mirror of
https://we.phorge.it/source/arcanist.git
synced 2024-11-12 18:02:39 +01:00
8e0e07664a
Summary: Ref T13098. Historically, Phabricator was split into three parts: - Phabricator, the server. - Arcanist, the client. - libphutil, libraries shared between the client and server. One imagined use case for this was that `libphutil` might become a general-purpose library that other projects would use. However, this didn't really happen, and it seems unlikely to at this point: Phabricator has become a relatively more sophisticated application platform; we didn't end up seeing or encouraging much custom development; what custom development there is basically embraces all of Phabricator since there are huge advantages to doing so; and a general "open source is awful" sort of factor here in the sense that open source users often don't have goals well aligned to our goals. Turning "arc" into a client platform and building package management solidify us in this direction of being a standalone platform, not a standalone utility library. Phabricator also depends on `arcanist/`. If it didn't, there would be a small advantage to saying "shared code + client for client, shared code + server for server", but there's no such distinction and it seems unlikely that one will ever exist. Even if it did, I think this has little value. Nowadays, I think this separation has no advantages for us and one significant cost: it makes installing `arcanist` more difficult for end-users. This will need some more finesssing (Phabricator will need some changes for compatibility, and a lot of stuff that still says "libphutil" or "phutil" may eventually want to say "arcanist"), and some stuff (like xhpast) is probably straight-up broken right now and needs some tweaking, but I don't anticipate any major issues here. There was never anything particularly magical about libphutil as a separate standalone library. Test Plan: Ran `arc`, it gets about as far as it did before. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13098 Differential Revision: https://secure.phabricator.com/D19688
45 lines
1.7 KiB
Text
45 lines
1.7 KiB
Text
This document describes how to set Certificate Authority information.
|
|
Usually, you need to do this only if you're using a self-signed certificate.
|
|
|
|
|
|
OSX after Yosemite
|
|
==================
|
|
|
|
If you're using a version of Mac OSX after Yosemite, you can not configure
|
|
certificates from the command line. All libphutil and arcanist options
|
|
related to CA configuration are ignored.
|
|
|
|
Instead, you need to add them to the system keychain. The easiest way to do this
|
|
is to visit the site in Safari and choose to permanently accept the certificate.
|
|
|
|
You can also use `security add-trusted-cert` from the command line.
|
|
|
|
|
|
All Other Systems
|
|
=================
|
|
|
|
If "curl.cainfo" is not set (or you are using PHP older than 5.3.7, where the
|
|
option was introduced), libphutil uses the "default.pem" certificate authority
|
|
bundle when making HTTPS requests with cURL. This bundle is extracted from
|
|
Mozilla's certificates by cURL:
|
|
|
|
http://curl.haxx.se/docs/caextract.html
|
|
|
|
If you want to use a different CA bundle (for example, because you use
|
|
self-signed certificates), set "curl.cainfo" if you're using PHP 5.3.7 or newer,
|
|
or create a file (or symlink) in this directory named "custom.pem".
|
|
|
|
If "custom.pem" is present, that file will be used instead of "default.pem".
|
|
|
|
If you receive errors using your "custom.pem" file, you can test it directly
|
|
with `curl` by running a command like this:
|
|
|
|
curl -v --cacert path/to/your/custom.pem https://phabricator.example.com/
|
|
|
|
Replace "path/to/your/custom.pem" with the path to your "custom.pem" file,
|
|
and replace "https://phabricator.example.com" with the real URL of your
|
|
Phabricator install.
|
|
|
|
The initial lines of output from `curl` should give you information about the
|
|
SSL handshake and certificate verification, which may be helpful in resolving
|
|
the issue.
|