Overview
| Artifact ID: | 887f303dbc18aea55493ad67650289d4f5a0bce7 |
|---|---|
| Ticket: | 45f89e504b49833746286e9c2674b838250e3776
Syncing a "bare" repository over SSL fails to store certificate |
| User & Date: | anonymous 2010-03-21 07:14:25 |
Changes
- comment changed to:
I have several repositories setup on a server at home which I want to sync periodically to an external server <a href="https://code.linuxfood.net/pub/repo/git-import">Like this one</a> To reproduce (seen on OS X and Linux (Centos 5.3)): <verbatim> fossil clone https://code.linuxfood.net/pub/repo/git-import gi.fsl # (or probably any other ssl repo. See below). fossil sync -R gi.fsl Output: ... Send: 1091 21 0 0 Unknown SSL certificate: countryName = -- stateOrProvinceName = SomeState localityName = SomeCity organizationName = SomeOrganization organizationalUnitName = SomeOrganizationalUnit commonName = nudibranch.linuxfood.net emailAddress = root@nudibranch.linuxfood.net Issued By: countryName = -- stateOrProvinceName = SomeState localityName = SomeCity organizationName = SomeOrganization organizationalUnitName = SomeOrganizationalUnit commonName = nudibranch.linuxfood.net emailAddress = root@nudibranch.linuxfood.net Accept certificate [a=always/y/N]? a REPLACE INTO global_config(name,value) VALUES('cert:code.linuxfood.net','-----BEGIN CERTIFICATE----- MIIEIDCCA4mgAwIBAgICX/IwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAi0t MRIwEAYDVQQIEwlTb21lU3RhdGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQK [snip for brevity] XQ6rdn5/eMocYvA0BOXd0pD5HWKX6WfX+kvqdo4P6l/2tBWCLXBlBuaLUfwZtm1S XBbhCw== -----END CERTIFICATE----- ') </verbatim> This behavior only occurs when you press 'a' for always. It appears to be a result of the fact that sync didn't used to need to write to the config database until SSL support was introduced. Accepting the cert temporarily causes it to not write it to the config. Opening <code>~/.fossil</code> in <code>process_sync_args()</code> appears to fix the problem. Patch: <verbatim> Index: src/sync.c =================================================================== --- src/sync.c +++ src/sync.c @@ -84,10 +84,11 @@ const char *zPw = 0; int urlOptional = find_option("autourl",0,0)!=0; g.dontKeepUrl = find_option("once",0,0)!=0; url_proxy_options(); db_find_and_open_repository(1); + db_open_config(0); if( g.argc==2 ){ zUrl = db_get("last-sync-url", 0); zPw = db_get("last-sync-pw", 0); }else if( g.argc==3 ){ zUrl = g.argv[2]; </verbatim> Additionally, I added an assert to be a little more violent about this kind of bug. This one is less necessary, but was useful in verifying the bug and might catch other instances as well. Patch: <verbatim> Index: src/db.c =================================================================== --- src/db.c +++ src/db.c @@ -1194,10 +1194,11 @@ ** so this routine is a no-op. */ void db_swap_connections(void){ if( !g.useAttach ){ sqlite3 *dbTemp = g.db; + assert(g.dbConfig); g.db = g.dbConfig; g.dbConfig = dbTemp; } } </verbatim> Thanks, -B - foundin changed to: "73c24ae363"
- private_contact changed to: "7a46edbdd4ae23c7f1340663be03348341c2cb57"
- severity changed to: "Important"
- status changed to: "Open"
- title changed to:
Syncing a "bare" repository over SSL fails to store certificate
- type changed to: "Code_Defect"