Fossil

File History
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

History of src/http_ssl.c

2018-07-15
19:56
Clarify the difference between fossil_fatal() and fossil_panic(). The fossil_panic() interface puts a message on the error log when generating webpages. Otherwise the two routines are identical. Convert some fossil_fatal() calls into fossil_panic() where appropriate. The goal here is to limit messages on the error log to things that require attention from the system administrator, or represent bugs. file: [a2a81069] check-in: [3f5ab717] user: drh branch: trunk, size: 14195
2017-11-30
17:58
Refactor the symlink processing logic so that most of the file access routines take a new parameter indicating the conditions under which symlinks should and should not be followed. This should fix a few bugs related to symlink processing. Lots of testing required before merging to trunk. file: [55266e0d] check-in: [e7767de2] user: drh branch: symlink-refactor, size: 14195
2017-03-14
12:11
Fix Debian bug 847556: Cannot clone/sync over HTTPS file: [91aa0e52] check-in: [04168f51] user: jan.nijtmans branch: trunk, size: 14186
2016-09-07
10:41
Update referenced OpenSSL version file: [0d21a484] check-in: [958f1a89] user: jan.nijtmans branch: openssl-1.1, size: 14191
2016-04-02
04:47
Use retry logic for SSL read/write as described in the OpenSSL docs. file: [dea4a130] check-in: [c13b6ba7] user: mistachkin branch: sslRetry, size: 14160
2014-12-18
08:17
Merge trunk. Disable SSLv3 without setting to re-enabled it. file: [3bb5fed6] check-in: [d6e8e26d] user: jan.nijtmans branch: disable-sslv3, size: 14031
2014-12-17
21:22
Disable SSLv3 by default, but provide a new setting "ssl-enable-v3" to enable it. file: [5ce85163] check-in: [9f1f3f34] user: jan.nijtmans branch: disable-sslv3, size: 14150
2014-12-16
02:37
Improvements to HTTP redirect on sync. file: [e36ab021] check-in: [3a00b612] user: drh branch: trunk, size: 14005
2014-06-26
07:40
Make format parameter in socket_set_errmsg() and ssl_set_errmsg() functions a const. file: [ed0b33af] check-in: [cfb8d660] user: jan.nijtmans branch: trunk, size: 13988
2014-03-31
16:48
Get rid of the GLOBAL_URL() kludge. Change the global "g" variable to contain an instance of the UrlData object instead of individual fields of the UrlData object. file: [38675814] check-in: [5fdad9bd] user: drh branch: trunk, size: 14012
2014-02-08
08:54
Fix harmless compiler warning file: [8638fbf0] check-in: [0681b39b] user: jan.nijtmans branch: trunk, size: 14009
2014-02-06
13:59
Use the same "User-Agent" string everywhere file: [6eef325e] check-in: [a7a7df70] user: jan.nijtmans branch: trunk, size: 14007
13:42
Add support for tunneling https through a http proxy (Ticket [e854101c4f]) file: [477c21fb] check-in: [3a334356] user: jan.nijtmans branch: trunk, size: 14016
2014-02-05
15:20
one more ..... file: [d7268a17] check-in: [4f1709d7] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 14023
14:59
Use hostname in stead of proxy name in certificate handling. Attempt to fix the problem described here: https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg13898.html file: [4c795ae1] check-in: [6673f163] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13989
2014-01-29
10:21
fix comment file: [913e196b] check-in: [ca0a58fa] user: jan.nijtmans branch: trunk, size: 11620
09:36
Don't use global data any more in establish_proxy_tunnel() file: [71650115] check-in: [12e917a1] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13799
09:22
merge trunk file: [c8cff5d3] check-in: [1f1848dd] user: jan.nijtmans branch: jan-httpsproxytunnel, size: 13734
2013-11-14
04:34
Set the error message to indicate the HTTP status code returned on CONNECT to avoid segfault. file: [0759dce9] check-in: [87d5fef9] user: andybradford branch: jan-httpsproxytunnel, size: 13530
2013-10-26
22:51
Accept return codes 2xx when establishing tunnel. file: [25e445fe] check-in: [a6720183] user: jan branch: jan-httpsproxytunnel, size: 13450
2013-10-21
17:21
Slight modularization when building the request to establish https tunnel over proxy. file: [72d75fc6] check-in: [491e6d30] user: jan branch: jan-httpsproxytunnel, size: 13444
2013-10-17
15:21
Fixed typo. file: [15ee1a39] check-in: [4ca5aa35] user: jan branch: jan-httpsproxytunnel, size: 13534
10:04
Include User-Agent when connecting to proxy for https tunnels. Fixed a misplaced EOL. file: [dc991065] check-in: [08b02fe8] user: jan branch: jan-httpsproxytunnel, size: 13535
09:31
Add keep-alive for unauthenticated proxy tunnels. Remove port number from host. file: [93d9aae7] check-in: [ca61c5e9] user: jan branch: jan-httpsproxytunnel, size: 13423
09:07
Make proxy connection 'keep-alive' for https tunnel. file: [aa8d1a05] check-in: [ca82d0c1] user: jan branch: jan-httpsproxytunnel, size: 13418
2013-10-14
07:08
Phase 3, the TH1 http command now uses non-global URL data. This also required heavy refactoring of some other callers that use the global URL data. file: [b8265d59] check-in: [8ce9c1af] user: mistachkin branch: tkt-change-hook, size: 11627
2013-10-07
13:27
Support for tunneling https through http proxy. file: [e121b650] check-in: [c039efde] user: jan branch: jan-httpsproxytunnel, size: 13373
2013-01-09
15:59
Fix incorrect license statement on the http_ssl.c file. No code changes. file: [bfdb21dd] check-in: [c7133bd7] user: drh branch: trunk, size: 11480
2012-11-04
12:59
Fix typos. file: [0b10e867] check-in: [45065c5c] user: dmitry branch: spelling, size: 11754
2012-10-28
21:52
now tested with ssl enabled as well file: [a5507472] check-in: [101a53cf] user: jan.nijtmans branch: trunk, size: 11753
21:38
- finally, do the ++j update in looks_like_text() right - More consistancy in prompt handling: accept Capitals everywhere, use '(' not '[', and abbreviate yes/no to y/N everywhere file: [853a8105] check-in: [7c527165] user: jan.nijtmans branch: trunk, size: 11736
2012-08-29
13:57
Allow UTF-8 characters in sources. translate.exe will translate it to ASCII file: [ad601603] check-in: [9f6abc59] user: jan.nijtmans branch: msvc-broken, size: 11673
2012-03-29
14:54
Add vim modline everywhere file: [ac458ee3] check-in: [a496d8e8] user: mgagnon branch: mgagnon_fix, size: 11716
2011-12-23
14:00
Use the SSL_set_tlsext_host_name() function only if it is available. file: [0c52f90e] check-in: [cb524426] user: drh branch: trunk, size: 11674
2011-12-16
22:00
Add SSL SNI support (suggested by BohwaZ on mailing list). Simplify setting of port for SSL connection. file: [01cd2d2d] check-in: [132dbced] user: dmitry branch: dmitry-fixes, size: 11594
2011-10-12
15:21
Making the http ssl code output the verification error, in case of verification failure.    I also make the user question state the host the certificate is related to. file: [3cd92249] check-in: [79c31f9b] user: viriketo branch: trunk, size: 11463
2011-10-10
13:05
Additional formatting fixes: shorten lines to 80 characters or less. file: [8c2ac3bb] check-in: [c1d78e05] user: drh branch: trunk, size: 11308
12:59
Adjust SSL trust fix to skip prompting for certificates that already have an explicitly negative trust setting. file: [a3958e41] check-in: [63680474] user: mistachkin branch: trunk, size: 11436
12:55
Fix indentation and formatting in http_ssl.c. Limit line length to 80 characters per the coding style spec. file: [fd9eaf45] check-in: [5eb8f015] user: drh branch: trunk, size: 11393
08:56
Fix constant prompting on already saved SSL certificates that are not trusted for some reason (e.g. host mismatch, etc). file: [9f5e72f7] check-in: [25169506] user: mistachkin branch: ssl-trust-fix, size: 11319
2011-09-24
01:39
Disable SSLv2 in HTTPS client. This version of the protocol is considered insecure and has been deprecated; all modern browsers disable it. file: [e37af8e6] check-in: [ea1d369d] user: dmitry branch: trunk, size: 10838
2011-09-16
18:53
replaced two C++-style comments. file: [4894315f] check-in: [693ab93b] user: stephan branch: trunk, size: 10764
2011-09-06
20:12
catch up with trunk. Remove C++ style comments from http_ssl.c. file: [f2268870] check-in: [0f1c41bc] user: martin.weber branch: msw-hack, size: 10766
2011-09-01
20:38
I think I fix a possible bug on platforms where 'char' has signed meaning, on the code about noting the 'rcvfrom' ipv4 address. file: [06f6d5f1] check-in: [9ce6771c] user: viriketo branch: ssl_peer_ip, size: 10760
20:33
Adding some ipv4-only code to get the ip where we took the content from for the https connections. The "rcvfrom" information was lost in the case of https connections.    I don't know how to make it work well for ipv6 too. file: [abf9bec5] check-in: [daa6a0eb] user: viriketo branch: ssl_peer_ip, size: 10727
2011-06-05
08:49
Minor code cleanup: reformat code to 80 char line length file: [131941f5] check-in: [6aa5b85f] user: ben branch: ben-testing, size: 10381
08:46
Add ssl-ca-location setting to specify file/directory to pass to OpenSSL as the server CA location. This allows specification of CAs properly on platforms without usable centralised CA certificate lists, or management by external programs. Add note to certificate warning about this setting, and stronger instructions about what to do if the server certificate could not be verified. file: [e66e6146] check-in: [636cc595] user: ben branch: ben-testing, size: 10360
2011-05-29
12:49
Support for client side SSL certificates for extra authentication to https servers. Adds --ssl-identity command line option and ssl-identity setting to specify the filename of a identity file containing a PEM encoded certificate and private key. file: [53274f24] check-in: [e06ea26e] user: ben branch: ben-security, size: 8924
2011-05-22
14:53
When displaying an unknown certificate, also display the certificate fingerprint so the user can verify they're seeing the certificate they expect. Just displaying the textual names in the certificate does not give enough information to be certain someone isn't doing a man in the middle attack. file: [ddbdabc2] check-in: [fc93bfb0] user: ben branch: ben-security, size: 7769
2011-04-10
00:27
Cache passphrase for protected PEM files to avoid having to re-type passphrase for each new https connection. file: [6ff01a19] check-in: [0c0392af] user: jan branch: jan-clientcert, size: 17581
2011-04-02
13:40
Use the dedicated certs table for server certificate cache. Only attempt to use client certificate if one was actually specified for a cert bundle. Assume client key is in same file as certificate if one wasn't explicitly specified. file: [fec48487] check-in: [c44bb083] user: jan branch: jan-clientcert, size: 16678
2011-03-31
15:30
Some rephrasing and code cleanup. file: [562f72c5] check-in: [cff102fe] user: jan branch: jan-clientcert, size: 16086
2011-03-30
21:00
Code cleanup. Fix the "cert" command so that it compiles even if FOSSIL_ENABLE_SSL is not used. file: [442c395e] check-in: [ebe1faab] user: drh branch: jan-clientcert, size: 16002
20:58
Fix two potential SQL injection attacks. file: [1937a2ba] check-in: [71384ce6] user: drh branch: jan-clientcert, size: 18147
18:49
Use the new certificate bundle management for https connections, and deactivate the old environment variable code. Added support for specifying certificate/key bundle to clone/push/pull/sync commands. file: [77378f62] check-in: [1a1aa98a] user: jan branch: jan-clientcert, size: 18147
15:40
Added a 'cert' subcommand to manage certificate groups, and added a certificate table to the global db. Minor code formatting change. file: [7d3a07eb] check-in: [1156ad25] user: jan branch: jan-clientcert, size: 15549
10:53
Minor code formatting changes in http_ssl.c. file: [45fa3355] check-in: [662c8351] user: drh branch: jan-clientcert, size: 10310
2011-03-29
15:06
Cosmetic: Removed some tabbed indentation. file: [3a88e8b1] check-in: [b261c4a3] user: jan branch: jan-clientcert, size: 10318
14:12
Add support for feeding OpenSSL a CA certificate file/path for proper chain verification. This is one of several possible solutions to ticket [727af73f46]. Also cache the CA certificate file/path, client certificate/key file/path references in the global config (similar to how the server certificates are cached), and attempt to use them if the corresponding environment variables have not been set. Prefixed a function with ssl_ to conform to existing naming conventions. file: [5fa80ec8] check-in: [b28995cc] user: jan branch: jan-clientcert, size: 10300
2011-03-25
18:20
Added very basic client certificate support for https. file: [e83a2760] check-in: [513ea810] user: jan branch: jan-clientcert, size: 8629
2010-10-22
01:06
Merge in some ui enhancements from the ssl_platform_fixes branch. file: [0532ba5a] check-in: [3c19422b] user: bcsmith branch: ui-improvements, size: 11736
2010-10-06
12:15
SLL uses system-wide default CAs. Ticket [f696bc85f8b91d263f5bf4c5bbd2]. file: [54bf448e] check-in: [8995df3a] user: drh branch: trunk, size: 7500
2010-10-03
19:24
More descriptive SSL error messages. file: [b88e7164] check-in: [6b8b6d2e] user: bcsmith branch: ssl_platform_fixes, size: 11670
2010-08-28
20:22
Added ssl support to msc msc doesn't like declaring vars in the middle of a block! added the extra needed libs in a commented LIBS line file: [56d783c4] check-in: [29c728f4] user: renez branch: windowscompilers, size: 7434
2010-06-23
13:30
Prompt the user for permission to overwrite files on "fossil open". Ticket [17389900b2e5bd816] file: [b861d807] check-in: [d778ffea] user: drh branch: trunk, size: 7425
2010-03-21
22:42
Comparison typo. file: [f41997da] check-in: [624bc1c6] user: linuxfood branch: ssl_platform_fixes, size: 8461
22:38
Fix case when trying to free a non-malloced pointer. file: [6f64488a] check-in: [ee59ca74] user: linuxfood branch: ssl_platform_fixes, size: 8461
22:14
Merge in trunk and local fixes. file: [a24ae7b8] check-in: [3b06c951] user: linuxfood branch: ssl_platform_fixes, size: 8375
2010-03-06
15:21
Fix a compiler warning in the SSL module. file: [65bb20fd] check-in: [58257070] user: drh branch: trunk, size: 7424
2009-11-09
21:22
Reformat some code in http_ssl.c file: [9abcae4f] check-in: [d92945e5] user: dmitry branch: ssl, size: 7418
15:32
Add SSL support. file: [77d02aa7] check-in: [16f6fd90] user: dmitry branch: ssl, size: 7422 Added