On Thu, Feb 27, 2014 at 02:13:10AM +0100, Bert Huijben wrote:
>
>
> > -----Original Message-----
> > From: stsp_at_apache.org [mailto:stsp_at_apache.org]
> > Sent: woensdag 26 februari 2014 16:48
> > To: commits_at_subversion.apache.org
> > Subject: svn commit: r1572105 - in /subversion/trunk/subversion: svn/auth-
> > cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn--help_stdout
> > tests/cmdline/getopt_tests_data/svn_help_stdout
> >
> > Author: stsp
> > Date: Wed Feb 26 15:48:06 2014
> > New Revision: 1572105
> >
> > URL: http://svn.apache.org/r1572105
> > Log:
> > Introduce 'svn auth', a subcommand for managing the authentication cache
> > which supersedes the 'svnauth' tool. Currently, cached credentials can be
> > listed and removed. In the future, this subcommand could also provide a
> > mechanism to add credentials to the cache.
>
> Currently 'svn auth' is broken for ssl certificates on Windows, because you use (a Serf api which uses) openssl without properly initializing openssl first.
>
> This serf api, further uses stdio to access the certificate file, which doesn't work on Windows without other workarounds.
>
> The problem in Serf is fixed in r2314, but this will bump the required Serf version for 1.9.0 to a currently not released serf version, and I'm not sure if that is what we want here.
>
> Bert
Woah, I didn't know about this bug at all. This is news to me.
I suspect this problem was only discovered recently?
This problem would also have affected 'svnauth', so I'm not sure
why we didn't know about this before and how it moving this
functionality into 'svn' makes any difference. The feature must
have been broken on Windows all along.
I think we should get the serf project to issue a new set of
serf releases with a fix for this issue, for all actively
maintained serf-1.x branches that Subversion can be used with.
I don't see a better way. We decided long ago that we should use
the serf cert parsing API instead of using OpenSSL directly.
When I rewrote the cert parsing code to use serf, I was told that
the serf API works fine. The only workaround we could use in svn
is to depend on OpenSSL or implement our own X509 parser (no thanks).
Received on 2014-02-27 13:27:15 CET