Changes On Branch ui-improvements
Not logged in
HomeTimelineBranchesTagsTicketsWikiLogin
Hide Diff Patch Side-by-Side Diff

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch ui-improvements Excluding Merge-Ins

This is equivalent to a diff from 7954ccba68 to 3c19422b6e

2010-10-26
12:51
Merge the delta-manifest enhancement into the trunk. check-in: d13054ce84 user: drh tags: trunk
2010-10-22
01:06
Merge in some ui enhancements from the ssl_platform_fixes branch. Leaf check-in: 3c19422b6e user: bcsmith tags: ui-improvements
01:04
Add some explanatory text to the update command to make it easier for new users to learn fossil. check-in: 858940c68e user: bcsmith tags: ui-improvements
2010-10-16
17:33
merge from trunk check-in: 586b0eb144 user: wolfgang tags: wolfgangHelpCmd
16:32
Bring over the latest bug fixes from trunk. check-in: b2175857cc user: drh tags: experimental
16:24
Do not attempt to parse control artifacts that do not end with a '\n' character. Ticket [be56c89def7f86bcbd] check-in: 7954ccba68 user: drh tags: trunk
12:13
Do not free memory not obtained from malloc in the "fossil diff" command. Ticket [38d7bb8cf044219c2eff8]. check-in: ddb975e2be user: drh tags: trunk
2010-10-03
19:24
More descriptive SSL error messages. Closed-Leaf check-in: 6b8b6d2e23 user: bcsmith tags: ssl_platform_fixes

Changes to src/http_ssl.c. 

   127    127   **    g.urlPort       TCP/IP port to use.  Ex: 80
   128    128   **
   129    129   ** Return the number of errors.
   130    130   */
   131    131   int ssl_open(void){
   132    132     X509 *cert;
   133    133     int hasSavedCertificate = 0;
   134         -char *connStr ;
          134  +  char *connStr;
          135  +  int vresult = 0;
   135    136     ssl_global_init();
   136    137   
   137    138     /* Get certificate for current server from global config and
   138    139      * (if we have it in config) add it to certificate store.
   139    140      */
   140    141     cert = ssl_get_certificate();
   141    142     if ( cert!=NULL ){
................................................................................
   175    176   
   176    177     if ( cert==NULL ){
   177    178       ssl_set_errmsg("No SSL certificate was presented by the peer");
   178    179       ssl_close();
   179    180       return 1;
   180    181     }
   181    182   
   182         -  if( SSL_get_verify_result(ssl) != X509_V_OK ){
          183  +  if( (vresult = SSL_get_verify_result(ssl)) != X509_V_OK ){
   183    184       char *desc, *prompt;
   184    185       char *warning = "";
          186  +    char *ssl_verify_error = "";
   185    187       Blob ans;
   186    188       BIO *mem;
   187    189       
   188    190       mem = BIO_new(BIO_s_mem());
   189    191       X509_NAME_print_ex(mem, X509_get_subject_name(cert), 2, XN_FLAG_MULTILINE);
   190    192       BIO_puts(mem, "\n\nIssued By:\n\n");
   191    193       X509_NAME_print_ex(mem, X509_get_issuer_name(cert), 2, XN_FLAG_MULTILINE);
................................................................................
   192    194       BIO_write(mem, "", 1); // null-terminate mem buffer
   193    195       BIO_get_mem_data(mem, &desc);
   194    196       
   195    197       if( hasSavedCertificate ){
   196    198         warning = "WARNING: Certificate doesn't match the "
   197    199                   "saved certificate for this host!";
   198    200       }
   199         -    prompt = mprintf("\nUnknown SSL certificate:\n\n%s\n\n%s\n"
   200         -                     "Accept certificate [a=always/y/N]? ", desc, warning);
          201  +    switch(vresult) {
          202  +      case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
          203  +        ssl_verify_error = "SSL: unable to get issuer certificate.";
          204  +        break;
          205  +
          206  +      case X509_V_ERR_UNABLE_TO_GET_CRL:
          207  +        ssl_verify_error = "SSL: unable to get certificate CRL.";
          208  +        break;
          209  +
          210  +      case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
          211  +        ssl_verify_error = "SSL: unable to decrypt certificate’s signature.";
          212  +        break;
          213  +
          214  +      case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
          215  +        ssl_verify_error = "SSL: unable to decrypt CRL’s signature.";
          216  +        break;
          217  +
          218  +      case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
          219  +        ssl_verify_error = "SSL: unable to decode issuer public key.";
          220  +        break;
          221  +
          222  +      case X509_V_ERR_CERT_SIGNATURE_FAILURE:
          223  +        ssl_verify_error = "SSL: certificate signature failure.";
          224  +        break;
          225  +
          226  +      case X509_V_ERR_CRL_SIGNATURE_FAILURE:
          227  +        ssl_verify_error = "SSL: CRL signature failure.";
          228  +        break;
          229  +
          230  +      case X509_V_ERR_CERT_NOT_YET_VALID:
          231  +        ssl_verify_error = "SSL: certificate is not yet valid.";
          232  +        break;
          233  +
          234  +      case X509_V_ERR_CERT_HAS_EXPIRED:
          235  +        ssl_verify_error = "SSL: certificate has expired.";
          236  +        break;
          237  +
          238  +      case X509_V_ERR_CRL_NOT_YET_VALID:
          239  +        ssl_verify_error = "SSL: CRL is not yet valid.";
          240  +        break;
          241  +
          242  +      case X509_V_ERR_CRL_HAS_EXPIRED:
          243  +        ssl_verify_error = "SSL: CRL has expired.";
          244  +        break;
          245  +
          246  +      case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
          247  +        ssl_verify_error = "SSL: format error in certificate’s notBefore field.";
          248  +        break;
          249  +
          250  +      case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
          251  +        ssl_verify_error = "SSL: format error in certificate’s notAfter field.";
          252  +        break;
          253  +
          254  +      case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
          255  +        ssl_verify_error = "SSL: format error in CRL’s lastUpdate field.";
          256  +        break;
          257  +
          258  +      case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
          259  +        ssl_verify_error = "SSL: format error in CRL’s nextUpdate field.";
          260  +        break;
          261  +
          262  +      case X509_V_ERR_OUT_OF_MEM:
          263  +        ssl_verify_error = "SSL: out of memory.";
          264  +        break;
          265  +
          266  +      case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
          267  +        ssl_verify_error = "SSL: self signed certificate.";
          268  +        break;
          269  +
          270  +      case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
          271  +        ssl_verify_error = "SSL: self signed certificate in certificate chain.";
          272  +        break;
          273  +
          274  +      case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
          275  +        ssl_verify_error = "SSL: unable to get local issuer certificate.";
          276  +        break;
          277  +
          278  +      case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
          279  +        ssl_verify_error = "SSL: unable to verify the first certificate.";
          280  +        break;
          281  +
          282  +      case X509_V_ERR_CERT_CHAIN_TOO_LONG:
          283  +        ssl_verify_error = "SSL: certificate chain too long.";
          284  +        break;
          285  +
          286  +      case X509_V_ERR_CERT_REVOKED:
          287  +        ssl_verify_error = "SSL: certificate revoked.";
          288  +        break;
          289  +
          290  +      case X509_V_ERR_INVALID_CA:
          291  +        ssl_verify_error = "SSL: invalid CA certificate.";
          292  +        break;
          293  +
          294  +      case X509_V_ERR_PATH_LENGTH_EXCEEDED:
          295  +        ssl_verify_error = "SSL: path length constraint exceeded.";
          296  +        break;
          297  +
          298  +      case X509_V_ERR_INVALID_PURPOSE:
          299  +        ssl_verify_error = "SSL: unsupported certificate purpose.";
          300  +        break;
          301  +
          302  +      case X509_V_ERR_CERT_UNTRUSTED:
          303  +        ssl_verify_error = "SSL: certificate not trusted.";
          304  +        break;
          305  +
          306  +      case X509_V_ERR_CERT_REJECTED:
          307  +        ssl_verify_error = "SSL: certificate rejected.";
          308  +        break;
          309  +
          310  +      case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
          311  +        ssl_verify_error = "SSL: subject issuer mismatch.";
          312  +        break;
          313  +
          314  +      case X509_V_ERR_AKID_SKID_MISMATCH:
          315  +        ssl_verify_error = "SSL: authority and subject key identifier mismatch.";
          316  +        break;
          317  +
          318  +      case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
          319  +        ssl_verify_error = "SSL: authority and issuer serial number mismatch.";
          320  +        break;
          321  +
          322  +      case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
          323  +        ssl_verify_error = "SSL: key usage does not include certificate signing.";
          324  +        break;
          325  +      default:
          326  +        ssl_verify_error = "SSL: Unknown error.";
          327  +    };
          328  +    prompt = mprintf("\nUnknown SSL certificate:\n\n%s\n\n%s\n%s Code: %d\n"
          329  +                     "Accept certificate [a=always/y/N]? ", desc, warning, ssl_verify_error, vresult);
   201    330       BIO_free(mem);
   202    331   
   203    332       prompt_user(prompt, &ans);
   204    333       free(prompt);
   205    334       if( blob_str(&ans)[0]!='y' && blob_str(&ans)[0]!='a' ) {
   206    335         X509_free(cert);
   207    336         ssl_set_errmsg("SSL certificate declined");

Changes to src/update.c. 

   100    100       if( !latestFlag && db_int(0, "SELECT count(*) FROM leaves")>1 ){
   101    101         db_prepare(&q, 
   102    102           "%s "
   103    103           "   AND event.objid IN leaves"
   104    104           " ORDER BY event.mtime DESC",
   105    105           timeline_query_for_tty()
   106    106         );
          107  +      printf(
          108  +             "\n"
          109  +             "Multiple descendants of the current check-in:"
          110  +             "\n\n"
          111  +             );
   107    112         print_timeline(&q, 100);
   108    113         db_finalize(&q);
   109         -      fossil_fatal("Multiple descendants");
          114  +      printf("\n");
          115  +      fossil_fatal(
          116  +                   "You must select one branch or leaf.\n"
          117  +                   "Select a branch or leaf with 'update VERSION', where 'VERSION' is a UUID\n"
          118  +                   "or branch name. Alternatively, you may use 'latest' to refer to the most\n"
          119  +                   "recent check-in."
          120  +                   );
   110    121       }
   111    122       tid = db_int(0, "SELECT rid FROM leaves, event"
   112    123                       " WHERE event.objid=leaves.rid"
   113    124                       " ORDER BY event.mtime DESC"); 
   114    125     }
   115    126   
   116    127     if( tid==vid ) return;  /* Nothing to update */

Fossil version [4df919803b] 2020-05-25 23:23:49