Ticket UUID: | 45f89e504b49833746286e9c2674b838250e3776 | ||
Title: | Syncing a "bare" repository over SSL fails to store certificate | ||
Status: | Fixed | Type: | Code_Defect |
Severity: | Important | Priority: | |
Subsystem: | Resolution: | Fixed | |
Last Modified: | 2010-03-21 17:03:34 | ||
Version Found In: | 73c24ae363 | ||
Description & Comments: | |||
I have several repositories setup on a server at home which I want to sync periodically to an external server Like this one
To reproduce (seen on OS X and Linux (Centos 5.3)): fossil clone https://code.linuxfood.net/pub/repo/git-import gi.fsl # (or probably any other ssl repo. See below). fossil sync -R gi.fsl Output: ... Send: 1091 21 0 0 Unknown SSL certificate: countryName = -- stateOrProvinceName = SomeState localityName = SomeCity organizationName = SomeOrganization organizationalUnitName = SomeOrganizationalUnit commonName = nudibranch.linuxfood.net emailAddress = root@nudibranch.linuxfood.net Issued By: countryName = -- stateOrProvinceName = SomeState localityName = SomeCity organizationName = SomeOrganization organizationalUnitName = SomeOrganizationalUnit commonName = nudibranch.linuxfood.net emailAddress = root@nudibranch.linuxfood.net Accept certificate [a=always/y/N]? a REPLACE INTO global_config(name,value) VALUES('cert:code.linuxfood.net','-----BEGIN CERTIFICATE----- MIIEIDCCA4mgAwIBAgICX/IwDQYJKoZIhvcNAQEFBQAwgcExCzAJBgNVBAYTAi0t MRIwEAYDVQQIEwlTb21lU3RhdGUxETAPBgNVBAcTCFNvbWVDaXR5MRkwFwYDVQQK [snip for brevity] XQ6rdn5/eMocYvA0BOXd0pD5HWKX6WfX+kvqdo4P6l/2tBWCLXBlBuaLUfwZtm1S XBbhCw== -----END CERTIFICATE----- ') This behavior only occurs when you press 'a' for always. It appears to be a result of the fact that sync didn't used to need to write to the config database until SSL support was introduced. Accepting the cert temporarily causes it to not write it to the config. Opening Index: src/sync.c =================================================================== --- src/sync.c +++ src/sync.c @@ -84,10 +84,11 @@ const char *zPw = 0; int urlOptional = find_option("autourl",0,0)!=0; g.dontKeepUrl = find_option("once",0,0)!=0; url_proxy_options(); db_find_and_open_repository(1); + db_open_config(0); if( g.argc==2 ){ zUrl = db_get("last-sync-url", 0); zPw = db_get("last-sync-pw", 0); }else if( g.argc==3 ){ zUrl = g.argv[2]; Additionally, I added an assert to be a little more violent about this kind of bug. This one is less necessary, but was useful in verifying the bug and might catch other instances as well. Patch: Index: src/db.c =================================================================== --- src/db.c +++ src/db.c @@ -1194,10 +1194,11 @@ ** so this routine is a no-op. */ void db_swap_connections(void){ if( !g.useAttach ){ sqlite3 *dbTemp = g.db; + assert(g.dbConfig); g.db = g.dbConfig; g.dbConfig = dbTemp; } } Thanks, -B |