Fossil SCM

← Back to Tickets

Syncing a "bare" repository over SSL fails to store certificate

Fixed

45f89e504b49833… · opened 16 years ago

Type
Code_Defect
Priority
Severity
Important
Resolution
Fixed
Subsystem
Created
March 21, 2010 7:14 a.m.

I have several repositories setup on a server at home which I want to sync periodically to an external server Like this one

To reproduce (seen on OS X and Linux (Centos 5.3)):


fossil clone https://code.linuxfood.net/pub/repo/git-import gi.fsl # (or probably any other ssl repo. See below).
fossil sync -R gi.fsl

Output:
...
Send:            1091         21          0          0

Unknown SSL certificate:

  countryName               = --
  stateOrProvinceName       = SomeState
  localityName              = SomeCity
  organizationName          = SomeOrganization
  organizationalUnitName    = SomeOrganizationalUnit
  commonName                = nudibranch.linuxfood.net
  emailAddress              = [email protected]

Issued By:

  countryName               = --
  stateOrProvinceName       = SomeState
  localityName              = SomeCity
  organizationName          = SomeOrganization
  organizationalUnitName    = SomeOrganizationalUnit
  commonName                = nudibranch.linuxfood.net
  emailAddress              = [email protected]


Accept certificate [a=always/y/N]? a

REPLACE INTO global_config(name,value) VALUES('cert:code.linuxfood.net','-----BEGIN CERTIFICATE-----
MIIEIDCCA4mgAwIBAgICX/IwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAi0t
MRIwEAYDVQQIEwlTb21lU3RhdGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQK
[snip for brevity]
XQ6rdn5/eMocYvA0BOXd0pD5HWKX6WfX+kvqdo4P6l/2tBWCLXBlBuaLUfwZtm1S
XBbhCw==
-----END CERTIFICATE-----
')

This behavior only occurs when you press 'a' for always. It appears to be a result of the fact that sync didn't used to need to write to the config database until SSL support was introduced. Accepting the cert temporarily causes it to not write it to the config.

Opening ~/.fossil in process_sync_args() appears to fix the problem. Patch:


Index: src/sync.c
===================================================================
--- src/sync.c
+++ src/sync.c
@@ -84,10 +84,11 @@
   const char *zPw = 0;
   int urlOptional = find_option("autourl",0,0)!=0;
   g.dontKeepUrl = find_option("once",0,0)!=0;
   url_proxy_options();
   db_find_and_open_repository(1);
+  db_open_config(0);
   if( g.argc==2 ){
     zUrl = db_get("last-sync-url", 0);
     zPw = db_get("last-sync-pw", 0);
   }else if( g.argc==3 ){
     zUrl = g.argv[2];

Additionally, I added an assert to be a little more violent about this kind of bug. This one is less necessary, but was useful in verifying the bug and might catch other instances as well. Patch:


Index: src/db.c
===================================================================
--- src/db.c
+++ src/db.c
@@ -1194,10 +1194,11 @@
 ** so this routine is a no-op.
 */
 void db_swap_connections(void){
   if( !g.useAttach ){
     sqlite3 *dbTemp = g.db;
+    assert(g.dbConfig);
     g.db = g.dbConfig;
     g.dbConfig = dbTemp;
   }
 }

Thanks,

-B

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button