[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssl tunnel with basic authentication currently broken (was Re: Another crash in ra_serf in 1.8.0)

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: Sat, 22 Jun 2013 19:32:13 +0200

Stefan,

attached patch to serf 1.2.1 should solve this particular type of
crash you reported.

The patch is made against a serf 1.2.x working copy as follows:
$ svn merge ^/trunk -c 1943,1944

On Fri, Jun 21, 2013 at 8:55 AM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
> Follow up also to serf-dev.
>
> On Thu, Jun 20, 2013 at 11:05 PM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
>> On Thu, Jun 20, 2013 at 10:30 PM, Greg Stein <gstein_at_gmail.com> wrote:
>>> On Thu, Jun 20, 2013 at 2:19 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
>>>> Hi,
>>>>
>>>> Another crash that's climbing up in the crash report statistics for TSVN.
>>>> Seems to be related to the previously discussed problem with checkouts in
>>>> TSVN.
>>
>> Thanks Stefan.
>>
>>>> The stack trace:
>>>>
>>>> BowPad
>>>>
>>>> libsvn_tsvn.dll!svn_ra_serf__credentials_callback(char * *
>>>> username=0xffffffffffffffff, char * * password=0x0000000002ba0210,
>>>> serf_request_t * request=0x0000000002ba0280, void *
>>>> baton=0x0000000002c12588, int code=407, const char *
>>>> authn_type=0x000007fee0bf0b58, const char * realm=0x0000000002c12b60,
>>>> apr_pool_t * pool=0x0000000002bb8258) Line 1789 C
>>>
[..]
>>>
>>
>> Looks like it's the authentication handling when setting up a SSL
>> tunnel that's at fault here, at least I can easily reproduce it with
>> an apache http proxy connetion to a https repo.
>>
>> The ssl tunnel is started by a CONNECT request created by serf. When
>> the proxy requests credentials, serf will call back to the
>> application. As the application doesn't know about this request, it
>> doesn't get a valid baton either, so can't get baton->session ...
>>
>> That baton it gets is the ctx used by the ssltunnel code.
>>
>> Hm, have to think about how we can solve this. Not sure it can be done
>> with the existing API.
>

The patch implements an alternative fix for the issue that does not
require a new API, so if it works for you we can include it in 1.2.2.

[..]

Lieven

Received on 2013-06-22 19:33:14 CEST

This is an archived mail posted to the Subversion Dev mailing list.