[PATCH] Apply this svn patch
From: Blair Zajac <blair_at_orcaware.com>
Date: 2002-02-23 00:57:40 CET
Could somebody apply this patch? It's a slightly modified version of
Best,
-- Blair Zajac <blair@orcaware.com> Web and OS performance plots - http://www.orcaware.com/orca/ 2002-02-22 Blair Zajac <blair@orcaware.com> Fix issue #625. * CHANGES: Update to use neon 0.19.2. * INSTALL (Contents): Update to use neon 0.19.2. * build/buildcheck.sh (NEON_WANTED): Check for neon 0.19.2 * subversion/libsvn_ra_dav/session.c (svn_ra_dav__open): Upgrade to neon 0.19.2 which removed the ne_session_server() function and replaced it with ne_session_create() which takes the URI scheme, hostname and port. Replace a call to removed ne_set_secure() to ne_supports_ssl(). (ssl_set_verify_callback): New function. * packages/rpm/README: Update to use neon 0.19.2. * packages/rpm/subversion.spec: Update to use neon 0.19.2. Index: ./subversion/libsvn_ra_dav/session.c =================================================================== --- ./subversion/libsvn_ra_dav/session.c +++ ./subversion/libsvn_ra_dav/session.c Fri Feb 22 15:31:29 2002 @@ -83,6 +83,37 @@ } +/* A neon-session callback to validate the SSL certificate when the CA + is unknown or there are other SSL certificate problems. */ +static int ssl_set_verify_callback(void *userdata, int failures, + const ne_ssl_certificate *cert) +{ + /* XXX Right now this accepts any SSL server certificates. + Subversion should perform checks of the SSL certificates and keep + any information related to the certificates in $HOME/.subversion + and not in the .svn directories so that the same information can + be used for multiple working copies. + + Upon connecting to an SSL svn server, this is was subversion + should do: + + 1) Check if a copy of the SSL certificate exists for the given + svn server hostname in $HOME/.subversion. If it is there, then + just continue processing the svn request. Otherwise, print all + the information about the svn server's SSL certificate and ask if + the user wants to: + a) Cancel the request. + b) Continue this request but do the store the SSL certificate so + that the next request will require the same revalidation. + c) Accept the SSL certificate forever. Store a copy of the + certificate in $HOME/.subversion. + + Also, when checking the certificate, warn if the certificate is + not properly signed by a CA. + */ + return 0; +} + /* ### need an ne_session_dup to avoid the second gethostbyname * call and make this halfway sane. */ @@ -99,6 +130,7 @@ ne_session *sess, *sess2; struct uri uri = { 0 }; svn_ra_session_t *ras; + int is_ssl_session; /* Sanity check the URI */ if (uri_parse(repository, &uri, NULL) @@ -116,45 +148,27 @@ "network socket initialization failed"); } - /* Create two neon session objects, and set their properties... */ - sess = ne_session_create(); - sess2 = ne_session_create(); - #if 0 /* #### enable this block for debugging output on stderr. */ ne_debug_init(stderr, NE_DBG_HTTP|NE_DBG_HTTPBODY); #endif -#if 0 - /* Turn off persistent connections. */ - ne_set_persist(sess, 0); - ne_set_persist(sess2, 0); -#endif - - /* make sure we will eventually destroy the session */ - apr_pool_cleanup_register(pool, sess, cleanup_session, apr_pool_cleanup_null); - apr_pool_cleanup_register(pool, sess2, cleanup_session, apr_pool_cleanup_null); - - ne_set_useragent(sess, "SVN/" SVN_VERSION); - ne_set_useragent(sess2, "SVN/" SVN_VERSION); - /* we want to know if the repository is actually somewhere else */ /* ### not yet: http_redirect_register(sess, ... ); */ - if (strcasecmp(uri.scheme, "https") == 0) + is_ssl_session = (strcasecmp(uri.scheme, "https") == 0); + if (is_ssl_session) { if (uri.port == -1) { uri.port = 443; } - if (ne_set_secure(sess, 1)) + if (ne_supports_ssl() == 0) { uri_free(&uri); return svn_error_create(SVN_ERR_RA_SOCK_INIT, 0, NULL, pool, "SSL is not supported"); } - - ne_set_secure(sess2, 1); } #if 0 else @@ -170,16 +184,32 @@ uri.port = 80; } - if (ne_session_server(sess, uri.host, uri.port)) + /* Create two neon session objects, and set their properties... */ + sess = ne_session_create(uri.scheme, uri.host, uri.port); + sess2 = ne_session_create(uri.scheme, uri.host, uri.port); + + /* For SSL connections, when the CA certificate is not known for the + server certificate or the server cert has other verification + problems, neon will fail the connection unless we add a callback + to tell it to ignore the problem. */ + if (is_ssl_session) { - svn_error_t *err = - svn_error_createf(SVN_ERR_RA_HOSTNAME_LOOKUP, 0, NULL, pool, - "Hostname not found: %s", uri.host); - uri_free(&uri); - return err; + ne_ssl_set_verify(sess, ssl_set_verify_callback, NULL); + ne_ssl_set_verify(sess2, ssl_set_verify_callback, NULL); } - ne_session_server(sess2, uri.host, uri.port); +#if 0 + /* Turn off persistent connections. */ + ne_set_persist(sess, 0); + ne_set_persist(sess2, 0); +#endif + + /* make sure we will eventually destroy the session */ + apr_pool_cleanup_register(pool, sess, cleanup_session, apr_pool_cleanup_null); + apr_pool_cleanup_register(pool, sess2, cleanup_session, apr_pool_cleanup_null); + + ne_set_useragent(sess, "SVN/" SVN_VERSION); + ne_set_useragent(sess2, "SVN/" SVN_VERSION); /* clean up trailing slashes from the URL */ len = strlen(uri.path); Index: ./build/buildcheck.sh =================================================================== --- ./build/buildcheck.sh +++ ./build/buildcheck.sh Tue Feb 19 15:21:40 2002 @@ -53,7 +53,7 @@ #-------------------------------------------------------------------------- # check for the correct version of Neon # -NEON_WANTED=0.18.5 +NEON_WANTED=0.19.2 if test -d ./neon; then NEON_VERSION="`./ac-helpers/get-neon-ver.sh neon`" if test "$NEON_WANTED" != "$NEON_VERSION"; then Index: ./INSTALL =================================================================== --- ./INSTALL +++ ./.svn/tmp/INSTALL.60556.00001.tmp Fri Feb 22 15:55:28 2002 @@ -132,7 +132,7 @@ Build. - 5. Neon library 0.18.5 + 5. Neon library 0.19.2 The Neon library allows a Subversion client to interact with remote repositories over the Internet. Although in theory you could have @@ -144,10 +144,10 @@ want Subversion to build it. The source code is included with the latest Subversion tarball, and it can also be obtained from: - http://www.webdav.org/neon/neon-0.18.5.tar.gz + http://www.webdav.org/neon/neon-0.19.2.tar.gz Unpack the archive using tar/gunzip and rename the resulting - directory from "./neon-0.18.5/" to "./neon/". + directory from "./neon-0.19.2/" to "./neon/". Without source code, a previously compiled library can be picked up from the standard locations. If you want to specify a nonstandard @@ -362,7 +362,7 @@ apache*.i386.rpm (Version 2.0.32 or greater) db*.i386.rpm (Version 4.0.14 or greater) expat (Comes with RedHat) - neon (Version 0.18.5 or greater) + neon (Version 0.19.2 or greater) After downloading, install it (as root user): @@ -537,7 +537,7 @@ supported at this time. To build the client components, you'll need a copy of neon - 0.18.5. See section I.5 for details on where to get one and what + 0.19.2. See section I.5 for details on where to get one and what to do with it when you get it. [NOTE: The neon library supports secure connections with OpenSSL Index: ./CHANGES =================================================================== --- ./CHANGES +++ ./CHANGES Tue Feb 19 15:21:16 2002 @@ -1,3 +1,6 @@ +Version 0.10 + * build system evolution + - upgrade to neon 0.19.2 Version 0.9 (released 15 Feb 2002, revision 1302) Index: ./packages/rpm/subversion.spec =================================================================== --- ./packages/rpm/subversion.spec +++ ./packages/rpm/subversion.spec Fri Feb 22 15:55:05 2002 @@ -1,5 +1,5 @@ %define apache_version 2.0.32-0.4 -%define neon_version 0.18.5 +%define neon_version 0.19.2 %define apr_date 2002.02.15 Summary: A Concurrent Versioning system similar to but better than CVS. Name: subversion @@ -60,6 +60,9 @@ the Apache directories and configuration. %changelog +* Fri Feb 22 2002 Blair Zajac <blair@orcaware.com> 0.10.0-1364 +- Updated to neon-0.19.2. + * Mon Feb 11 2002 David Summers <david@summersoft.fay.ar.us> 0.8.0-1250 - Back to using apr and apr-util separately from apache. Index: ./packages/rpm/README =================================================================== --- ./packages/rpm/README +++ ./packages/rpm/README Tue Feb 19 15:22:02 2002 @@ -15,7 +15,7 @@ db >= 4.0.14 expat (comes with RedHat) - neon = 0.18.5 + neon = 0.19.2 apache >= 2.0.32 (for subversion-server) B. To compile: @@ -25,7 +25,7 @@ apache-devel >= 2.0.32 expat-devel libtool >= 1.4.2 - neon = 0.18.5 + neon = 0.19.2 python >= 1.5.2 (2.0 or greater to run check programs) The non-standard packages apache-2.0.32, db, and neon, can be found at: --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org For additional commands, e-mail: dev-help@subversion.tigris.orgReceived on Sat Oct 21 14:37:09 2006 |
This is an archived mail posted to the Subversion Dev mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.