On Jun 7, 2018, at 3:08 PM, Bob Friesenhahn <bfrie...@simple.dallas.tx.us> wrote: > > On Thu, 7 Jun 2018, Warren Young wrote: >> >> I ask because if you build a Fossil binary by hand, you can link it to an >> up-to-date version of OpenSSL, which may solve the certificate problem. > > OpenSSL does not provide certificates.
Yes, I know that, but it does solve the other likely problem when using a too-old system with HTTPS, being an inability for the client and server to agree on a mutually-supported encryption suite. With all of the security vulnerabilities found in encryption algorithms, hashing algorithms, and libraries over the past 9 years, there’s a fair chance Lenny’s OpenSSL won’t be able to talk to the TLS implementation on sqlite.org even with the CA issue solved. Fossil’s build system has a specific option for linking to a non-system version of OpenSSL built from source, which solves that problem. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
