Re: [fossil-users] https-over-proxy
2014-02-05 16:02 GMT+01:00 Jan Nijtmans jan.nijtm...@gmail.com: My attempt to fix this bug is here: http://www.fossil-scm.org/index.html/info/6673f163ea Jan (Danielsson), could you please verify that this is correct? If so, then I think this could be merged to trunk. For me it appears to work fine. A final test in a clean envrionment convinced me that the jan-httpsproxytunnel branch is doing what it is supposed to be. See below for the full log, I cannot find a mistake in it any more. Therefore I would like to merge this branch to trunk, and close this ticket (which is open for almost 3 years): http://fossil-scm.org/index.html/tktview?name=e854101c4f Any objections? Anyone else who feels inclined to test it? Regards, Jan Nijtmans == fossil sync Sync with https://jan.nijtm...@www.fossil-scm.org/fossil via proxy: http://192.168.13.12:8080 SSL verification failed: self signed certificate in certificate chain Certificate received: organizationalUnitName= Domain Control Validated commonName= sqlite.org Issued By: countryName = US stateOrProvinceName = Arizona localityName = Scottsdale organizationName = GoDaddy.com, Inc. organizationalUnitName= http://certificates.godaddy.com/repository commonName= Go Daddy Secure Certification Authority serialNumber = 07969287 SHA1 Fingerprint: 4b f9 e1 b5 33 be 92 9b 94 9b 89 a5 ea 3e 74 f7 91 b0 32 0a Either: * verify the certificate is correct using the SHA1 fingerprint above * use the global ssl-ca-location setting to specify your CA root certificates list If you are not expecting this message, answer no and contact your server administrator. Accept certificate for host www.fossil-scm.org (a=always/y/N)? y Round-trips: 1 Artifacts sent: 0 received: 74 *** time skew *** server is slow by 3.3 minutes Sync finished with 2296 bytes sent, 4145 bytes received ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] https-over-proxy
On Thu, Feb 6, 2014 at 4:41 AM, Jan Nijtmans jan.nijtm...@gmail.com wrote: 2014-02-05 16:02 GMT+01:00 Jan Nijtmans jan.nijtm...@gmail.com: My attempt to fix this bug is here: http://www.fossil-scm.org/index.html/info/6673f163ea Jan (Danielsson), could you please verify that this is correct? If so, then I think this could be merged to trunk. For me it appears to work fine. A final test in a clean envrionment convinced me that the jan-httpsproxytunnel branch is doing what it is supposed to be. See below for the full log, I cannot find a mistake in it any more. Therefore I would like to merge this branch to trunk, and close this ticket (which is open for almost 3 years): http://fossil-scm.org/index.html/tktview?name=e854101c4f Any objections? Anyone else who feels inclined to test it? No objections. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] https-over-proxy
2014-02-04 Jan Nijtmans jan.nijtm...@gmail.com: Currently, the jan-httpsproxytunnel has a single left bug: when checking certificates, the host being compared is the one from the proxy while it should be the end-point host. As soon as that bug is fixed (should be easy for you), I would propose to merge it to trunk. See: https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg13898.html My attempt to fix this bug is here: http://www.fossil-scm.org/index.html/info/6673f163ea Jan (Danielsson), could you please verify that this is correct? If so, then I think this could be merged to trunk. For me it appears to work fine. Regards, Jan Nijtmans ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] https-over-proxy
Hello, I did some work to get https-over-proxy working because both a friend and I both needed it, and there was a ticket requesting the feature. Now the place where my friend works no longer uses proxies for outgoing traffic, so he no longer needs it, and I very rarely use it. So, the question is: Merge to trunk, or let it bitrot? I get the feeling that http proxies for outgoing connections is going away, making this feature slightly esoteric. Am I wrong? Is anyone using it? /Jan ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] https-over-proxy
On Tue, Feb 4, 2014 at 6:20 PM, Jan Danielsson jan.m.daniels...@gmail.comwrote: So, the question is: Merge to trunk, or let it bitrot? I get the feeling that http proxies for outgoing connections is going away, making this feature slightly esoteric. Am I wrong? Is anyone using it? FWIW, i occasionally need HTTP proxy support, but have never needed HTTPS proxy support. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal Freedom is sloppy. But since tyranny's the only guaranteed byproduct of those who insist on a perfect world, freedom will have to do. -- Bigby Wolf ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] https-over-proxy
On Tue, Feb 4, 2014 at 12:20 PM, Jan Danielsson jan.m.daniels...@gmail.comwrote: So, the question is: Merge to trunk, or let it bitrot? I get the feeling that http proxies for outgoing connections is going away, making this feature slightly esoteric. Am I wrong? Is anyone using it? Many of the out-of-office locations I occasionally go to transparently route out going HTTP/HTTPS traffic through a proxy. My usual work-around is to use an SSH tunnel to a friend's server, which also runs a private HTTP/HTTPS proxy server. directly supporting HTTPS proxies in Fossil would save steps and improve sync performance by reducing lag and increasing through put. thanks for your contributions to Fossil. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] https-over-proxy
2014-02-04 Jan Danielsson jan.m.daniels...@gmail.com: So, the question is: Merge to trunk, or let it bitrot? I get the feeling that http proxies for outgoing connections is going away, making this feature slightly esoteric. Am I wrong? Is anyone using it? For open-source projects, like Fossil or SQLite, https support is not crucial: project data is readable by anyone anyway. But for closed-source projects, which are hosted in the cloud and for a company (like mine) having the policy that everything going outside must go through a proxy, Fossil is not an option. For me it isn't a probem: I use Subversion in that case. Currently, the jan-httpsproxytunnel has a single left bug: when checking certificates, the host being compared is the one from the proxy while it should be the end-point host. As soon as that bug is fixed (should be easy for you), I would propose to merge it to trunk. See: https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg13898.html Thanks! Jan Nijtmans ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users