[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[VOTE] Merge svn-auth-x509 branch to trunk?

From: Ben Reser <ben_at_reser.org>
Date: Tue, 05 Aug 2014 22:49:11 -0700

I believe the svn-auth-x509 branch is ready to be merged to trunk. There is no
BRANCH-README so I'll briefly explain the purpose of the branch.

Currently on trunk we have the `svn auth` command that can list out the
contents of the auth store. The auth store can include SSL server
certificates. On trunk in order to display certificates we are writing out the
details of the cert as separate keys in the auth storage. Many users will have
certificates without these extra keys and will not get much value out of this

Prior to the current implementation there were several other implementations
that used OpenSSL or Serf to retrieve the information from the certificate but
these were deemed to be unacceptable.

The purpose of the branch is to replace the dependency on some other code with
our own X.509 parser. The code started with the parser from TropicSSL and has
had functionality we did not need removed and has been made more robust in the
areas we did need.

There are 6 basic pieces to this branch.

1) The X.509 parser itself and the accessor functions to get at the data in the
opaque struct that the parser returns. This is the code in the various files
with x509 in the name. There are some new error codes as well in

2) New functions for handling converting from UCS-2, UCS-4 and ISO-8859-1 by
way of utf8proc rather than needing iconv. These are in the various utf named

3) Removal of the code that adds the extra keys to the auth store. See the
ssl_server_trust_providers.c file and svn_config.h.

4) Adjustments to JavaHL to reflect these changes. Confined to JavaHL files.

5) Updating the auth command to use the new functions and not the keys on
trunk. Currently, this code will output extra output if you have the keys.
This is confined to the auth-cmd.c file.

6) Our code to convert a checksum into a displayable string has been changed to
allow optional formatting. This is primarily in the checksum and md5 files.
But the fallout of this ends up being in most of the other remaining files not
already mentioned by the above.

You can get the diff with:
svn diff ^/subversion/trunk_at_1616093 ^/subversion/branches/svn-auth-x509

Per the decision in Berlin 2013, I'm asking for a vote to bring this branch
into trunk. I believe we should merge this code before 1.9.x so that we can
avoid the ugly extra keys in the auth files.
Received on 2014-08-06 07:48:18 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.