[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssl tunnel with basic authentication currently broken (was Re: Another crash in ra_serf in 1.8.0)

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: Sat, 22 Jun 2013 21:26:41 +0200

On Sat, Jun 22, 2013 at 7:32 PM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
> Stefan,
>
> attached patch to serf 1.2.1 should solve this particular type of
> crash you reported.
>
> The patch is made against a serf 1.2.x working copy as follows:
> $ svn merge ^/trunk -c 1943,1944

Unfortunately the attached patch was not entirely correct, even though
for svn it seems to work ok, it breaks the new ssltunnel unit test.

Attached an updated patch. I'll probably do some more testing this
weekend, and commit any improvements to serf trunk.

Lieven

> On Fri, Jun 21, 2013 at 8:55 AM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
>> Follow up also to serf-dev.
>>
>> On Thu, Jun 20, 2013 at 11:05 PM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
>>> On Thu, Jun 20, 2013 at 10:30 PM, Greg Stein <gstein_at_gmail.com> wrote:
>>>> On Thu, Jun 20, 2013 at 2:19 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
>>>>> Hi,
>>>>>
>>>>> Another crash that's climbing up in the crash report statistics for TSVN.
>>>>> Seems to be related to the previously discussed problem with checkouts in
>>>>> TSVN.
>>>
>>> Thanks Stefan.
>>>
>>>>> The stack trace:
>>>>>
>>>>> BowPad
>>>>>
>>>>> libsvn_tsvn.dll!svn_ra_serf__credentials_callback(char * *
>>>>> username=0xffffffffffffffff, char * * password=0x0000000002ba0210,
>>>>> serf_request_t * request=0x0000000002ba0280, void *
>>>>> baton=0x0000000002c12588, int code=407, const char *
>>>>> authn_type=0x000007fee0bf0b58, const char * realm=0x0000000002c12b60,
>>>>> apr_pool_t * pool=0x0000000002bb8258) Line 1789 C
>>>>
> [..]
>>>>
>>>
>>> Looks like it's the authentication handling when setting up a SSL
>>> tunnel that's at fault here, at least I can easily reproduce it with
>>> an apache http proxy connetion to a https repo.
>>>
>>> The ssl tunnel is started by a CONNECT request created by serf. When
>>> the proxy requests credentials, serf will call back to the
>>> application. As the application doesn't know about this request, it
>>> doesn't get a valid baton either, so can't get baton->session ...
>>>
>>> That baton it gets is the ctx used by the ssltunnel code.
>>>
>>> Hm, have to think about how we can solve this. Not sure it can be done
>>> with the existing API.
>>
>
> The patch implements an alternative fix for the issue that does not
> require a new API, so if it works for you we can include it in 1.2.2.
>
> [..]
>
> Lieven

Received on 2013-06-22 21:27:35 CEST

This is an archived mail posted to the Subversion Dev mailing list.