[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [serf-dev] Re: ssl tunnel with basic authentication currently broken (was Re: Another crash in ra_serf in 1.8.0)

From: Lieven Govaerts <lieven.govaerts_at_gmail.com>
Date: Tue, 25 Jun 2013 23:43:17 +0200

On Sun, Jun 23, 2013 at 9:15 PM, Lieven Govaerts
<lieven.govaerts_at_gmail.com> wrote:
> On Sun, Jun 23, 2013 at 3:20 AM, Greg Stein <gstein_at_gmail.com> wrote:
>> On Sat, Jun 22, 2013 at 3:26 PM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
>>> On Sat, Jun 22, 2013 at 7:32 PM, Lieven Govaerts <svnlgo_at_mobsol.be> wrote:
>>>> Stefan,
>>>> attached patch to serf 1.2.1 should solve this particular type of
>>>> crash you reported.
>>>> The patch is made against a serf 1.2.x working copy as follows:
>>>> $ svn merge ^/trunk -c 1943,1944
>>> Unfortunately the attached patch was not entirely correct, even though
>>> for svn it seems to work ok, it breaks the new ssltunnel unit test.
>>> Attached an updated patch. I'll probably do some more testing this
>>> weekend, and commit any improvements to serf trunk.
>> So now: 1943, 1944, and 1946. I've reviewed the work and (by
>> inspection) it looks great.
> r1948 also for Basic, then r1950 for Digest.
> I think this is it for ssltunnel authentication.

No, it's not.

> The actual code
> changes can be merged to 1.2.x without problems, but the test suite
> changes will be more difficult, as not all earlier modifications on
> trunk were merged in 1.2.x.

When playing around with 'KeepAlive Off' on the server, I noticed that
serf asks Subversion for the proxy credentials for every new
connection. Subversion stops with an authentication failed error after
the 4th connection, because it assumes the first 4 were all failed
attempts to authenticate.

So, the application depends on serf caching the proxy credentials per
session/realm, and similarly the server creds per server/realm. I have
a WIP patch that improves credentials caching for Basic and Digest,
I'll try to finish that in the coming days.

>> And with no API changes :-D
> Yeah. At the cost of a bit of extra complexity, something to cleanup
> for serf 2.0 then (it was already on the list).
>> Thanks!
>> -g

Received on 2013-06-25 23:44:07 CEST

This is an archived mail posted to the Subversion Dev mailing list.