Artifact [0206341431]
Not logged in
HomeTimelineBranchesTagsTicketsWikiLogin
Download Hex Parsed

Artifact 02063414316bde860f6d2553023149c2ac3bfd1d:

Ticket change [0206341431] - New ticket [0ffa37e70e] There is currently no way to enforce 100% use of SSL. by anonymous 2011-01-18 12:49:44. 
D 2011-01-18T12:49:44.901
J comment I'm\snoticing\sthat\sthere\sdoesn't\sseem\sto\sbe\sa\sconfiguration\sparameter\sor\sany\sreasonable\sway\sto\senforce\sall\scommunications\sto\suse\sSSL-secured\sHTTP\sin\sthe\sWeb\sinterface.\r\n\r\nMy\scurrent\shosting\ssetup\sis\sas\sfollows:\r\n\r\n<verbatim>\r\n#\s/etc/xinetd.d/fossil-some-site\s\r\nservice\sfossil-some-site\r\n{\r\n\s\s\s\ssocket_type\s=\sstream\r\n\s\s\s\stype\s=\sUNLISTED\r\n\s\s\s\swait\s=\sno\r\n\s\s\s\sdisable\s=\sno\r\n\s\s\s\suser\s=\sroot\r\n\s\s\s\sserver\s=\s/opt/fossil/bin/fossil\r\n\s\s\s\sserver_args\s=\shttp\s/opt/fossil/repositories/some.site/fossil\s--notfound\shttp://fossil.some.site/cgi-bin/fossil-list-repositories.cgi\r\n\s\s\s\sbind\s=\sfossil-some-site.fossil01.internal\r\n\s\s\s\sport\s=\s8060\r\n}\r\n</verbatim>\r\n\r\n<verbatim>\r\n#\s/etc/httpd/vhosts.d/includes/fossil.some.site.conf\s\r\n#\sMostly\sstandard\sRed\sHat\svirtual\shost\sboilerplate\selided.\r\n\r\nProxyPass\s/cgi-bin\s!\r\nProxyPass\s/\shttp://fossil.some.site/\r\nProxyPassReverse\s/cgi-bin\s!\r\nProxyPassReverse\s/\shttp://fossil.some.site/\r\n</verbatim>\r\n\r\n<verbatim>\r\n#\s/etc/hosts\r\n127.0.0.1\slocalhost.localdomain\slocalhost\sfossil01.internal\sfossil01\r\n127.0.0.101\sfossil-some-site.fossil01.internal\sfossil.some.site\r\n...\r\n</verbatim>\r\n\r\nI\shaven't\sexplored\susing\sthe\sCGI\smethod\sof\sdeployment\syet,\snor\shave\sI\sexplored\sthe\spossibility\sof\scontributing\spatches\sto\smake\sthis\sfunctionality\sa\sreality.\s\sI\salso\shaven't\sexplored\swhether\sor\snot\sthis\sfunctionality\salready\sexists\sin\sa\snewer\srelease,\sseeing\sas\sI\sam\srunning\sa\srelatively\sancient\sversion\sof\sFossil:\r\n\r\n<verbatim>\r\nfossil01%\s/opt/fossil/bin/fossil\sversion\r\nThis\sis\sfossil\sversion\s[d0753799e4]\s2010-11-01\s14:23:35\sUTC\r\n</verbatim>\r\n\r\nMy\scurrent\sworkaround\sis\sjust\sto\sinteract\swith\sthe\ssoftware\sthrough\sthe\sshell\son\sthe\sremote\send\s(to\sset\sconfiguration\sparameters,\smanage\susers,\setc.)\sand\sthrough\sthe\susual\s<tt>fossil\supdate</tt>,\s<tt>fossil\ssync</tt>,\set\sal.\scommands\sfrom\smy\sworking\scopy,\swherever\sit\smight\sbe\sat\sthe\stime.\r\n\r\nI\swould\slike\sto\sbe\sable\sto\suse\sthe\sWeb\sinterface\srunning\sremotely\showever.\s:)
J foundin d0753799e4
J private_contact 972e8a5291f0b92e11083b9bfe832820d06d9b90
J severity Severe
J status Open
J title There\sis\scurrently\sno\sway\sto\senforce\s100%\suse\sof\sSSL
J type Code_Defect
K 0ffa37e70e885cfc5c86d2546e51480c83b819b0
U anonymous
Z d58c7ad9a5e4ce1ad6952e3d4a542e07
Fossil version [4df919803b] 2020-05-25 23:23:49