D 2011-06-19T19:05:55.021
J +comment \n\n<hr\s/><i>anonymous\sclaiming\sto\sbe\sEarl\sadded\son\s2011-06-19\s19:05:55\sUTC:</i><br\s/>\nAnother\squick\sfix:\r\n\r\nAs\san\salternative\sto\shard\scoding\sthe\scertificate\slocation,\sI\sadded\sthe\sfollowing\sto\sssl_global_init()\sin\shttp_ssl.c\r\n\r\n<code>\r\n\s\s\s\s\s\s\s\schar\s*cert_file;<br>\r\n\s\s\s\s\s\s\s\scert_file\s=\smprintf("%s.pem",\sg.zRepositoryName);<br>\r\n\s\s\s\s\s\s\s\sSSL_CTX_load_verify_locations(sslCtx,\scert_file,\sNULL);<br>\r\n\s\s\s\s\s\s\s\sfree(cert_file);\r\n</code>\r\n\r\nThis\smakes\sOpenSSL\slook\sfor\sa\scertificate\sfile\sin\sthe\ssame\sdirectory\sas\sthe\sfossil,\snamed\sthe\ssame\sas\sthe\srepository\sbut\swith\s.pem\sadded\son.\sFor\sexample,\swhen\ssyncing\smyrepo.fossil,\sOpenSSL\swill\suse\smyrepo.fossil.pem\sif\sit\sexists.\sIf\snot,\sthe\sdefault\slocations\s(e.g.\s/usr/local/ssl/certs\sor\seven\sC:\\usr\\local\\ssl\\certs)\sare\sused.\sThis\smakes\sit\spossible\sto\shave\sdifferent\scertificates\sfor\sdifferent\srepositories.\r\n\r\nThe\smethod\sworks\swith\sclone\sas\swell\sas\soperations\son\sestablished\srepositories.\sOf\scourse,\sthe\s.pem\sfile\sshould\sbe\spresent\sbefore\syou\sissue\sthe\sclone\scommand.\r\n\r\nPEM\sfiles\scan\scontain\smore\sthan\sone\scertificate,\sup\sto\sthe\strusted\sroot\sCA.\sThis\sis\snot\sthe\scase\sfor\sfiles\sin\sdirectories\slike\s/usr/local/ssl/certs,\swhich\scan\sonly\shave\sone\scertificate\sper\sfile\sand\sneed\sto\sbe\snamed\susing\sthe\sopenSSL\sc_rehash\sutility.\r\n\r\nThank\syou\sfor\sdeveloping\sFossil.\sLooking\sforward\sto\sfurther\sSSL\sfeatures.
K 727af73f467a64be0d0bbbcf46c513062a9e4704
U anonymous
Z 37c9be27e9de5d6556741c57d8d6357c