2013/10/28 Ron Wilson <ronw.m...@gmail.com>: > In any case, the cert displayed did not look like a self-signed cert, so I > would be > concerned that the incorrect cert was displayed.
The "jan-httpsproxytunnel" branch doesn't change anything related to certificate handling. I just included the full logs for completeness. The problem in fossil trunk is that when doing a https request through a http tunnel the "GET <host>:<port>/" request is going to be encrypted, so there is no way for the proxy to know where the request should be directed to. Therefore, an unencrypted "CONNECT <host>:<port>" must be sent to the proxy first, that's what is fixed in the "jan-httpsproxytunnel" branch. I would welcome this fix in trunk, the change looks good to me! Saving the password from the URL is just a minor issue, it's the only 'problem' I encountered. > From the question/response dialog, I assume that Fossil was what rejected > the > cert, so I have to wonder why? The cert was rejected because the issuing authority was not registered as being thrusted yet, I think that's correct behavior. > Beyond, I think there should be a choice between "yes, just this time" and > "always now and all future times", specifically, "yes for the duration of > this > command", since Fossil often performs multiple HTTP/HTTPS exchanges > during a pull/push/sync. Yes, I agree, but that's not "jan-httpsproxytunnel"'s fault. Regards, Jan Nijtmans _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users