[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Issue 2489 - Add support for storing SSL client certificate passphrases in OSX Keychain.

From: Arfrever Frehtes Taifersar Arahesis <arfrever.fta_at_gmail.com>
Date: Sat, 30 Aug 2008 19:26:36 +0200

2008-08-29 20:41:23 Jeremy Whitlock napisaƂ(a):
> Attached is a patch to add support for storing SSL client
> certificate passphrases in OSX Keychain. I also attached the patch to
> Issue 2489 for posterity:
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=2489
>
> Please let me know if I can help you with anything related to getting
> this applied.

> [[[
> Support storing SSL client certificate passphrases in OSX Keychain.
>
> * subversion/libsvn_subr/cmdline.c (svn_cmdline_set_up_auth_baton): Add OSX
> Keychain SSL client certificate passphrase provider to the providers array.
>
> * subversion/libsvn_subr/macos_keychain.c (keychain_password_set,
> keychain_password_get): Added NULL check for username.
> (keychain_ssl_client_cert_pw_first_creds,
> keychain_ssl_client_cert_pw_save_creds,
> svn_auth_get_keychain_ssl_client_cert_pw_provider): New functions.
> (keychain_ssl_client_cert_pw_provider): New object.
>
> * subversion/libsvn_subr/ssl_client_cert_pw_providers.c
> (svn_auth__ssl_client_cert_pw_file_save_creds_helper): Add OSX Keychain SSL
> client certificate passphrase provider to the list of providers which
> store passphrases encrypted.
>
> * subversion/include/svn_auth.h
> (svn_auth_get_keychain_ssl_client_cert_pw_provider): New function.
> ]]]
>
> Index: subversion/libsvn_subr/cmdline.c
> ===================================================================
> --- subversion/libsvn_subr/cmdline.c (revision 32800)
> +++ subversion/libsvn_subr/cmdline.c (working copy)
> @@ -509,7 +509,20 @@
> {
> #ifdef SVN_HAVE_KEYCHAIN_SERVICES
> svn_auth_get_keychain_simple_provider(&provider, pool);
> - APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
> +
> + if (provider)
> + {
> + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *)
> + = provider;
> + }
> +
> + svn_auth_get_keychain_ssl_client_cert_pw_provider(&provider, pool);
> +
> + if (provider)
> + {
> + APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *)
> + = provider;
> + }

provider cannot be NULL here, so there should be:

 svn_auth_get_keychain_simple_provider(&provider, pool);
 APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;
 svn_auth_get_keychain_ssl_client_cert_pw_provider(&provider, pool);
 APR_ARRAY_PUSH(providers, svn_auth_provider_object_t *) = provider;

provider can be set to NULL only by get_auth_provider() which isn't used here.

> Index: subversion/include/svn_auth.h
> ===================================================================
> --- subversion/include/svn_auth.h (revision 32800)
> +++ subversion/include/svn_auth.h (working copy)
> @@ -825,6 +825,23 @@
> void
> svn_auth_get_keychain_simple_provider(svn_auth_provider_object_t **provider,
> apr_pool_t *pool);
> +
> +/**
> + * Create and return @a *provider, an authentication provider of type @c
> + * svn_auth_cred_ssl_client_cert_pw_t that gets/sets information from the
> + * user's ~/.subversion configuration directory. Allocate @a *provider in
> + * @a pool.
> + *
> + * This is like svn_client_get_ssl_client_cert_pw_file_provider(), except

s/client/auth/

> + * that the password is stored in the Mac OS KeyChain.
> + *
> + * @since New in 1.6
> + * @note This function is only available on Mac OS 10.2 and higher.
> + */
> +void
> +svn_auth_get_keychain_ssl_client_cert_pw_provider
> + (svn_auth_provider_object_t **provider,
> + apr_pool_t *pool);
> #endif /* DARWIN || DOXYGEN */

-- 
Arfrever Frehtes Taifersar Arahesis

Received on 2008-08-30 19:29:41 CEST

This is an archived mail posted to the Subversion Dev mailing list.