[PATCH] Neon 0.19.1 patch & fix #625

This patch replaces the previous patch for 0.19.0 I sent out earlier
today and updates it to use 0.19.1. The other change is that it adds
a SSL certificate callback so that neon connects to servers with SSL
issues (unknown CA and other errors).

Best,
Blair

-- 
Blair Zajac <blair@orcaware.com>
Web and OS performance plots - http://www.orcaware.com/orca/
2002-02-19  Blair Zajac  <blair@orcaware.com>
	Fix issue #625.
	* CHANGES: Update to use neon 0.19.1.
	* INSTALL (Contents): Update to use neon 0.19.1.
	* build/buildcheck.sh (NEON_WANTED): Check for neon 0.19.1
	* subversion/libsvn_ra_dav/session.c (svn_ra_dav__open): Upgrade
	to neon 0.19.1 which removed the ne_session_server() function and
	replaced it with ne_session_create() which takes the URI scheme,
	hostname and port.  Replace a call to removed ne_set_secure() to
	ne_supports_ssl().
	(ssl_set_verify_callback): New function.
	* packages/rpm/README: Update to use neon 0.19.1.
	* packages/rpm/subversion.spec: Update to use neon 0.19.1.
Index: ./subversion/libsvn_ra_dav/session.c
===================================================================
--- ./subversion/libsvn_ra_dav/session.c
+++ ./subversion/libsvn_ra_dav/session.c	Tue Feb 19 13:15:13 2002
@@ -83,6 +83,15 @@
 }
 
 
+/* A neon-session callback to validate the SSL certificate when the CA
+   is unknown or there are other SSL certificate problems. */
+static int ssl_set_verify_callback(void *userdata, int failures,
+                                   const ne_ssl_certificate *cert)
+{
+  /* Accept any SSL certificate. */
+  return 0;
+}
+
 /* ### need an ne_session_dup to avoid the second gethostbyname
  * call and make this halfway sane. */
 
@@ -99,6 +108,7 @@
   ne_session *sess, *sess2;
   struct uri uri = { 0 };
   svn_ra_session_t *ras;
+  int is_ssl_session;
 
   /* Sanity check the URI */
   if (uri_parse(repository, &uri, NULL) 
@@ -116,45 +126,27 @@
                             "network socket initialization failed");
   }
 
-  /* Create two neon session objects, and set their properties... */
-  sess = ne_session_create();
-  sess2 = ne_session_create();
-
 #if 0
   /* #### enable this block for debugging output on stderr. */
   ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY);
 #endif
 
-#if 0
-  /* Turn off persistent connections. */
-  ne_set_persist(sess, 0);
-  ne_set_persist(sess2, 0);
-#endif
-
-  /* make sure we will eventually destroy the session */
-  apr_pool_cleanup_register(pool, sess, cleanup_session, apr_pool_cleanup_null);
-  apr_pool_cleanup_register(pool, sess2, cleanup_session, apr_pool_cleanup_null);
-
-  ne_set_useragent(sess, "SVN/" SVN_VERSION);
-  ne_set_useragent(sess2, "SVN/" SVN_VERSION);
-
   /* we want to know if the repository is actually somewhere else */
   /* ### not yet: http_redirect_register(sess, ... ); */
 
-  if (strcasecmp(uri.scheme, "https") == 0)
+  is_ssl_session = (strcasecmp(uri.scheme, "https") == 0);
+  if (is_ssl_session)
     {
       if (uri.port == -1)
         {
           uri.port = 443;
         }
-      if (ne_set_secure(sess, 1))
+      if (ne_supports_ssl() == 0)
         {
           uri_free(&uri);
           return svn_error_create(SVN_ERR_RA_SOCK_INIT, 0, NULL, pool,
                                   "SSL is not supported");
         }
-
-      ne_set_secure(sess2, 1);
     }
 #if 0
   else
@@ -170,16 +162,32 @@
       uri.port = 80;
     }
 
-  if (ne_session_server(sess, uri.host, uri.port))
+  /* Create two neon session objects, and set their properties... */
+  sess = ne_session_create(uri.scheme, uri.host, uri.port);
+  sess2 = ne_session_create(uri.scheme, uri.host, uri.port);
+
+  /* For SSL connections, when the CA certificate is not known for the
+     server certificate or the server cert has other verification
+     problems, neon will fail the connection unless we add a callback
+     to tell it to ignore the problem.  */
+  if (is_ssl_session)
     {
-      svn_error_t *err =
-        svn_error_createf(SVN_ERR_RA_HOSTNAME_LOOKUP, 0, NULL, pool,
-                          "Hostname not found: %s", uri.host);
-      uri_free(&uri);
-      return err;
+      ne_ssl_set_verify(sess, ssl_set_verify_callback, NULL);
+      ne_ssl_set_verify(sess2, ssl_set_verify_callback, NULL);
     }
 
-  ne_session_server(sess2, uri.host, uri.port);
+#if 0
+  /* Turn off persistent connections. */
+  ne_set_persist(sess, 0);
+  ne_set_persist(sess2, 0);
+#endif
+
+  /* make sure we will eventually destroy the session */
+  apr_pool_cleanup_register(pool, sess, cleanup_session, apr_pool_cleanup_null);
+  apr_pool_cleanup_register(pool, sess2, cleanup_session, apr_pool_cleanup_null);
+
+  ne_set_useragent(sess, "SVN/" SVN_VERSION);
+  ne_set_useragent(sess2, "SVN/" SVN_VERSION);
 
   /* clean up trailing slashes from the URL */
   len = strlen(uri.path);
Index: ./build/buildcheck.sh
===================================================================
--- ./build/buildcheck.sh
+++ ./build/buildcheck.sh	Tue Feb 19 11:58:56 2002
@@ -53,7 +53,7 @@
 #--------------------------------------------------------------------------
 # check for the correct version of Neon
 #
-NEON_WANTED=0.18.5
+NEON_WANTED=0.19.1
 if test -d ./neon; then
   NEON_VERSION="`./ac-helpers/get-neon-ver.sh neon`"
   if test "$NEON_WANTED" != "$NEON_VERSION"; then
Index: ./INSTALL
===================================================================
--- ./INSTALL
+++ ./.svn/tmp/INSTALL.61020.00001.tmp	Tue Feb 19 13:25:40 2002
@@ -132,7 +132,7 @@
       Build.
 
 
-      5.  Neon library 0.18.5
+      5.  Neon library 0.19.1
 
       The Neon library allows a Subversion client to interact with remote
       repositories over the Internet. Although in theory you could have
@@ -144,10 +144,10 @@
       want Subversion to build it. The source code is included with the
       latest Subversion tarball, and it can also be obtained from:
 
-          http://www.webdav.org/neon/neon-0.18.5.tar.gz
+          http://www.webdav.org/neon/neon-0.19.1.tar.gz
 
       Unpack the archive using tar/gunzip and rename the resulting
-      directory from "./neon-0.18.5/" to "./neon/".
+      directory from "./neon-0.19.1/" to "./neon/".
 
       Without source code, a previously compiled library can be picked up
       from the standard locations. If you want to specify a nonstandard
@@ -362,7 +362,7 @@
           apache*.i386.rpm (Version 2.0.32 or greater)
           db*.i386.rpm     (Version 4.0.14 or greater)
           expat            (Comes with RedHat)
-          neon             (Version 0.18.5 or greater)
+          neon             (Version 0.19.1 or greater)
 
       After downloading, install it (as root user):
 
@@ -537,7 +537,7 @@
       supported at this time.
 
       To build the client components, you'll need a copy of neon
-      0.18.5.  See section I.5 for details on where to get one and what
+      0.19.1.  See section I.5 for details on where to get one and what
       to do with it when you get it.
 
       [NOTE: The neon library supports secure connections with OpenSSL
Index: ./CHANGES
===================================================================
--- ./CHANGES
+++ ./CHANGES	Tue Feb 19 12:50:10 2002
@@ -1,3 +1,6 @@
+Version 0.10
+ * build system evolution
+     - upgrade to neon 0.19.1
 
 Version 0.9 (released 15 Feb 2002, revision 1302)
 
Index: ./packages/rpm/subversion.spec
===================================================================
--- ./packages/rpm/subversion.spec
+++ ./packages/rpm/subversion.spec	Tue Feb 19 13:25:31 2002
@@ -1,5 +1,5 @@
 %define apache_version 2.0.32-0.4
-%define neon_version 0.18.5
+%define neon_version 0.19.1
 %define apr_date 2002.02.15
 Summary: A Concurrent Versioning system similar to but better than CVS.
 Name: subversion
@@ -60,6 +60,9 @@
 the Apache directories and configuration.
 
 %changelog
+* Mon Feb 18 2002 Blair Zajac <blair@orcaware.com> 0.10.0-1322
+- Updated to neon-0.19.1.
+
 * Mon Feb 11 2002 David Summers <david@summersoft.fay.ar.us> 0.8.0-1250
 - Back to using apr and apr-util separately from apache.
 
Index: ./packages/rpm/README
===================================================================
--- ./packages/rpm/README
+++ ./packages/rpm/README	Tue Feb 19 11:58:56 2002
@@ -15,7 +15,7 @@
 
        db >= 4.0.14
        expat (comes with RedHat)
-       neon = 0.18.5
+       neon = 0.19.1
        apache >= 2.0.32 (for subversion-server)
 
     B. To compile:
@@ -25,7 +25,7 @@
        apache-devel >= 2.0.32
        expat-devel
        libtool >= 1.4.2
-       neon = 0.18.5
+       neon = 0.19.1
        python >= 1.5.2 (2.0 or greater to run check programs)
 
     The non-standard packages apache-2.0.32, db, and neon, can be found at:
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org