On 06/02/11 22:05, Ben Summers wrote: > I've created a new branch, ben-testing, with the new features I've been > working on. I'm going to be using this version from now on to make sure it's > well tested before it's considered for merging into trunk. It adds: > > * SSL client certificate support [---]
See http://www.fossil-scm.org/index.html/timeline?r=jan-clientcert for alternative SSL client certificate support. My client certificate system works as follows: Step 1: Create a certificate bundle (stored in the global database): $ fossil cert add myfoo --key ~/.certs/myid.key --cert ~/.certs/myid.crt --cafile ~/.certs/foo-ca.crt Step 2: Clone using the bundle $ fossil clone --certbundle myfoo https://repos.foo.org/projects/projectX projectx.fossil Fossil has now made an implicit association between the URL "repos.foo.org" and the user's certificate bundle "myfoo". One can see this using the "cert list" sub-command: $ fossil cert list myfoo ckey=/home/anonymous/.certs/myid.key ckey=/home/anonymous/.certs/myid.crt cafile=/home/anonymous/.certs/foo-ca.crt Associations repos.foo.org What this means is that any time the user uses https to access repos.foo.org, fossil will automatically use the certificate bundle myfoo. Should one want to break the association, without removing the certificate bundle, use the command: $ fossil cert disassociate repos.foo.org Each time one uses clone/push/pull/sync with the --certbundle option, the implicit association will be made. Finally, if one would need to remove the certificate bundle, and all its associations, use the command: $ fossil cert delete myfoo -- Kind regards, Jan Danielsson
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users