Also core dumps when provided full path to the cert/key...

$ fossil ssl-config load-cert /home/jerry/fossil-repos/cert.pem /home/jerry/fossil-repos/privatekey.pem
unauthorized change to protected setting "ssl-cert"
Abort trap (core dumped)

It looks like I don't need to even edit the config option in the webpage.

Maybe it's a problem with my cert and key, but I don't see any issues with the files themselves.

$ file cert.pem privatekey.pem
cert.pem:       PEM certificate
privatekey.pem: ASCII text

$ fossil ssl-config load-cert ../cert.pem ../privatekey.pem
unauthorized change to protected setting "ssl-cert"
Abort trap (core dumped)

Also happening on a linux machine...

$ fossil ssl-config load-cert ../stunnel.pem
unauthorized change to protected setting "ssl-cert"
Aborted

This is a deliberate call to panic() due to an assertion fault. It is not some kind of memory error that could lead to an exploit. This is the result of defensive code that is added to Fossil to make it rebust against exploits.

Yes, this is a bug. But it a bug that Fossil detected itself. Yes it needs to be fixed. But it is not a reason for you to panic. Chill. Somebody will get around to fixing the problem soon.

I appreciate the defensiveness of Fossil being built in.

I wasn't in a panic and I knew nothing bad happened. I'm sorry for the posts.

Can you please try again with check-in 3f8ee9e1f3b5bafa or later and report back whether or not this fixes your problem?

I believe I have found a few issues, though it is my interpretation of the code...

1. The load-cert commands logic needs adjusting. Currency its skipping setting the ssl-cert in to the config table. Also the delete sql commands had a typo in the field names. (Example fix patch below)

2. The command decode_ssl_options https://fossil-scm.org/home/file?ci=trunk&name=src/main.c&ln=3099 requires an open connection to the repo (via https://fossil-scm.org/home/file?ci=trunk&name=src/http_ssl.c&ln=729), though it appears that decode_ssl_options is being called before the repo connection has been opened. I confirmed this by stepping thru the code and https://fossil-scm.org/home/file?ci=trunk&name=src/db.c&ln=3205 is false

I tried moving things around to no avail…still learning the conventions of the code base.

To fix the first set of things I found in item 1 above,

This does not fix item 2, I do not know how to fix that one...

fossil diff
Index: src/http_ssl.c
==================================================================
--- src/http_ssl.c
+++ src/http_ssl.c
@@ -905,11 +905,11 @@
     }
     db_unprotect(PROTECT_ALL);
     db_multi_exec(
       "PRAGMA secure_delete=ON;"
       "DELETE FROM config "
-      " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
+      " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
     );
     db_protect_pop();
   }else
   if( strncmp("load-cert",zCmd,nCmd)==0 && nCmd>=4 ){
     int bFN = find_option("filename",0,0)!=0;
@@ -921,11 +921,11 @@
     db_begin_transaction();
     db_unprotect(PROTECT_ALL);
     db_multi_exec(
       "PRAGMA secure_delete=ON;"
       "DELETE FROM config "
-      " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-cert-key');"
+      " WHERE name IN ('ssl-cert','ssl-cert-file','ssl-key-file');"
     );
     nHit = 0;
     for(i=3; i<g.argc; i++){
       Blob x;
       int isCert;
@@ -944,11 +944,10 @@
           fossil_fatal("more than one certificate provided");
         }
         haveCert = 1;
         if( bFN ){
           db_set("ssl-cert-file", file_canonical_name_dup(g.argv[i]), 0);
-        }else{
           blob_append(&allText, blob_buffer(&x), blob_size(&x));
         }
         if( isKey && !haveKey ){
           haveKey = 1;
           isKey = 0;
@@ -959,11 +958,10 @@
           fossil_fatal("more than one private key provided");
         }
         haveKey = 1;
         if( bFN ){
           db_set("ssl-key-file", file_canonical_name_dup(g.argv[i]), 0);
-        }else{
           blob_append(&allText, blob_buffer(&x), blob_size(&x));
         }
       }
     }
     if( !haveCert ){
@@ -973,11 +971,11 @@
         fossil_fatal("missing certificate");
       }
     }else if( !haveKey ){
       fossil_fatal("missing private-key");
     }
-    if( !bFN ){
+    if( bFN ){
       db_set("ssl-cert", blob_str(&allText), 0);
     }
     db_protect_pop();
     db_commit_transaction();
   }else

There is no longer a core dump occurring, so that is fixed.

However, I see this...

$ fossil ssl-config load-cert ../cert.pem ../privatekey.pem
$ fossil ssl-config
OpenSSL-version:   LibreSSL 3.5.0  (0x020000000)
OpenSSL-cert-file: /etc/ssl/cert.pem
OpenSSL-cert-dir:  /etc/ssl/certs
SSL_CERT_FILE:
SSL_CERT_DIR:
ssl-ca-location:
ssl-identity:
ssl-cert:          (3132-byte PEM)
ssl-cert-file:
ssl-key-file:

Since I have the private key and certificate in separate files, I think they would show up on the corresponding lines. But that's not the case above.

This is fossil version 2.18 [d1ac2f90da] 2022-01-12 03:46:21 UTC

Since I have the private key and certificate in separate files, I think they would show up on the corresponding lines. But that's not the case above.

From the load-cert help:

**   load-cert PEM-FILES...      Identify server certificate files. These
**                               should be in the PEM format.  There are
**                               normally two files, the certificate and the
**                               private-key.  By default, the text of both
**                               files is concatenated and added to the
**                               "ssl-cert" setting.  Use --filename to store
**                               just the filenames.

which is consistent with your config output.