Fossil SCM
Improved documentation for server-side SSL settings.
Commit
f81d64cace5e5335a135e30e92b8dba433655119a71a4dd88c7e3c60ab221fe0
Parent
6d447b8669d9286…
2 files changed
+27
+1
-1
M
src/db.c
+27
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -4263,10 +4263,18 @@ | ||
| 4263 | 4263 | */ |
| 4264 | 4264 | /* |
| 4265 | 4265 | ** SETTING: ssh-command width=40 sensitive |
| 4266 | 4266 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 4267 | 4267 | */ |
| 4268 | + | |
| 4269 | +/* | |
| 4270 | +** SETTING: ssl-acme boolean default=off | |
| 4271 | +** If true, allow web pages with a path of "/.well-known/..." to retrieve | |
| 4272 | +** files stored in the ".well-known" subdirectory in the same directory as | |
| 4273 | +** the repository. This is needed by tools such as "certbot" to verify a | |
| 4274 | +** certificate signing request. | |
| 4275 | +*/ | |
| 4268 | 4276 | /* |
| 4269 | 4277 | ** SETTING: ssl-ca-location width=40 sensitive |
| 4270 | 4278 | ** The full pathname to a file containing PEM encoded |
| 4271 | 4279 | ** CA root certificates, or a directory of certificates |
| 4272 | 4280 | ** with filenames formed from the certificate hashes as |
| @@ -4277,10 +4285,24 @@ | ||
| 4277 | 4285 | ** Some platforms may add additional certificates. |
| 4278 | 4286 | ** Checking your platform behaviour is required if the |
| 4279 | 4287 | ** exact contents of the CA root is critical for your |
| 4280 | 4288 | ** application. |
| 4281 | 4289 | */ |
| 4290 | +/* | |
| 4291 | +** SETTING: ssl-cert width=40 block-text sensitive | |
| 4292 | +** The text of SSL server certificate and private key used by commands | |
| 4293 | +** like "fossil server". The text should be in the PEM format. Use | |
| 4294 | +** the "fossil ssl-config load-certs" command to change this setting. | |
| 4295 | +*/ | |
| 4296 | +/* | |
| 4297 | +** SETTING: ssl-cert-file width=40 sensitive | |
| 4298 | +** The name of a file that contains the SSL server certificate, or | |
| 4299 | +** optionally the concatenation of the certificate and private key, | |
| 4300 | +** for use by Fossil when it is acting as a server. If this file | |
| 4301 | +** contains only the certificate, then the ssl-key-file setting must | |
| 4302 | +** contain the name of a file containing the private key. | |
| 4303 | +*/ | |
| 4282 | 4304 | /* |
| 4283 | 4305 | ** SETTING: ssl-identity width=40 sensitive |
| 4284 | 4306 | ** The full pathname to a file containing a certificate |
| 4285 | 4307 | ** and private key in PEM format. Create by concatenating |
| 4286 | 4308 | ** the certificate and private key files. |
| @@ -4287,10 +4309,15 @@ | ||
| 4287 | 4309 | ** |
| 4288 | 4310 | ** This identity will be presented to SSL servers to |
| 4289 | 4311 | ** authenticate this client, in addition to the normal |
| 4290 | 4312 | ** password authentication. |
| 4291 | 4313 | */ |
| 4314 | +/* | |
| 4315 | +** SETTING: ssl-key-file width=40 sensitive | |
| 4316 | +** The name of a file that contains the SSL server certificate private | |
| 4317 | +** key. Used in combination with "ssl-cert-file". | |
| 4318 | +*/ | |
| 4292 | 4319 | #ifdef FOSSIL_ENABLE_TCL |
| 4293 | 4320 | /* |
| 4294 | 4321 | ** SETTING: tcl boolean default=off sensitive |
| 4295 | 4322 | ** If enabled Tcl integration commands will be added to the TH1 |
| 4296 | 4323 | ** interpreter, allowing arbitrary Tcl expressions and |
| 4297 | 4324 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -4263,10 +4263,18 @@ | |
| 4263 | */ |
| 4264 | /* |
| 4265 | ** SETTING: ssh-command width=40 sensitive |
| 4266 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 4267 | */ |
| 4268 | /* |
| 4269 | ** SETTING: ssl-ca-location width=40 sensitive |
| 4270 | ** The full pathname to a file containing PEM encoded |
| 4271 | ** CA root certificates, or a directory of certificates |
| 4272 | ** with filenames formed from the certificate hashes as |
| @@ -4277,10 +4285,24 @@ | |
| 4277 | ** Some platforms may add additional certificates. |
| 4278 | ** Checking your platform behaviour is required if the |
| 4279 | ** exact contents of the CA root is critical for your |
| 4280 | ** application. |
| 4281 | */ |
| 4282 | /* |
| 4283 | ** SETTING: ssl-identity width=40 sensitive |
| 4284 | ** The full pathname to a file containing a certificate |
| 4285 | ** and private key in PEM format. Create by concatenating |
| 4286 | ** the certificate and private key files. |
| @@ -4287,10 +4309,15 @@ | |
| 4287 | ** |
| 4288 | ** This identity will be presented to SSL servers to |
| 4289 | ** authenticate this client, in addition to the normal |
| 4290 | ** password authentication. |
| 4291 | */ |
| 4292 | #ifdef FOSSIL_ENABLE_TCL |
| 4293 | /* |
| 4294 | ** SETTING: tcl boolean default=off sensitive |
| 4295 | ** If enabled Tcl integration commands will be added to the TH1 |
| 4296 | ** interpreter, allowing arbitrary Tcl expressions and |
| 4297 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -4263,10 +4263,18 @@ | |
| 4263 | */ |
| 4264 | /* |
| 4265 | ** SETTING: ssh-command width=40 sensitive |
| 4266 | ** The command used to talk to a remote machine with the "ssh://" protocol. |
| 4267 | */ |
| 4268 | |
| 4269 | /* |
| 4270 | ** SETTING: ssl-acme boolean default=off |
| 4271 | ** If true, allow web pages with a path of "/.well-known/..." to retrieve |
| 4272 | ** files stored in the ".well-known" subdirectory in the same directory as |
| 4273 | ** the repository. This is needed by tools such as "certbot" to verify a |
| 4274 | ** certificate signing request. |
| 4275 | */ |
| 4276 | /* |
| 4277 | ** SETTING: ssl-ca-location width=40 sensitive |
| 4278 | ** The full pathname to a file containing PEM encoded |
| 4279 | ** CA root certificates, or a directory of certificates |
| 4280 | ** with filenames formed from the certificate hashes as |
| @@ -4277,10 +4285,24 @@ | |
| 4285 | ** Some platforms may add additional certificates. |
| 4286 | ** Checking your platform behaviour is required if the |
| 4287 | ** exact contents of the CA root is critical for your |
| 4288 | ** application. |
| 4289 | */ |
| 4290 | /* |
| 4291 | ** SETTING: ssl-cert width=40 block-text sensitive |
| 4292 | ** The text of SSL server certificate and private key used by commands |
| 4293 | ** like "fossil server". The text should be in the PEM format. Use |
| 4294 | ** the "fossil ssl-config load-certs" command to change this setting. |
| 4295 | */ |
| 4296 | /* |
| 4297 | ** SETTING: ssl-cert-file width=40 sensitive |
| 4298 | ** The name of a file that contains the SSL server certificate, or |
| 4299 | ** optionally the concatenation of the certificate and private key, |
| 4300 | ** for use by Fossil when it is acting as a server. If this file |
| 4301 | ** contains only the certificate, then the ssl-key-file setting must |
| 4302 | ** contain the name of a file containing the private key. |
| 4303 | */ |
| 4304 | /* |
| 4305 | ** SETTING: ssl-identity width=40 sensitive |
| 4306 | ** The full pathname to a file containing a certificate |
| 4307 | ** and private key in PEM format. Create by concatenating |
| 4308 | ** the certificate and private key files. |
| @@ -4287,10 +4309,15 @@ | |
| 4309 | ** |
| 4310 | ** This identity will be presented to SSL servers to |
| 4311 | ** authenticate this client, in addition to the normal |
| 4312 | ** password authentication. |
| 4313 | */ |
| 4314 | /* |
| 4315 | ** SETTING: ssl-key-file width=40 sensitive |
| 4316 | ** The name of a file that contains the SSL server certificate private |
| 4317 | ** key. Used in combination with "ssl-cert-file". |
| 4318 | */ |
| 4319 | #ifdef FOSSIL_ENABLE_TCL |
| 4320 | /* |
| 4321 | ** SETTING: tcl boolean default=off sensitive |
| 4322 | ** If enabled Tcl integration commands will be added to the TH1 |
| 4323 | ** interpreter, allowing arbitrary Tcl expressions and |
| 4324 |
+1
-1
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -1101,11 +1101,11 @@ | ||
| 1101 | 1101 | |
| 1102 | 1102 | fossil_print("ssl-acme: %s\n", |
| 1103 | 1103 | db_get_boolean("ssl-acme",0) ? "on" : "off"); |
| 1104 | 1104 | if( verbose ){ |
| 1105 | 1105 | fossil_print("\n" |
| 1106 | - " This setting enables web access to files in the \".well-known\"" | |
| 1106 | + " This setting enables web access to files in the \".well-known\"\n" | |
| 1107 | 1107 | " subdirectory in the same directory as the repository. Such access\n" |
| 1108 | 1108 | " is required to obtain a certificate from services like\n" |
| 1109 | 1109 | " \"Let's Encrypt\" using the tools like \"certbot\".\n\n" |
| 1110 | 1110 | ); |
| 1111 | 1111 | } |
| 1112 | 1112 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -1101,11 +1101,11 @@ | |
| 1101 | |
| 1102 | fossil_print("ssl-acme: %s\n", |
| 1103 | db_get_boolean("ssl-acme",0) ? "on" : "off"); |
| 1104 | if( verbose ){ |
| 1105 | fossil_print("\n" |
| 1106 | " This setting enables web access to files in the \".well-known\"" |
| 1107 | " subdirectory in the same directory as the repository. Such access\n" |
| 1108 | " is required to obtain a certificate from services like\n" |
| 1109 | " \"Let's Encrypt\" using the tools like \"certbot\".\n\n" |
| 1110 | ); |
| 1111 | } |
| 1112 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -1101,11 +1101,11 @@ | |
| 1101 | |
| 1102 | fossil_print("ssl-acme: %s\n", |
| 1103 | db_get_boolean("ssl-acme",0) ? "on" : "off"); |
| 1104 | if( verbose ){ |
| 1105 | fossil_print("\n" |
| 1106 | " This setting enables web access to files in the \".well-known\"\n" |
| 1107 | " subdirectory in the same directory as the repository. Such access\n" |
| 1108 | " is required to obtain a certificate from services like\n" |
| 1109 | " \"Let's Encrypt\" using the tools like \"certbot\".\n\n" |
| 1110 | ); |
| 1111 | } |
| 1112 |