On 27.02.2014 15:22, Bert Huijben wrote:
>
>> -----Original Message-----
>> From: Stefan Sperling [mailto:stsp_at_apache.org]
>> Sent: donderdag 27 februari 2014 13:27
>> To: Bert Huijben
>> Cc: dev_at_subversion.apache.org
>> Subject: Re: svn commit: r1572105 - in /subversion/trunk/subversion:
>> svn/auth-cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn--
>> help_stdout tests/cmdline/getopt_tests_data/svn_help_stdout
>>
>> On Thu, Feb 27, 2014 at 02:13:10AM +0100, Bert Huijben wrote:
>>>
>>>> -----Original Message-----
>>>> From: stsp_at_apache.org [mailto:stsp_at_apache.org]
>>>> Sent: woensdag 26 februari 2014 16:48
>>>> To: commits_at_subversion.apache.org
>>>> Subject: svn commit: r1572105 - in /subversion/trunk/subversion:
>> svn/auth-
>>>> cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn--
>> help_stdout
>>>> tests/cmdline/getopt_tests_data/svn_help_stdout
>>>>
>>>> Author: stsp
>>>> Date: Wed Feb 26 15:48:06 2014
>>>> New Revision: 1572105
>>>>
>>>> URL: http://svn.apache.org/r1572105
>>>> Log:
>>>> Introduce 'svn auth', a subcommand for managing the authentication
>> cache
>>>> which supersedes the 'svnauth' tool. Currently, cached credentials can
> be
>>>> listed and removed. In the future, this subcommand could also provide
> a
>>>> mechanism to add credentials to the cache.
>>> Currently 'svn auth' is broken for ssl certificates on Windows, because
> you
>> use (a Serf api which uses) openssl without properly initializing openssl
> first.
>>> This serf api, further uses stdio to access the certificate file, which
> doesn't
>> work on Windows without other workarounds.
>>> The problem in Serf is fixed in r2314, but this will bump the required
> Serf
>> version for 1.9.0 to a currently not released serf version, and I'm not
> sure if
>> that is what we want here.
>>> Bert
>> Woah, I didn't know about this bug at all. This is news to me.
>>
>> I suspect this problem was only discovered recently?
>> This problem would also have affected 'svnauth', so I'm not sure
>> why we didn't know about this before and how it moving this
>> functionality into 'svn' makes any difference. The feature must
>> have been broken on Windows all along.
> Did you write a test case that dumped a certificate?
>
> You would have seen a line
> [[
> OPENSSL_Uplink(62BDF000,08): no OPENSSL_Applink
> ]]
> Instead of the certificate and an exit of the process on Windows, if this
> case was tested on the buildbots.
>
>
> Lieven also thinks that using this function without a context is an invalid
> use of serf, as it makes it impossible to use other implementations than
> openssl.
>
> And using 'serf' directly from 'svn' will make 'svn' directly link serf in
> serf.exe on Windows, because the shared library instance in libsvn_ra-1.dll
> is not accessible from svn.
And why is that a problem?
The alternative (as Stefan pointed out) is to do all this with raw
OpenSSL; and make "svn" depend on that; and write yet another cert parser.
-- Brane
--
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
e. brane_at_wandisco.com
Received on 2014-02-28 10:43:15 CET