[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] SSL layer for svnserve

From: Sigfred HÃ¥versen <bsdlist_at_mumak.com>
Date: 2004-10-19 20:18:01 CEST

On Tuesday 19 October 2004 18.17, Joe Orton wrote:
> Sorry, I didn't mean to start a big argument. If you say you didn't
> copy the code, then I shall shut up, it just look{ed,s} like you did
> copy it but didn't understand the implications.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org

I asked you in another post what other part of the patch you are unhappy
about. You did not answer. Instead you made new insuations, despite me giving
you a link for the Postfix TLS patch. The link is even in my patch. Several
places.

You, as the author of Neon, knows very well that the svnserve SSL-patch
approach using BIO pairs to handle the communication between Subversion/SSL
and the network did not originate from Neon. In fact, it appears you don't
use it at all :

snorre$ pwd
/usr/ports/net/neon/w-neon-0.24.7/neon-0.24.7/src
snorre$ grep -IR BIO_new_bio_pair .
snorre$ grep -IR SSL_set_bio .
snorre$

You know very well that the function verify_hostname() did not originate from
Neon. Still, you claim ownership to a function that verify_hostname() uses,
namely match_hostname (that is in the Postfix TLS patch, rewritten by me).
The only thing in common with your match_hostname is the name. That did not
stop you from counting the lines, though, and post it. You managed to count
to 15, perhaps you might reduce it?

You know very well that the major SSL functions (network_biopair_interop(),
do_ssl_operation()) did not originate from Neon.

In fact, the entire approach of introducing SSL to svnserve is very unlike
Neon. Please feel free to contradict me.

Despite of all this, you don't hesitate to post to mailinglist instead of
asking me for clarification first. You purposely did a character
assassination for this :

+/* Format an ASN1 time to a string.
+ * Adapted from Neon library.
+ */
+static svn_boolean_t asn1time_to_string(ASN1_TIME *tm, char *buffer,
+ apr_size_t len)
+{
+ int num_read;
+ svn_boolean_t OK = FALSE;
+ BIO *bio = BIO_new(BIO_s_mem());
+ if (bio)
+ {
+ if (ASN1_TIME_print(bio, tm) && len > 1)
+ {
+ num_read = BIO_read(bio, buffer, len-1);
+ if (num_read > 1)
+ {
+ buffer[num_read] = '\0';
+ OK = TRUE;
+ }
+ else
+ OK = FALSE;
+ }
+ BIO_free(bio);
+ }
+ return OK;
+}

in contrast to your code

/* Format an ASN1 time to a string. 'buf' must be at least of size
 * 'NE_SSL_VDATELEN'. */
static void asn1time_to_string(ASN1_TIME *tm, char *buf)
{
    BIO *bio;

    strncpy(buf, _("[invalid date]"), NE_SSL_VDATELEN-1);

    bio = BIO_new(BIO_s_mem());
    if (bio) {
        if (ASN1_TIME_print(bio, tm))
            BIO_read(bio, buf, NE_SSL_VDATELEN-1);
        BIO_free(bio);
    }
}

/Sigfred

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 19 20:18:16 2004

This is an archived mail posted to the Subversion Dev mailing list.