[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Likely JavaHL defect

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-05-23 20:04:05 CEST

On Wed, 23 May 2007, Garrett Rooney wrote:

> On 5/23/07, Mark Phippard <markphip@gmail.com> wrote:
> >JavaHL has this callback feature it uses for various purposes. A
> >recent (1.4?) change appears to be to call the callback when asking
> >for the passphrase on an http client certificate. When it does this,
> >it uses this method:
> >
> >
> > /**
> > * ask the user a question where she answers with a text.
> > * @param realm for which server realm this information is
> > * requested.
> > * @param question question to be asked
> > * @param showAnswer if the answer is shown or hidden
> > * @return the entered text or null if canceled
> > */
> > public String askQuestion(String realm, String question,
> > boolean showAnswer);
> >
> >
> >Since we have had this callback implemented in Subclipse for years, I
> >am pretty sure this is the first time this method was ever actually
> >called by Subversion code. We always thought the boolean showAnswer
> >was an odd field. As in why does it even exist? Anyway, in this
> >scenario we are getting called by Subversion with a value of false in
> >this field. Consequently, our dialog did not give the user a field to
> >type the answer into. In this case, the passphrase.
> >
> >Can someone look at the C++ code that is calling this and see why the
> >boolean was false? I just wonder if the method was not documented
> >correctly or something. For now, we just changed our dialog to ignore
> >that value.
> >
> >I can file an issue, but will wait until I hear something.
>
> I haven't actually looked, but I assume "showanswer" translates to
> "should the password you're typing in be starred out, or should it
> show up visible to the user as it's typed in".

Yup. So, it's not that the text field shouldn't be showing up at all
in your UI, but rather that text typed into the field should be
obscured (e.g. ******, for a password field).

Mark, subversion/bindings/javahl/native/Prompter.cpp's
ssl_client_cert_pw_prompt() method passes false for the showAnswer
parameter of its native askQuestion() wrapper (which invokes
PromptUserPassword.askQuestion()), for the "client certificate
passphrase: " SSL password prompt.

This is a reasonable usage of the showAnswer field, especially for
X.509 client certs.

  • application/pgp-signature attachment: stored
Received on Wed May 23 20:27:32 2007

This is an archived mail posted to the Subversion Dev mailing list.