Fossil SCM
Code cleanup. Fix the "cert" command so that it compiles even if FOSSIL_ENABLE_SSL is not used.
Commit
ebe1faabbc586cecb40cd222d86744ae3aac6faa
Parent
71384ce6688c9db…
2 files changed
+31
-106
-7
+31
-106
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -29,21 +29,40 @@ | ||
| 29 | 29 | ** |
| 30 | 30 | ** SSL support is abstracted out into this module because Fossil can |
| 31 | 31 | ** be compiled without SSL support (which requires OpenSSL library) |
| 32 | 32 | */ |
| 33 | 33 | |
| 34 | -#include "config.h" | |
| 35 | 34 | |
| 36 | 35 | #ifdef FOSSIL_ENABLE_SSL |
| 37 | - | |
| 38 | 36 | #include <openssl/bio.h> |
| 39 | 37 | #include <openssl/ssl.h> |
| 40 | 38 | #include <openssl/err.h> |
| 41 | - | |
| 42 | -#include "http_ssl.h" | |
| 43 | 39 | #include <assert.h> |
| 44 | 40 | #include <sys/types.h> |
| 41 | +#endif | |
| 42 | + | |
| 43 | +#include "config.h" | |
| 44 | +#include "http_ssl.h" | |
| 45 | + | |
| 46 | +/* | |
| 47 | +** Make sure the CERT table exists in the ~/.fossil database. | |
| 48 | +** | |
| 49 | +** This routine must be called in between two calls to db_swap_databases(). | |
| 50 | +*/ | |
| 51 | +static void create_cert_table_if_not_exist(void){ | |
| 52 | + static const char zSql[] = | |
| 53 | + @ CREATE TABLE IF NOT EXISTS certs( | |
| 54 | + @ name TEXT NOT NULL, | |
| 55 | + @ type TEXT NOT NULL, | |
| 56 | + @ filepath TEXT NOT NULL, | |
| 57 | + @ PRIMARY KEY(name, type) | |
| 58 | + @ ); | |
| 59 | + ; | |
| 60 | + db_multi_exec(zSql); | |
| 61 | +} | |
| 62 | + | |
| 63 | +#ifdef FOSSIL_ENABLE_SSL | |
| 45 | 64 | |
| 46 | 65 | /* |
| 47 | 66 | ** There can only be a single OpenSSL IO connection open at a time. |
| 48 | 67 | ** State information about that IO is stored in the following |
| 49 | 68 | ** local variables: |
| @@ -289,76 +308,10 @@ | ||
| 289 | 308 | pContent = (void*)&((char*)pContent)[got]; |
| 290 | 309 | } |
| 291 | 310 | return total; |
| 292 | 311 | } |
| 293 | 312 | |
| 294 | -#if 0 | |
| 295 | -/* | |
| 296 | -** Read client certificate and key, if set, and store them in the SSL context | |
| 297 | -** to allow communication with servers which are configured to verify client | |
| 298 | -** certificates and certificate chains. | |
| 299 | -** We only support PEM and don't support password protected keys. | |
| 300 | -** | |
| 301 | -** Always try the environment variables first, and if they aren't set, then | |
| 302 | -** use the global config. | |
| 303 | -*/ | |
| 304 | -void ssl_load_client_authfiles(void){ | |
| 305 | - char *cafile; | |
| 306 | - char *capath; | |
| 307 | - char *certfile; | |
| 308 | - char *keyfile; | |
| 309 | - | |
| 310 | - cafile = ssl_get_and_set_file_ref("FOSSIL_CAFILE", "cafile"); | |
| 311 | - capath = ssl_get_and_set_file_ref("FOSSIL_CAPATH", "capath"); | |
| 312 | - | |
| 313 | - if( cafile || capath ){ | |
| 314 | - /* The OpenSSL documentation warns that if several CA certificates match | |
| 315 | - ** the same name, key identifier and serial number conditions, only the | |
| 316 | - ** first will be examined. The caveat situation is when one stores an | |
| 317 | - ** expired CA certificate among the valid ones. | |
| 318 | - ** Simply put: Do not mix expired and valid certificates. | |
| 319 | - */ | |
| 320 | - if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath) == 0){ | |
| 321 | - fossil_fatal("SSL: Unable to load CA verification file/path"); | |
| 322 | - } | |
| 323 | - }else{ | |
| 324 | - fossil_warning("SSL: CA file/path missing for certificate verification."); | |
| 325 | - } | |
| 326 | - | |
| 327 | - certfile = ssl_get_and_set_file_ref("FOSSIL_CCERT", "ccert"); | |
| 328 | - if( !certfile ){ | |
| 329 | - free(capath); | |
| 330 | - free(cafile); | |
| 331 | - return; | |
| 332 | - } | |
| 333 | - | |
| 334 | - keyfile = ssl_get_and_set_file_ref("FOSSIL_CKEY", "ckey"); | |
| 335 | - | |
| 336 | - /* Assume the key is in the certificate file if key file was not specified */ | |
| 337 | - if( certfile && !keyfile ){ | |
| 338 | - keyfile = certfile; | |
| 339 | - } | |
| 340 | - | |
| 341 | - if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM) <= 0 ){ | |
| 342 | - fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); | |
| 343 | - } | |
| 344 | - if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM) <= 0 ){ | |
| 345 | - fossil_fatal("SSL: Unable to open client key in %s.", keyfile); | |
| 346 | - } | |
| 347 | - | |
| 348 | - if( !SSL_CTX_check_private_key(sslCtx) ){ | |
| 349 | - fossil_fatal("SSL: Private key does not match the certificate public " | |
| 350 | - "key."); | |
| 351 | - } | |
| 352 | - | |
| 353 | - free(keyfile); | |
| 354 | - free(certfile); | |
| 355 | - free(capath); | |
| 356 | - free(cafile); | |
| 357 | -} | |
| 358 | -#endif | |
| 359 | - | |
| 360 | 313 | /* |
| 361 | 314 | ** If an certgroup has been specified on the command line, then use it to look |
| 362 | 315 | ** up certificates and keys, and then store the URL-certgroup association in |
| 363 | 316 | ** the global database. If no certgroup has been specified on the command line, |
| 364 | 317 | ** see if there's an entry for the url in global_config, and use it if |
| @@ -387,10 +340,11 @@ | ||
| 387 | 340 | /* No cert group specified or found cached */ |
| 388 | 341 | return; |
| 389 | 342 | } |
| 390 | 343 | |
| 391 | 344 | db_swap_connections(); |
| 345 | + create_cert_table_if_not_exist(); | |
| 392 | 346 | cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 393 | 347 | " AND type='cafile'", zGroupName); |
| 394 | 348 | capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 395 | 349 | " AND type='capath'", zGroupName); |
| 396 | 350 | db_swap_connections(); |
| @@ -429,38 +383,12 @@ | ||
| 429 | 383 | free(keyfile); |
| 430 | 384 | free(certfile); |
| 431 | 385 | free(capath); |
| 432 | 386 | free(cafile); |
| 433 | 387 | } |
| 434 | - | |
| 435 | -#if 0 | |
| 436 | -/* | |
| 437 | -** Get SSL authentication file reference from environment variable. If set, | |
| 438 | -** then store varaible in global config. If environment variable was not set, | |
| 439 | -** attempt to get variable from global config. | |
| 440 | -**/ | |
| 441 | -char *ssl_get_and_set_file_ref(const char *envvar, const char *dbvar){ | |
| 442 | - char *zVar; | |
| 443 | - char *zTmp; | |
| 444 | - | |
| 445 | - zTmp = mprintf("%s:%s", dbvar, g.urlName); | |
| 446 | - | |
| 447 | - zVar = getenv(envvar); | |
| 448 | - if( zVar ){ | |
| 449 | - zVar = strdup(zVar); | |
| 450 | - if( zVar == NULL ){ | |
| 451 | - fossil_fatal("Unable to allocate memory for %s value.", envvar); | |
| 452 | - } | |
| 453 | - db_set(zTmp, zVar, 1); | |
| 454 | - }else{ | |
| 455 | - zVar = db_get(zTmp, NULL); | |
| 456 | - } | |
| 457 | - free(zTmp); | |
| 458 | - | |
| 459 | - return zVar; | |
| 460 | -} | |
| 461 | -#endif | |
| 388 | +#endif /* FOSSIL_ENABLE_SSL */ | |
| 389 | + | |
| 462 | 390 | |
| 463 | 391 | /* |
| 464 | 392 | ** COMMAND: cert |
| 465 | 393 | ** |
| 466 | 394 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -521,17 +449,16 @@ | ||
| 521 | 449 | zCKey = zCCert; |
| 522 | 450 | } |
| 523 | 451 | |
| 524 | 452 | db_open_config(0); |
| 525 | 453 | db_swap_connections(); |
| 526 | - if( db_exists( | |
| 527 | - "SELECT 1 FROM certs" | |
| 528 | - " WHERE name='%q'", | |
| 529 | - zContainer)!=0 ){ | |
| 454 | + create_cert_table_if_not_exist(); | |
| 455 | + db_begin_transaction(); | |
| 456 | + if( db_exists("SELECT 1 FROM certs WHERE name='%q'", zContainer)!=0 ){ | |
| 457 | + db_end_transaction(0); | |
| 530 | 458 | fossil_fatal("certificate group \"%s\" already exists", zContainer); |
| 531 | 459 | } |
| 532 | - db_begin_transaction(); | |
| 533 | 460 | if( zCKey ){ |
| 534 | 461 | db_multi_exec("INSERT INTO certs (name,type,filepath) " |
| 535 | 462 | "VALUES(%Q,'ckey',%Q)", |
| 536 | 463 | zContainer, zCKey); |
| 537 | 464 | } |
| @@ -556,10 +483,11 @@ | ||
| 556 | 483 | Stmt q; |
| 557 | 484 | char *grp = NULL; |
| 558 | 485 | |
| 559 | 486 | db_open_config(0); |
| 560 | 487 | db_swap_connections(); |
| 488 | + create_cert_table_if_not_exist(); | |
| 561 | 489 | |
| 562 | 490 | db_prepare(&q, "SELECT name,type,filepath FROM certs" |
| 563 | 491 | " WHERE type NOT IN ('server')" |
| 564 | 492 | " ORDER BY name,type"); |
| 565 | 493 | while( db_step(&q)==SQLITE_ROW ){ |
| @@ -600,11 +528,10 @@ | ||
| 600 | 528 | zURL = g.argv[3]; |
| 601 | 529 | |
| 602 | 530 | db_open_config(0); |
| 603 | 531 | db_swap_connections(); |
| 604 | 532 | db_begin_transaction(); |
| 605 | - | |
| 606 | 533 | db_multi_exec("DELETE FROM global_config WHERE name='certgroup:%q'", |
| 607 | 534 | zURL); |
| 608 | 535 | if( db_changes() == 0 ){ |
| 609 | 536 | fossil_warning("No certificate group associated with URL \"%s\".", |
| 610 | 537 | zURL); |
| @@ -641,7 +568,5 @@ | ||
| 641 | 568 | }else{ |
| 642 | 569 | fossil_panic("cert subcommand should be one of: " |
| 643 | 570 | "add list disassociate delete"); |
| 644 | 571 | } |
| 645 | 572 | } |
| 646 | - | |
| 647 | -#endif /* FOSSIL_ENABLE_SSL */ | |
| 648 | 573 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -29,21 +29,40 @@ | |
| 29 | ** |
| 30 | ** SSL support is abstracted out into this module because Fossil can |
| 31 | ** be compiled without SSL support (which requires OpenSSL library) |
| 32 | */ |
| 33 | |
| 34 | #include "config.h" |
| 35 | |
| 36 | #ifdef FOSSIL_ENABLE_SSL |
| 37 | |
| 38 | #include <openssl/bio.h> |
| 39 | #include <openssl/ssl.h> |
| 40 | #include <openssl/err.h> |
| 41 | |
| 42 | #include "http_ssl.h" |
| 43 | #include <assert.h> |
| 44 | #include <sys/types.h> |
| 45 | |
| 46 | /* |
| 47 | ** There can only be a single OpenSSL IO connection open at a time. |
| 48 | ** State information about that IO is stored in the following |
| 49 | ** local variables: |
| @@ -289,76 +308,10 @@ | |
| 289 | pContent = (void*)&((char*)pContent)[got]; |
| 290 | } |
| 291 | return total; |
| 292 | } |
| 293 | |
| 294 | #if 0 |
| 295 | /* |
| 296 | ** Read client certificate and key, if set, and store them in the SSL context |
| 297 | ** to allow communication with servers which are configured to verify client |
| 298 | ** certificates and certificate chains. |
| 299 | ** We only support PEM and don't support password protected keys. |
| 300 | ** |
| 301 | ** Always try the environment variables first, and if they aren't set, then |
| 302 | ** use the global config. |
| 303 | */ |
| 304 | void ssl_load_client_authfiles(void){ |
| 305 | char *cafile; |
| 306 | char *capath; |
| 307 | char *certfile; |
| 308 | char *keyfile; |
| 309 | |
| 310 | cafile = ssl_get_and_set_file_ref("FOSSIL_CAFILE", "cafile"); |
| 311 | capath = ssl_get_and_set_file_ref("FOSSIL_CAPATH", "capath"); |
| 312 | |
| 313 | if( cafile || capath ){ |
| 314 | /* The OpenSSL documentation warns that if several CA certificates match |
| 315 | ** the same name, key identifier and serial number conditions, only the |
| 316 | ** first will be examined. The caveat situation is when one stores an |
| 317 | ** expired CA certificate among the valid ones. |
| 318 | ** Simply put: Do not mix expired and valid certificates. |
| 319 | */ |
| 320 | if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath) == 0){ |
| 321 | fossil_fatal("SSL: Unable to load CA verification file/path"); |
| 322 | } |
| 323 | }else{ |
| 324 | fossil_warning("SSL: CA file/path missing for certificate verification."); |
| 325 | } |
| 326 | |
| 327 | certfile = ssl_get_and_set_file_ref("FOSSIL_CCERT", "ccert"); |
| 328 | if( !certfile ){ |
| 329 | free(capath); |
| 330 | free(cafile); |
| 331 | return; |
| 332 | } |
| 333 | |
| 334 | keyfile = ssl_get_and_set_file_ref("FOSSIL_CKEY", "ckey"); |
| 335 | |
| 336 | /* Assume the key is in the certificate file if key file was not specified */ |
| 337 | if( certfile && !keyfile ){ |
| 338 | keyfile = certfile; |
| 339 | } |
| 340 | |
| 341 | if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 342 | fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); |
| 343 | } |
| 344 | if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 345 | fossil_fatal("SSL: Unable to open client key in %s.", keyfile); |
| 346 | } |
| 347 | |
| 348 | if( !SSL_CTX_check_private_key(sslCtx) ){ |
| 349 | fossil_fatal("SSL: Private key does not match the certificate public " |
| 350 | "key."); |
| 351 | } |
| 352 | |
| 353 | free(keyfile); |
| 354 | free(certfile); |
| 355 | free(capath); |
| 356 | free(cafile); |
| 357 | } |
| 358 | #endif |
| 359 | |
| 360 | /* |
| 361 | ** If an certgroup has been specified on the command line, then use it to look |
| 362 | ** up certificates and keys, and then store the URL-certgroup association in |
| 363 | ** the global database. If no certgroup has been specified on the command line, |
| 364 | ** see if there's an entry for the url in global_config, and use it if |
| @@ -387,10 +340,11 @@ | |
| 387 | /* No cert group specified or found cached */ |
| 388 | return; |
| 389 | } |
| 390 | |
| 391 | db_swap_connections(); |
| 392 | cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 393 | " AND type='cafile'", zGroupName); |
| 394 | capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 395 | " AND type='capath'", zGroupName); |
| 396 | db_swap_connections(); |
| @@ -429,38 +383,12 @@ | |
| 429 | free(keyfile); |
| 430 | free(certfile); |
| 431 | free(capath); |
| 432 | free(cafile); |
| 433 | } |
| 434 | |
| 435 | #if 0 |
| 436 | /* |
| 437 | ** Get SSL authentication file reference from environment variable. If set, |
| 438 | ** then store varaible in global config. If environment variable was not set, |
| 439 | ** attempt to get variable from global config. |
| 440 | **/ |
| 441 | char *ssl_get_and_set_file_ref(const char *envvar, const char *dbvar){ |
| 442 | char *zVar; |
| 443 | char *zTmp; |
| 444 | |
| 445 | zTmp = mprintf("%s:%s", dbvar, g.urlName); |
| 446 | |
| 447 | zVar = getenv(envvar); |
| 448 | if( zVar ){ |
| 449 | zVar = strdup(zVar); |
| 450 | if( zVar == NULL ){ |
| 451 | fossil_fatal("Unable to allocate memory for %s value.", envvar); |
| 452 | } |
| 453 | db_set(zTmp, zVar, 1); |
| 454 | }else{ |
| 455 | zVar = db_get(zTmp, NULL); |
| 456 | } |
| 457 | free(zTmp); |
| 458 | |
| 459 | return zVar; |
| 460 | } |
| 461 | #endif |
| 462 | |
| 463 | /* |
| 464 | ** COMMAND: cert |
| 465 | ** |
| 466 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -521,17 +449,16 @@ | |
| 521 | zCKey = zCCert; |
| 522 | } |
| 523 | |
| 524 | db_open_config(0); |
| 525 | db_swap_connections(); |
| 526 | if( db_exists( |
| 527 | "SELECT 1 FROM certs" |
| 528 | " WHERE name='%q'", |
| 529 | zContainer)!=0 ){ |
| 530 | fossil_fatal("certificate group \"%s\" already exists", zContainer); |
| 531 | } |
| 532 | db_begin_transaction(); |
| 533 | if( zCKey ){ |
| 534 | db_multi_exec("INSERT INTO certs (name,type,filepath) " |
| 535 | "VALUES(%Q,'ckey',%Q)", |
| 536 | zContainer, zCKey); |
| 537 | } |
| @@ -556,10 +483,11 @@ | |
| 556 | Stmt q; |
| 557 | char *grp = NULL; |
| 558 | |
| 559 | db_open_config(0); |
| 560 | db_swap_connections(); |
| 561 | |
| 562 | db_prepare(&q, "SELECT name,type,filepath FROM certs" |
| 563 | " WHERE type NOT IN ('server')" |
| 564 | " ORDER BY name,type"); |
| 565 | while( db_step(&q)==SQLITE_ROW ){ |
| @@ -600,11 +528,10 @@ | |
| 600 | zURL = g.argv[3]; |
| 601 | |
| 602 | db_open_config(0); |
| 603 | db_swap_connections(); |
| 604 | db_begin_transaction(); |
| 605 | |
| 606 | db_multi_exec("DELETE FROM global_config WHERE name='certgroup:%q'", |
| 607 | zURL); |
| 608 | if( db_changes() == 0 ){ |
| 609 | fossil_warning("No certificate group associated with URL \"%s\".", |
| 610 | zURL); |
| @@ -641,7 +568,5 @@ | |
| 641 | }else{ |
| 642 | fossil_panic("cert subcommand should be one of: " |
| 643 | "add list disassociate delete"); |
| 644 | } |
| 645 | } |
| 646 | |
| 647 | #endif /* FOSSIL_ENABLE_SSL */ |
| 648 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -29,21 +29,40 @@ | |
| 29 | ** |
| 30 | ** SSL support is abstracted out into this module because Fossil can |
| 31 | ** be compiled without SSL support (which requires OpenSSL library) |
| 32 | */ |
| 33 | |
| 34 | |
| 35 | #ifdef FOSSIL_ENABLE_SSL |
| 36 | #include <openssl/bio.h> |
| 37 | #include <openssl/ssl.h> |
| 38 | #include <openssl/err.h> |
| 39 | #include <assert.h> |
| 40 | #include <sys/types.h> |
| 41 | #endif |
| 42 | |
| 43 | #include "config.h" |
| 44 | #include "http_ssl.h" |
| 45 | |
| 46 | /* |
| 47 | ** Make sure the CERT table exists in the ~/.fossil database. |
| 48 | ** |
| 49 | ** This routine must be called in between two calls to db_swap_databases(). |
| 50 | */ |
| 51 | static void create_cert_table_if_not_exist(void){ |
| 52 | static const char zSql[] = |
| 53 | @ CREATE TABLE IF NOT EXISTS certs( |
| 54 | @ name TEXT NOT NULL, |
| 55 | @ type TEXT NOT NULL, |
| 56 | @ filepath TEXT NOT NULL, |
| 57 | @ PRIMARY KEY(name, type) |
| 58 | @ ); |
| 59 | ; |
| 60 | db_multi_exec(zSql); |
| 61 | } |
| 62 | |
| 63 | #ifdef FOSSIL_ENABLE_SSL |
| 64 | |
| 65 | /* |
| 66 | ** There can only be a single OpenSSL IO connection open at a time. |
| 67 | ** State information about that IO is stored in the following |
| 68 | ** local variables: |
| @@ -289,76 +308,10 @@ | |
| 308 | pContent = (void*)&((char*)pContent)[got]; |
| 309 | } |
| 310 | return total; |
| 311 | } |
| 312 | |
| 313 | /* |
| 314 | ** If an certgroup has been specified on the command line, then use it to look |
| 315 | ** up certificates and keys, and then store the URL-certgroup association in |
| 316 | ** the global database. If no certgroup has been specified on the command line, |
| 317 | ** see if there's an entry for the url in global_config, and use it if |
| @@ -387,10 +340,11 @@ | |
| 340 | /* No cert group specified or found cached */ |
| 341 | return; |
| 342 | } |
| 343 | |
| 344 | db_swap_connections(); |
| 345 | create_cert_table_if_not_exist(); |
| 346 | cafile = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 347 | " AND type='cafile'", zGroupName); |
| 348 | capath = db_text(0, "SELECT filepath FROM certs WHERE name=%Q" |
| 349 | " AND type='capath'", zGroupName); |
| 350 | db_swap_connections(); |
| @@ -429,38 +383,12 @@ | |
| 383 | free(keyfile); |
| 384 | free(certfile); |
| 385 | free(capath); |
| 386 | free(cafile); |
| 387 | } |
| 388 | #endif /* FOSSIL_ENABLE_SSL */ |
| 389 | |
| 390 | |
| 391 | /* |
| 392 | ** COMMAND: cert |
| 393 | ** |
| 394 | ** Usage: %fossil cert SUBCOMMAND ... |
| @@ -521,17 +449,16 @@ | |
| 449 | zCKey = zCCert; |
| 450 | } |
| 451 | |
| 452 | db_open_config(0); |
| 453 | db_swap_connections(); |
| 454 | create_cert_table_if_not_exist(); |
| 455 | db_begin_transaction(); |
| 456 | if( db_exists("SELECT 1 FROM certs WHERE name='%q'", zContainer)!=0 ){ |
| 457 | db_end_transaction(0); |
| 458 | fossil_fatal("certificate group \"%s\" already exists", zContainer); |
| 459 | } |
| 460 | if( zCKey ){ |
| 461 | db_multi_exec("INSERT INTO certs (name,type,filepath) " |
| 462 | "VALUES(%Q,'ckey',%Q)", |
| 463 | zContainer, zCKey); |
| 464 | } |
| @@ -556,10 +483,11 @@ | |
| 483 | Stmt q; |
| 484 | char *grp = NULL; |
| 485 | |
| 486 | db_open_config(0); |
| 487 | db_swap_connections(); |
| 488 | create_cert_table_if_not_exist(); |
| 489 | |
| 490 | db_prepare(&q, "SELECT name,type,filepath FROM certs" |
| 491 | " WHERE type NOT IN ('server')" |
| 492 | " ORDER BY name,type"); |
| 493 | while( db_step(&q)==SQLITE_ROW ){ |
| @@ -600,11 +528,10 @@ | |
| 528 | zURL = g.argv[3]; |
| 529 | |
| 530 | db_open_config(0); |
| 531 | db_swap_connections(); |
| 532 | db_begin_transaction(); |
| 533 | db_multi_exec("DELETE FROM global_config WHERE name='certgroup:%q'", |
| 534 | zURL); |
| 535 | if( db_changes() == 0 ){ |
| 536 | fossil_warning("No certificate group associated with URL \"%s\".", |
| 537 | zURL); |
| @@ -641,7 +568,5 @@ | |
| 568 | }else{ |
| 569 | fossil_panic("cert subcommand should be one of: " |
| 570 | "add list disassociate delete"); |
| 571 | } |
| 572 | } |
| 573 |
-7
| --- src/schema.c | ||
| +++ src/schema.c | ||
| @@ -29,17 +29,10 @@ | ||
| 29 | 29 | @ -- |
| 30 | 30 | @ CREATE TABLE global_config( |
| 31 | 31 | @ name TEXT PRIMARY KEY, |
| 32 | 32 | @ value TEXT |
| 33 | 33 | @ ); |
| 34 | -@ CREATE TABLE certs( | |
| 35 | -@ name TEXT NOT NULL, | |
| 36 | -@ type TEXT NOT NULL, | |
| 37 | -@ filepath TEXT NOT NULL, | |
| 38 | -@ PRIMARY KEY(name, type), | |
| 39 | -@ UNIQUE(name, type) | |
| 40 | -@ ); | |
| 41 | 34 | ; |
| 42 | 35 | |
| 43 | 36 | #if INTERFACE |
| 44 | 37 | /* |
| 45 | 38 | ** The content tables have a content version number which rarely |
| 46 | 39 |
| --- src/schema.c | |
| +++ src/schema.c | |
| @@ -29,17 +29,10 @@ | |
| 29 | @ -- |
| 30 | @ CREATE TABLE global_config( |
| 31 | @ name TEXT PRIMARY KEY, |
| 32 | @ value TEXT |
| 33 | @ ); |
| 34 | @ CREATE TABLE certs( |
| 35 | @ name TEXT NOT NULL, |
| 36 | @ type TEXT NOT NULL, |
| 37 | @ filepath TEXT NOT NULL, |
| 38 | @ PRIMARY KEY(name, type), |
| 39 | @ UNIQUE(name, type) |
| 40 | @ ); |
| 41 | ; |
| 42 | |
| 43 | #if INTERFACE |
| 44 | /* |
| 45 | ** The content tables have a content version number which rarely |
| 46 |
| --- src/schema.c | |
| +++ src/schema.c | |
| @@ -29,17 +29,10 @@ | |
| 29 | @ -- |
| 30 | @ CREATE TABLE global_config( |
| 31 | @ name TEXT PRIMARY KEY, |
| 32 | @ value TEXT |
| 33 | @ ); |
| 34 | ; |
| 35 | |
| 36 | #if INTERFACE |
| 37 | /* |
| 38 | ** The content tables have a content version number which rarely |
| 39 |