; /* Also clone private branches */
51	51
52	52	bPrivate = find_option("private",0,0)!=0;
53		- g.urlCertGroup = find_option("certgroup",0,1);
	53	+ g.urlCertBundle = find_option("certbundle",0,1);
54	54	url_proxy_options();
55	55	if( g.argc < 4 ){
56	56	usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
57	57	}
58	58	db_open_config(0);
59	59

	--- src/clone.c
	+++ src/clone.c
	@@ -37,11 +37,11 @@
37	**
38	** Options:
39	**
40	** --admin-user\|-A USERNAME Make USERNAME the administrator
41	** --private Also clone private branches
42	** --certgroup NAME Use certificate group NAME for https
43	** connections
44	**
45	*/
46	void clone_cmd(void){
47	char *zPassword;
	@@ -48,11 +48,11 @@
48	const char zDefaultUser; / Optional name of the default user */
49	int nErr = 0;
50	int bPrivate; /* Also clone private branches */
51
52	bPrivate = find_option("private",0,0)!=0;
53	g.urlCertGroup = find_option("certgroup",0,1);
54	url_proxy_options();
55	if( g.argc < 4 ){
56	usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
57	}
58	db_open_config(0);
59

	--- src/clone.c
	+++ src/clone.c
	@@ -37,11 +37,11 @@
37	**
38	** Options:
39	**
40	** --admin-user\|-A USERNAME Make USERNAME the administrator
41	** --private Also clone private branches
42	** --certbundle NAME Use certificate bundle NAME for https
43	** connections
44	**
45	*/
46	void clone_cmd(void){
47	char *zPassword;
	@@ -48,11 +48,11 @@
48	const char zDefaultUser; / Optional name of the default user */
49	int nErr = 0;
50	int bPrivate; /* Also clone private branches */
51
52	bPrivate = find_option("private",0,0)!=0;
53	g.urlCertBundle = find_option("certbundle",0,1);
54	url_proxy_options();
55	if( g.argc < 4 ){
56	usage("?OPTIONS? FILE-OR-URL NEW-REPOSITORY");
57	}
58	db_open_config(0);
59

M src/http_ssl.c

+44 -43

		--- src/http_ssl.c
		+++ src/http_ssl.c
		@@ -309,46 +309,46 @@
309	309	}
310	310	return total;
311	311	}
312	312
313	313	/*
314		-** If an certgroup has been specified on the command line, then use it to look
315		-** up certificates and keys, and then store the URL-certgroup association in
316		-** the global database. If no certgroup has been specified on the command line,
317		-** see if there's an entry for the url in global_config, and use it if
	314	+** If a certbundle has been specified on the command line, then use it to look
	315	+** up certificates and keys, and then store the URL-certbundle association in
	316	+** the global database. If no certbundle has been specified on the command
	317	+** line, see if there's an entry for the url in global_config, and use it if
318	318	** applicable.
319	319	*/
320	320	void ssl_load_client_authfiles(void){
321		- char *zGroupName = NULL;
	321	+ char *zBundleName = NULL;
322	322	char *cafile;
323	323	char *capath;
324	324	char *certfile;
325	325	char *keyfile;
326	326
327		- if( g.urlCertGroup ){
	327	+ if( g.urlCertBundle ){
328	328	char *zName;
329		- zName = mprintf("certgroup:%s", g.urlName);
330		- db_set(zName, g.urlCertGroup, 1);
	329	+ zName = mprintf("certbundle:%s", g.urlName);
	330	+ db_set(zName, g.urlCertBundle, 1);
331	331	free(zName);
332		- zGroupName = strdup(g.urlCertGroup);
	332	+ zBundleName = strdup(g.urlCertBundle);
333	333	}else{
334	334	db_swap_connections();
335		- zGroupName = db_text(0, "SELECT value FROM global_config"
336		- " WHERE name='certgroup:%q'", g.urlName);
	335	+ zBundleName = db_text(0, "SELECT value FROM global_config"
	336	+ " WHERE name='certbundle:%q'", g.urlName);
337	337	db_swap_connections();
338	338	}
339		- if( !zGroupName ){
340		- /* No cert group specified or found cached */
	339	+ if( !zBundleName ){
	340	+ /* No cert bundle specified on command line or found cached for URL */
341	341	return;
342	342	}
343	343
344	344	db_swap_connections();
345	345	create_cert_table_if_not_exist();
346	346	cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
347		- " AND type='cafile'", zGroupName);
	347	+ " AND type='cafile'", zBundleName);
348	348	capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
349		- " AND type='capath'", zGroupName);
	349	+ " AND type='capath'", zBundleName);
350	350	db_swap_connections();
351	351
352	352	if( cafile \|\| capath ){
353	353	/* The OpenSSL documentation warns that if several CA certificates match
354	354	** the same name, key identifier and serial number conditions, only the
		@@ -361,13 +361,13 @@
361	361	}
362	362	}
363	363
364	364	db_swap_connections();
365	365	keyfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
366		- " AND type='ckey'", zGroupName);
	366	+ " AND type='ckey'", zBundleName);
367	367	certfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
368		- " AND type='ccert'", zGroupName);
	368	+ " AND type='ccert'", zBundleName);
369	369	db_swap_connections();
370	370
371	371	if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM)<=0 ){
372	372	fossil_fatal("SSL: Unable to open client certificate in %s.", certfile);
373	373	}
		@@ -391,39 +391,39 @@
391	391	/*
392	392	** COMMAND: cert
393	393	**
394	394	** Usage: %fossil cert SUBCOMMAND ...
395	395	**
396		-** Manage/group PKI keys/certificates to be able to use client
397		-** certificates and register CA certificates for SSL verifications.
	396	+** Manage/bundle PKI client keys/certificates and CA certificates for SSL
	397	+** certificate chain verifications.
398	398	**
399	399	** %fossil cert add NAME ?--key KEYFILE? ?--cert CERTFILE?
400	400	** ?--cafile CAFILE? ?--capath CAPATH?
401	401	**
402		-** Create a certificate group NAME with the associated
	402	+** Create a certificate bundle NAME with the associated
403	403	** certificates/keys. If a client certificate is specified but no
404	404	** key, it is assumed that the key is located in the client
405		-** certificate file. The file format must be PEM.
	405	+** certificate file.
	406	+** The file formats must be PEM.
406	407	**
407	408	** %fossil cert list
408	409	**
409		-** List all credential groups, their values and their URL
	410	+** List all certificate bundles, their values and their URL
410	411	** associations.
411	412	**
412	413	** %fossil cert disassociate URL
413	414	**
414		-** Disassociate URL from any credential group(s).
	415	+** Disassociate URL from any certificate bundle.
415	416	**
416	417	** %fossil cert delete NAME
417	418	**
418		-** Remove the credential group NAME and all it's associated URL
419		-** associations.
	419	+** Remove the certificate bundle NAME and all its URL associations.
420	420	**
421	421	*/
422	422	void cert_cmd(void){
423	423	int n;
424		- const char *zCmd = "list";
	424	+ const char zCmd = "list"; / Default sub-command */
425	425	if( g.argc>=3 ){
426	426	zCmd = g.argv[2];
427	427	}
428	428	n = strlen(zCmd);
429	429	if( strncmp(zCmd, "add", n)==0 ){
		@@ -431,22 +431,22 @@
431	431	const char *zCKey;
432	432	const char *zCCert;
433	433	const char *zCAFile;
434	434	const char *zCAPath;
435	435	if( g.argc<5 ){
436		- usage("add NAME ?--key CLIENTKEY? ?--cert CLIENTCERT? ?--cafile CAFILE? "
	436	+ usage("add NAME ?--key KEYFILE? ?--cert CERTFILE? ?--cafile CAFILE? "
437	437	"?--capath CAPATH?");
438	438	}
439	439	zContainer = g.argv[3];
440	440	zCKey = find_option("key",0,1);
441	441	zCCert = find_option("cert",0,1);
442	442	zCAFile = find_option("cafile",0,1);
443	443	zCAPath = find_option("capath",0,1);
444	444
445	445	/* If a client certificate was specified, but a key was not, assume the
446		- * key is stored in the same file as the certificate.
447		- */
	446	+ ** key is stored in the same file as the certificate.
	447	+ */
448	448	if( !zCKey && zCCert ){
449	449	zCKey = zCCert;
450	450	}
451	451
452	452	db_open_config(0);
		@@ -453,11 +453,11 @@
453	453	db_swap_connections();
454	454	create_cert_table_if_not_exist();
455	455	db_begin_transaction();
456	456	if( db_exists("SELECT 1 FROM certs WHERE name='%q'", zContainer)!=0 ){
457	457	db_end_transaction(0);
458		- fossil_fatal("certificate group \"%s\" already exists", zContainer);
	458	+ fossil_fatal("certificate bundle \"%s\" already exists", zContainer);
459	459	}
460	460	if( zCKey ){
461	461	db_multi_exec("INSERT INTO certs (name,type,filepath) "
462	462	"VALUES(%Q,'ckey',%Q)",
463	463	zContainer, zCKey);
		@@ -479,11 +479,11 @@
479	479	}
480	480	db_end_transaction(0);
481	481	db_swap_connections();
482	482	}else if(strncmp(zCmd, "list", n)==0){
483	483	Stmt q;
484		- char *grp = NULL;
	484	+ char *bndl = NULL;
485	485
486	486	db_open_config(0);
487	487	db_swap_connections();
488	488	create_cert_table_if_not_exist();
489	489
		@@ -492,33 +492,33 @@
492	492	" ORDER BY name,type");
493	493	while( db_step(&q)==SQLITE_ROW ){
494	494	const char *zCont = db_column_text(&q, 0);
495	495	const char *zType = db_column_text(&q, 1);
496	496	const char *zFilePath = db_column_text(&q, 2);
497		- if( fossil_strcmp(zCont, grp)!=0 ){
498		- free(grp);
499		- grp = strdup(zCont);
	497	+ if( fossil_strcmp(zCont, bndl)!=0 ){
	498	+ free(bndl);
	499	+ bndl = strdup(zCont);
500	500	puts(zCont);
501	501	}
502	502	printf("\t%s=%s\n", zType, zFilePath);
503	503	}
504	504	db_finalize(&q);
505	505
506	506	/* List the URL associations. */
507	507	db_prepare(&q, "SELECT name FROM global_config"
508		- " WHERE name LIKE 'certgroup:%%' AND value=%Q"
509		- " ORDER BY name", grp);
510		- free(grp);
	508	+ " WHERE name LIKE 'certbundle:%%' AND value=%Q"
	509	+ " ORDER BY name", bndl);
	510	+ free(bndl);
511	511
512	512	while( db_step(&q)==SQLITE_ROW ){
513	513	const char *zName = db_column_text(&q, 0);
514	514	static int first = 1;
515	515	if( first ) {
516	516	puts("\tAssociations");
517	517	first = 0;
518	518	}
519		- printf("\t\t%s\n", zName+10);
	519	+ printf("\t\t%s\n", zName+11);
520	520	}
521	521
522	522	db_swap_connections();
523	523	}else if(strncmp(zCmd, "disassociate", n)==0){
524	524	const char *zURL;
		@@ -528,17 +528,17 @@
528	528	zURL = g.argv[3];
529	529
530	530	db_open_config(0);
531	531	db_swap_connections();
532	532	db_begin_transaction();
533		- db_multi_exec("DELETE FROM global_config WHERE name='certgroup:%q'",
	533	+ db_multi_exec("DELETE FROM global_config WHERE name='certbundle:%q'",
534	534	zURL);
535	535	if( db_changes() == 0 ){
536		- fossil_warning("No certificate group associated with URL \"%s\".",
	536	+ fossil_warning("No certificate bundle associated with URL \"%s\".",
537	537	zURL);
538	538	}else{
539		- printf("%s disassociated from its certificate group.\n", zURL);
	539	+ printf("%s disassociated from its certificate bundle.\n", zURL);
540	540	}
541	541	db_end_transaction(0);
542	542	db_swap_connections();
543	543
544	544	}else if(strncmp(zCmd, "delete", n)==0){
		@@ -548,19 +548,20 @@
548	548	}
549	549	zContainer = g.argv[3];
550	550
551	551	db_open_config(0);
552	552	db_swap_connections();
	553	+ create_cert_table_if_not_exist();
553	554	db_begin_transaction();
554	555	db_multi_exec("DELETE FROM certs WHERE name=%Q", zContainer);
555	556	if( db_changes() == 0 ){
556		- fossil_warning("No certificate group named \"%s\" found",
	557	+ fossil_warning("No certificate bundle named \"%s\" found",
557	558	zContainer);
558	559	}else{
559	560	printf("%d entries removed\n", db_changes());
560	561	}
561		- db_multi_exec("DELETE FROM global_config WHERE name LIKE 'certgroup:%%'"
	562	+ db_multi_exec("DELETE FROM global_config WHERE name LIKE 'certbundle:%%'"
562	563	" AND value=%Q", zContainer);
563	564	if( db_changes() > 0 ){
564	565	printf("%d associations removed\n", db_changes());
565	566	}
566	567	db_end_transaction(0);
567	568

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -309,46 +309,46 @@
309	}
310	return total;
311	}
312
313	/*
314	** If an certgroup has been specified on the command line, then use it to look
315	** up certificates and keys, and then store the URL-certgroup association in
316	** the global database. If no certgroup has been specified on the command line,
317	** see if there's an entry for the url in global_config, and use it if
318	** applicable.
319	*/
320	void ssl_load_client_authfiles(void){
321	char *zGroupName = NULL;
322	char *cafile;
323	char *capath;
324	char *certfile;
325	char *keyfile;
326
327	if( g.urlCertGroup ){
328	char *zName;
329	zName = mprintf("certgroup:%s", g.urlName);
330	db_set(zName, g.urlCertGroup, 1);
331	free(zName);
332	zGroupName = strdup(g.urlCertGroup);
333	}else{
334	db_swap_connections();
335	zGroupName = db_text(0, "SELECT value FROM global_config"
336	" WHERE name='certgroup:%q'", g.urlName);
337	db_swap_connections();
338	}
339	if( !zGroupName ){
340	/* No cert group specified or found cached */
341	return;
342	}
343
344	db_swap_connections();
345	create_cert_table_if_not_exist();
346	cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
347	" AND type='cafile'", zGroupName);
348	capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
349	" AND type='capath'", zGroupName);
350	db_swap_connections();
351
352	if( cafile \|\| capath ){
353	/* The OpenSSL documentation warns that if several CA certificates match
354	** the same name, key identifier and serial number conditions, only the
	@@ -361,13 +361,13 @@
361	}
362	}
363
364	db_swap_connections();
365	keyfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
366	" AND type='ckey'", zGroupName);
367	certfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
368	" AND type='ccert'", zGroupName);
369	db_swap_connections();
370
371	if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM)<=0 ){
372	fossil_fatal("SSL: Unable to open client certificate in %s.", certfile);
373	}
	@@ -391,39 +391,39 @@
391	/*
392	** COMMAND: cert
393	**
394	** Usage: %fossil cert SUBCOMMAND ...
395	**
396	** Manage/group PKI keys/certificates to be able to use client
397	** certificates and register CA certificates for SSL verifications.
398	**
399	** %fossil cert add NAME ?--key KEYFILE? ?--cert CERTFILE?
400	** ?--cafile CAFILE? ?--capath CAPATH?
401	**
402	** Create a certificate group NAME with the associated
403	** certificates/keys. If a client certificate is specified but no
404	** key, it is assumed that the key is located in the client
405	** certificate file. The file format must be PEM.

406	**
407	** %fossil cert list
408	**
409	** List all credential groups, their values and their URL
410	** associations.
411	**
412	** %fossil cert disassociate URL
413	**
414	** Disassociate URL from any credential group(s).
415	**
416	** %fossil cert delete NAME
417	**
418	** Remove the credential group NAME and all it's associated URL
419	** associations.
420	**
421	*/
422	void cert_cmd(void){
423	int n;
424	const char *zCmd = "list";
425	if( g.argc>=3 ){
426	zCmd = g.argv[2];
427	}
428	n = strlen(zCmd);
429	if( strncmp(zCmd, "add", n)==0 ){
	@@ -431,22 +431,22 @@
431	const char *zCKey;
432	const char *zCCert;
433	const char *zCAFile;
434	const char *zCAPath;
435	if( g.argc<5 ){
436	usage("add NAME ?--key CLIENTKEY? ?--cert CLIENTCERT? ?--cafile CAFILE? "
437	"?--capath CAPATH?");
438	}
439	zContainer = g.argv[3];
440	zCKey = find_option("key",0,1);
441	zCCert = find_option("cert",0,1);
442	zCAFile = find_option("cafile",0,1);
443	zCAPath = find_option("capath",0,1);
444
445	/* If a client certificate was specified, but a key was not, assume the
446	* key is stored in the same file as the certificate.
447	*/
448	if( !zCKey && zCCert ){
449	zCKey = zCCert;
450	}
451
452	db_open_config(0);
	@@ -453,11 +453,11 @@
453	db_swap_connections();
454	create_cert_table_if_not_exist();
455	db_begin_transaction();
456	if( db_exists("SELECT 1 FROM certs WHERE name='%q'", zContainer)!=0 ){
457	db_end_transaction(0);
458	fossil_fatal("certificate group \"%s\" already exists", zContainer);
459	}
460	if( zCKey ){
461	db_multi_exec("INSERT INTO certs (name,type,filepath) "
462	"VALUES(%Q,'ckey',%Q)",
463	zContainer, zCKey);
	@@ -479,11 +479,11 @@
479	}
480	db_end_transaction(0);
481	db_swap_connections();
482	}else if(strncmp(zCmd, "list", n)==0){
483	Stmt q;
484	char *grp = NULL;
485
486	db_open_config(0);
487	db_swap_connections();
488	create_cert_table_if_not_exist();
489
	@@ -492,33 +492,33 @@
492	" ORDER BY name,type");
493	while( db_step(&q)==SQLITE_ROW ){
494	const char *zCont = db_column_text(&q, 0);
495	const char *zType = db_column_text(&q, 1);
496	const char *zFilePath = db_column_text(&q, 2);
497	if( fossil_strcmp(zCont, grp)!=0 ){
498	free(grp);
499	grp = strdup(zCont);
500	puts(zCont);
501	}
502	printf("\t%s=%s\n", zType, zFilePath);
503	}
504	db_finalize(&q);
505
506	/* List the URL associations. */
507	db_prepare(&q, "SELECT name FROM global_config"
508	" WHERE name LIKE 'certgroup:%%' AND value=%Q"
509	" ORDER BY name", grp);
510	free(grp);
511
512	while( db_step(&q)==SQLITE_ROW ){
513	const char *zName = db_column_text(&q, 0);
514	static int first = 1;
515	if( first ) {
516	puts("\tAssociations");
517	first = 0;
518	}
519	printf("\t\t%s\n", zName+10);
520	}
521
522	db_swap_connections();
523	}else if(strncmp(zCmd, "disassociate", n)==0){
524	const char *zURL;
	@@ -528,17 +528,17 @@
528	zURL = g.argv[3];
529
530	db_open_config(0);
531	db_swap_connections();
532	db_begin_transaction();
533	db_multi_exec("DELETE FROM global_config WHERE name='certgroup:%q'",
534	zURL);
535	if( db_changes() == 0 ){
536	fossil_warning("No certificate group associated with URL \"%s\".",
537	zURL);
538	}else{
539	printf("%s disassociated from its certificate group.\n", zURL);
540	}
541	db_end_transaction(0);
542	db_swap_connections();
543
544	}else if(strncmp(zCmd, "delete", n)==0){
	@@ -548,19 +548,20 @@
548	}
549	zContainer = g.argv[3];
550
551	db_open_config(0);
552	db_swap_connections();

553	db_begin_transaction();
554	db_multi_exec("DELETE FROM certs WHERE name=%Q", zContainer);
555	if( db_changes() == 0 ){
556	fossil_warning("No certificate group named \"%s\" found",
557	zContainer);
558	}else{
559	printf("%d entries removed\n", db_changes());
560	}
561	db_multi_exec("DELETE FROM global_config WHERE name LIKE 'certgroup:%%'"
562	" AND value=%Q", zContainer);
563	if( db_changes() > 0 ){
564	printf("%d associations removed\n", db_changes());
565	}
566	db_end_transaction(0);
567

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -309,46 +309,46 @@
309	}
310	return total;
311	}
312
313	/*
314	** If a certbundle has been specified on the command line, then use it to look
315	** up certificates and keys, and then store the URL-certbundle association in
316	** the global database. If no certbundle has been specified on the command
317	** line, see if there's an entry for the url in global_config, and use it if
318	** applicable.
319	*/
320	void ssl_load_client_authfiles(void){
321	char *zBundleName = NULL;
322	char *cafile;
323	char *capath;
324	char *certfile;
325	char *keyfile;
326
327	if( g.urlCertBundle ){
328	char *zName;
329	zName = mprintf("certbundle:%s", g.urlName);
330	db_set(zName, g.urlCertBundle, 1);
331	free(zName);
332	zBundleName = strdup(g.urlCertBundle);
333	}else{
334	db_swap_connections();
335	zBundleName = db_text(0, "SELECT value FROM global_config"
336	" WHERE name='certbundle:%q'", g.urlName);
337	db_swap_connections();
338	}
339	if( !zBundleName ){
340	/* No cert bundle specified on command line or found cached for URL */
341	return;
342	}
343
344	db_swap_connections();
345	create_cert_table_if_not_exist();
346	cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
347	" AND type='cafile'", zBundleName);
348	capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
349	" AND type='capath'", zBundleName);
350	db_swap_connections();
351
352	if( cafile \|\| capath ){
353	/* The OpenSSL documentation warns that if several CA certificates match
354	** the same name, key identifier and serial number conditions, only the
	@@ -361,13 +361,13 @@
361	}
362	}
363
364	db_swap_connections();
365	keyfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
366	" AND type='ckey'", zBundleName);
367	certfile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q"
368	" AND type='ccert'", zBundleName);
369	db_swap_connections();
370
371	if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM)<=0 ){
372	fossil_fatal("SSL: Unable to open client certificate in %s.", certfile);
373	}
	@@ -391,39 +391,39 @@
391	/*
392	** COMMAND: cert
393	**
394	** Usage: %fossil cert SUBCOMMAND ...
395	**
396	** Manage/bundle PKI client keys/certificates and CA certificates for SSL
397	** certificate chain verifications.
398	**
399	** %fossil cert add NAME ?--key KEYFILE? ?--cert CERTFILE?
400	** ?--cafile CAFILE? ?--capath CAPATH?
401	**
402	** Create a certificate bundle NAME with the associated
403	** certificates/keys. If a client certificate is specified but no
404	** key, it is assumed that the key is located in the client
405	** certificate file.
406	** The file formats must be PEM.
407	**
408	** %fossil cert list
409	**
410	** List all certificate bundles, their values and their URL
411	** associations.
412	**
413	** %fossil cert disassociate URL
414	**
415	** Disassociate URL from any certificate bundle.
416	**
417	** %fossil cert delete NAME
418	**
419	** Remove the certificate bundle NAME and all its URL associations.

420	**
421	*/
422	void cert_cmd(void){
423	int n;
424	const char zCmd = "list"; / Default sub-command */
425	if( g.argc>=3 ){
426	zCmd = g.argv[2];
427	}
428	n = strlen(zCmd);
429	if( strncmp(zCmd, "add", n)==0 ){
	@@ -431,22 +431,22 @@
431	const char *zCKey;
432	const char *zCCert;
433	const char *zCAFile;
434	const char *zCAPath;
435	if( g.argc<5 ){
436	usage("add NAME ?--key KEYFILE? ?--cert CERTFILE? ?--cafile CAFILE? "
437	"?--capath CAPATH?");
438	}
439	zContainer = g.argv[3];
440	zCKey = find_option("key",0,1);
441	zCCert = find_option("cert",0,1);
442	zCAFile = find_option("cafile",0,1);
443	zCAPath = find_option("capath",0,1);
444
445	/* If a client certificate was specified, but a key was not, assume the
446	** key is stored in the same file as the certificate.
447	*/
448	if( !zCKey && zCCert ){
449	zCKey = zCCert;
450	}
451
452	db_open_config(0);
	@@ -453,11 +453,11 @@
453	db_swap_connections();
454	create_cert_table_if_not_exist();
455	db_begin_transaction();
456	if( db_exists("SELECT 1 FROM certs WHERE name='%q'", zContainer)!=0 ){
457	db_end_transaction(0);
458	fossil_fatal("certificate bundle \"%s\" already exists", zContainer);
459	}
460	if( zCKey ){
461	db_multi_exec("INSERT INTO certs (name,type,filepath) "
462	"VALUES(%Q,'ckey',%Q)",
463	zContainer, zCKey);
	@@ -479,11 +479,11 @@
479	}
480	db_end_transaction(0);
481	db_swap_connections();
482	}else if(strncmp(zCmd, "list", n)==0){
483	Stmt q;
484	char *bndl = NULL;
485
486	db_open_config(0);
487	db_swap_connections();
488	create_cert_table_if_not_exist();
489
	@@ -492,33 +492,33 @@
492	" ORDER BY name,type");
493	while( db_step(&q)==SQLITE_ROW ){
494	const char *zCont = db_column_text(&q, 0);
495	const char *zType = db_column_text(&q, 1);
496	const char *zFilePath = db_column_text(&q, 2);
497	if( fossil_strcmp(zCont, bndl)!=0 ){
498	free(bndl);
499	bndl = strdup(zCont);
500	puts(zCont);
501	}
502	printf("\t%s=%s\n", zType, zFilePath);
503	}
504	db_finalize(&q);
505
506	/* List the URL associations. */
507	db_prepare(&q, "SELECT name FROM global_config"
508	" WHERE name LIKE 'certbundle:%%' AND value=%Q"
509	" ORDER BY name", bndl);
510	free(bndl);
511
512	while( db_step(&q)==SQLITE_ROW ){
513	const char *zName = db_column_text(&q, 0);
514	static int first = 1;
515	if( first ) {
516	puts("\tAssociations");
517	first = 0;
518	}
519	printf("\t\t%s\n", zName+11);
520	}
521
522	db_swap_connections();
523	}else if(strncmp(zCmd, "disassociate", n)==0){
524	const char *zURL;
	@@ -528,17 +528,17 @@
528	zURL = g.argv[3];
529
530	db_open_config(0);
531	db_swap_connections();
532	db_begin_transaction();
533	db_multi_exec("DELETE FROM global_config WHERE name='certbundle:%q'",
534	zURL);
535	if( db_changes() == 0 ){
536	fossil_warning("No certificate bundle associated with URL \"%s\".",
537	zURL);
538	}else{
539	printf("%s disassociated from its certificate bundle.\n", zURL);
540	}
541	db_end_transaction(0);
542	db_swap_connections();
543
544	}else if(strncmp(zCmd, "delete", n)==0){
	@@ -548,19 +548,20 @@
548	}
549	zContainer = g.argv[3];
550
551	db_open_config(0);
552	db_swap_connections();
553	create_cert_table_if_not_exist();
554	db_begin_transaction();
555	db_multi_exec("DELETE FROM certs WHERE name=%Q", zContainer);
556	if( db_changes() == 0 ){
557	fossil_warning("No certificate bundle named \"%s\" found",
558	zContainer);
559	}else{
560	printf("%d entries removed\n", db_changes());
561	}
562	db_multi_exec("DELETE FROM global_config WHERE name LIKE 'certbundle:%%'"
563	" AND value=%Q", zContainer);
564	if( db_changes() > 0 ){
565	printf("%d associations removed\n", db_changes());
566	}
567	db_end_transaction(0);
568

M src/main.c

+1 -1

		--- src/main.c
		+++ src/main.c
		@@ -102,11 +102,11 @@
102	102	char urlPasswd; / Password for http: */
103	103	char urlCanonical; / Canonical representation of the URL */
104	104	char urlProxyAuth; / Proxy-Authorizer: string */
105	105	char urlFossil; / The path of the ?fossil=path suffix on ssh: */
106	106	int dontKeepUrl; /* Do not persist the URL */
107		- const char urlCertGroup; / Which ceritificate group to use for URL */
	107	+ const char urlCertBundle; / Which ceritificate bundle to use for URL */
108	108
109	109	const char zLogin; / Login name. "" if not logged in. */
110	110	int useLocalauth; /* No login required if from 127.0.0.1 */
111	111	int noPswd; /* Logged in without password (on 127.0.0.1) */
112	112	int userUid; /* Integer user id */
113	113

	--- src/main.c
	+++ src/main.c
	@@ -102,11 +102,11 @@
102	char urlPasswd; / Password for http: */
103	char urlCanonical; / Canonical representation of the URL */
104	char urlProxyAuth; / Proxy-Authorizer: string */
105	char urlFossil; / The path of the ?fossil=path suffix on ssh: */
106	int dontKeepUrl; /* Do not persist the URL */
107	const char urlCertGroup; / Which ceritificate group to use for URL */
108
109	const char zLogin; / Login name. "" if not logged in. */
110	int useLocalauth; /* No login required if from 127.0.0.1 */
111	int noPswd; /* Logged in without password (on 127.0.0.1) */
112	int userUid; /* Integer user id */
113

	--- src/main.c
	+++ src/main.c
	@@ -102,11 +102,11 @@
102	char urlPasswd; / Password for http: */
103	char urlCanonical; / Canonical representation of the URL */
104	char urlProxyAuth; / Proxy-Authorizer: string */
105	char urlFossil; / The path of the ?fossil=path suffix on ssh: */
106	int dontKeepUrl; /* Do not persist the URL */
107	const char urlCertBundle; / Which ceritificate bundle to use for URL */
108
109	const char zLogin; / Login name. "" if not logged in. */
110	int useLocalauth; /* No login required if from 127.0.0.1 */
111	int noPswd; /* Logged in without password (on 127.0.0.1) */
112	int userUid; /* Integer user id */
113

M src/sync.c

+4 -4

		--- src/sync.c
		+++ src/sync.c
		@@ -96,11 +96,11 @@
96	96	const char *zPw = 0;
97	97	int configSync = 0;
98	98	int urlOptional = find_option("autourl",0,0)!=0;
99	99	g.dontKeepUrl = find_option("once",0,0)!=0;
100	100	*pPrivate = find_option("private",0,0)!=0;
101		- g.urlCertGroup = find_option("certgroup",0,1);
	101	+ g.urlCertBundle = find_option("certbundle",0,1);
102	102	url_proxy_options();
103	103	db_find_and_open_repository(0, 0);
104	104	db_open_config(0);
105	105	if( g.argc==2 ){
106	106	zUrl = db_get("last-sync-url", 0);
		@@ -151,11 +151,11 @@
151	151	** saved.
152	152	**
153	153	** Use the --private option to pull private branches from the
154	154	** remote repository.
155	155	**
156		-** Use the "--certgroup NAME" option to specify the name of the
	156	+** Use the "--certbundle NAME" option to specify the name of the
157	157	** certificate/key bundle to use for https connections. If this option
158	158	** is not specified, a cached value associated with the URL will be
159	159	** used if it exists.
160	160	**
161	161	** See also: cert, clone, push, sync, remote-url
		@@ -185,11 +185,11 @@
185	185	** saved.
186	186	**
187	187	** Use the --private option to push private branches to the
188	188	** remote repository.
189	189	**
190		-** Use the "--certgroup NAME" option to specify the name of the
	190	+** Use the "--certbundle NAME" option to specify the name of the
191	191	** certificate/key bundle to use for https connections. If this option
192	192	** is not specified, a cached value associated with the URL will be
193	193	** used if it exists.
194	194	**
195	195	** See also: cert, clone, pull, sync, remote-url
		@@ -225,11 +225,11 @@
225	225	** saved.
226	226	**
227	227	** Use the --private option to sync private branches with the
228	228	** remote repository.
229	229	**
230		-** Use the "--certgroup NAME" option to specify the name of the
	230	+** Use the "--certbundle NAME" option to specify the name of the
231	231	** certificate/key bundle to use for https connections. If this option
232	232	** is not specified, a cached value associated with the URL will be
233	233	** used if it exists.
234	234	**
235	235	** See also: cert, clone, push, pull, remote-url
236	236

	--- src/sync.c
	+++ src/sync.c
	@@ -96,11 +96,11 @@
96	const char *zPw = 0;
97	int configSync = 0;
98	int urlOptional = find_option("autourl",0,0)!=0;
99	g.dontKeepUrl = find_option("once",0,0)!=0;
100	*pPrivate = find_option("private",0,0)!=0;
101	g.urlCertGroup = find_option("certgroup",0,1);
102	url_proxy_options();
103	db_find_and_open_repository(0, 0);
104	db_open_config(0);
105	if( g.argc==2 ){
106	zUrl = db_get("last-sync-url", 0);
	@@ -151,11 +151,11 @@
151	** saved.
152	**
153	** Use the --private option to pull private branches from the
154	** remote repository.
155	**
156	** Use the "--certgroup NAME" option to specify the name of the
157	** certificate/key bundle to use for https connections. If this option
158	** is not specified, a cached value associated with the URL will be
159	** used if it exists.
160	**
161	** See also: cert, clone, push, sync, remote-url
	@@ -185,11 +185,11 @@
185	** saved.
186	**
187	** Use the --private option to push private branches to the
188	** remote repository.
189	**
190	** Use the "--certgroup NAME" option to specify the name of the
191	** certificate/key bundle to use for https connections. If this option
192	** is not specified, a cached value associated with the URL will be
193	** used if it exists.
194	**
195	** See also: cert, clone, pull, sync, remote-url
	@@ -225,11 +225,11 @@
225	** saved.
226	**
227	** Use the --private option to sync private branches with the
228	** remote repository.
229	**
230	** Use the "--certgroup NAME" option to specify the name of the
231	** certificate/key bundle to use for https connections. If this option
232	** is not specified, a cached value associated with the URL will be
233	** used if it exists.
234	**
235	** See also: cert, clone, push, pull, remote-url
236

	--- src/sync.c
	+++ src/sync.c
	@@ -96,11 +96,11 @@
96	const char *zPw = 0;
97	int configSync = 0;
98	int urlOptional = find_option("autourl",0,0)!=0;
99	g.dontKeepUrl = find_option("once",0,0)!=0;
100	*pPrivate = find_option("private",0,0)!=0;
101	g.urlCertBundle = find_option("certbundle",0,1);
102	url_proxy_options();
103	db_find_and_open_repository(0, 0);
104	db_open_config(0);
105	if( g.argc==2 ){
106	zUrl = db_get("last-sync-url", 0);
	@@ -151,11 +151,11 @@
151	** saved.
152	**
153	** Use the --private option to pull private branches from the
154	** remote repository.
155	**
156	** Use the "--certbundle NAME" option to specify the name of the
157	** certificate/key bundle to use for https connections. If this option
158	** is not specified, a cached value associated with the URL will be
159	** used if it exists.
160	**
161	** See also: cert, clone, push, sync, remote-url
	@@ -185,11 +185,11 @@
185	** saved.
186	**
187	** Use the --private option to push private branches to the
188	** remote repository.
189	**
190	** Use the "--certbundle NAME" option to specify the name of the
191	** certificate/key bundle to use for https connections. If this option
192	** is not specified, a cached value associated with the URL will be
193	** used if it exists.
194	**
195	** See also: cert, clone, pull, sync, remote-url
	@@ -225,11 +225,11 @@
225	** saved.
226	**
227	** Use the --private option to sync private branches with the
228	** remote repository.
229	**
230	** Use the "--certbundle NAME" option to specify the name of the
231	** certificate/key bundle to use for https connections. If this option
232	** is not specified, a cached value associated with the URL will be
233	** used if it exists.
234	**
235	** See also: cert, clone, push, pull, remote-url
236

Fossil SCM

Keyboard Shortcuts