[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] remaining issues for SSL certificate authn/validation

From: David Waite <mass_at_akuma.org>
Date: 2003-03-22 21:42:07 CET

Attached is a patch for the remaining issues pointed out by sussman,
plus I made an additional change to pass in
void *creds like the other auth providers to avoid a compiler warning.

-David Waite

Fixes for remaining issues on branch merge, plus use "void *creds"
intermediary like
other auth providers to avoid compile warning about strict aliasing
violation

* include/svn_auth.h
    (SVN_AUTH_PARAM_SSL_SERVER_DNAME,
     SVN_AUTH_PARAM_SSL_SERVER_CERTIFICATE) : remove
* libsvn_client/auth.c
    (server_ssl_file_first_credentials,
     client_ssl_cert_file_first_credentials,
     client_ssl_pw_file_first_credentials,
     client_ssl_pw_prompt_first_cred,
     client_ssl_prompt_first_cred,
     server_ssl_prompt_first_cred) : set iter_baton reference to NULL
* libsvn_ra_dav/session.c
    (server_ssl_callback): remove SVN_AUTH_PARAM_SSL_SERVER_CERTIFICATE
       initializer, use intermediate "void *creds" to avoid aliasing warning
    (client_ssl_keypw_callback, client_ssl_callback): use intermediate
       "void *creds" to avoid aliasing warning

Index: subversion/include/svn_auth.h
===================================================================
--- subversion/include/svn_auth.h (revision 5436)
+++ subversion/include/svn_auth.h (working copy)
@@ -282,13 +282,6 @@
     Property value is irrelevant; only property's existence matters. */
 #define SVN_AUTH_PARAM_NO_AUTH_CACHE SVN_AUTH_PARAM_PREFIX "no-auth-cache"
 
-/** Available for ssl client cert providers, provides a @c
ne_ssl_dname* */
-#define SVN_AUTH_PARAM_SSL_SERVER_DNAME SVN_AUTH_PARAM_PREFIX "ssl:dname"
-/** Available for ssl server cert providers, provides a full
- @c ne_ssl_certificate* */
-#define SVN_AUTH_PARAM_SSL_SERVER_CERTIFICATE SVN_AUTH_PARAM_PREFIX \
- "ssl:server-cert"
-
 /** The following property is for ssl server cert providers. This
     provides the detected failures by the certificate validator */
 #define SVN_AUTH_PARAM_SSL_SERVER_FAILURES_IN SVN_AUTH_PARAM_PREFIX \
Index: subversion/libsvn_client/auth.c
===================================================================
--- subversion/libsvn_client/auth.c (revision 5436)
+++ subversion/libsvn_client/auth.c (working copy)
@@ -449,6 +449,7 @@
   cred->failures_allow |=
     temp_setting ? (SVN_AUTH_SSL_NOTYETVALID | SVN_AUTH_SSL_EXPIRED) : 0;
 
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }
 
@@ -505,7 +506,7 @@
     {
       *credentials = NULL;
     }
-
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }
 
@@ -536,7 +537,7 @@
       *credentials = cred;
     }
   else *credentials = NULL;
-
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }
 
@@ -620,7 +621,7 @@
     {
       *credentials = NULL;
     }
-
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }
 
@@ -694,7 +695,7 @@
   cred->key_file = key_file;
   cred->cert_type = cert_type;
   *credentials = cred;
-
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }
 
@@ -760,7 +761,7 @@
       cred->failures_allow = 0;
     }
   *credentials = cred;
-
+ *iter_baton = NULL;
   return SVN_NO_ERROR;
 }

Index: subversion/libsvn_ra_dav/session.c
===================================================================
--- subversion/libsvn_ra_dav/session.c (revision 5436)
+++ subversion/libsvn_ra_dav/session.c (working copy)
@@ -102,24 +102,24 @@
                     const ne_ssl_certificate *cert)
 {
   svn_ra_session_t *ras = userdata;
- svn_auth_cred_server_ssl_t *credentials;
+ void *creds;
+ svn_auth_cred_server_ssl_t *server_creds;
   svn_auth_iterstate_t *state;
   apr_pool_t *pool;
   svn_error_t *error;
   int failures_allowed;
-
+
   svn_auth_set_parameter(ras->callbacks->auth_baton,
- SVN_AUTH_PARAM_SSL_SERVER_CERTIFICATE, cert);
- svn_auth_set_parameter(ras->callbacks->auth_baton,
                          SVN_AUTH_PARAM_SSL_SERVER_FAILURES_IN,
                          (void*)failures);
 
   apr_pool_create(&pool, ras->pool);
- error = svn_auth_first_credentials((void**)&credentials, &state,
+ error = svn_auth_first_credentials(&creds, &state,
                                      SVN_AUTH_CRED_SERVER_SSL,
                                      ras->callbacks->auth_baton,
                                      pool);
- failures_allowed = (credentials) ? credentials->failures_allow : 0;
+ server_creds = creds;
+ failures_allowed = (server_creds) ? server_creds->failures_allow : 0;
   apr_pool_destroy(pool);
 
   return (failures & ~failures_allowed);
@@ -129,22 +129,24 @@
 client_ssl_keypw_callback(void *userdata, char *pwbuf, size_t len)
 {
   svn_ra_session_t *ras = userdata;
- svn_auth_cred_client_ssl_pass_t *credentials;
+ void *creds;
+ svn_auth_cred_client_ssl_pass_t *pw_creds;
   svn_auth_iterstate_t *state;
   apr_pool_t *pool;
   svn_error_t *error;
 
   apr_pool_create(&pool, ras->pool);
- error = svn_auth_first_credentials((void**)&credentials, &state,
+ error = svn_auth_first_credentials(&creds, &state,
                                      SVN_AUTH_CRED_CLIENT_PASS_SSL,
                                      ras->callbacks->auth_baton,
                                      pool);
- if (credentials)
+ pw_creds = creds;
+ if (pw_creds)
     {
- strncpy(pwbuf, credentials->password, len);
+ strncpy(pwbuf, pw_creds->password, len);
     }
   apr_pool_destroy(pool);
- return (credentials == NULL);
+ return (pw_creds == NULL);
 }
 
 static void
@@ -152,24 +154,27 @@
                     const ne_ssl_dname *server)
 {
   svn_ra_session_t *ras = userdata;
- svn_auth_cred_client_ssl_t *credentials;
+ void *creds;
+ svn_auth_cred_client_ssl_t *client_creds;
   svn_auth_iterstate_t *state;
   apr_pool_t *pool;
   svn_error_t *error;
   apr_pool_create(&pool, ras->pool);
- error = svn_auth_first_credentials((void**)&credentials, &state,
+ error = svn_auth_first_credentials(&creds, &state,
                                      SVN_AUTH_CRED_CLIENT_SSL,
                                      ras->callbacks->auth_baton,
                                      pool);
- if(credentials)
+ client_creds = creds;
+ if(client_creds)
     {
- if(credentials->cert_type == svn_auth_ssl_pem_cert_type)
+ if(client_creds->cert_type == svn_auth_ssl_pem_cert_type)
         {
- ne_ssl_load_pem(sess, credentials->cert_file,
credentials->key_file);
+ ne_ssl_load_pem(sess, client_creds->cert_file,
+ client_creds->key_file);
         }
       else
         {
- ne_ssl_load_pkcs12(sess, credentials->cert_file);
+ ne_ssl_load_pkcs12(sess, client_creds->cert_file);
         }
     }
   apr_pool_destroy(pool);

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Mar 22 21:42:58 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.