On Wed, Aug 6, 2014 at 7:49 AM, Ben Reser <ben_at_reser.org> wrote:
> I believe the svn-auth-x509 branch is ready to be merged to trunk. There
> is no
> BRANCH-README so I'll briefly explain the purpose of the branch.
>
> Currently on trunk we have the `svn auth` command that can list out the
> contents of the auth store. The auth store can include SSL server
> certificates. On trunk in order to display certificates we are writing
> out the
> details of the cert as separate keys in the auth storage. Many users will
> have
> certificates without these extra keys and will not get much value out of
> this
> feature.
>
> Prior to the current implementation there were several other
> implementations
> that used OpenSSL or Serf to retrieve the information from the certificate
> but
> these were deemed to be unacceptable.
>
> The purpose of the branch is to replace the dependency on some other code
> with
> our own X.509 parser. The code started with the parser from TropicSSL and
> has
> had functionality we did not need removed and has been made more robust in
> the
> areas we did need.
>
> There are 6 basic pieces to this branch.
>
> 1) The X.509 parser itself and the accessor functions to get at the data
> in the
> opaque struct that the parser returns. This is the code in the various
> files
> with x509 in the name. There are some new error codes as well in
> svn_error_codes.h.
>
> 2) New functions for handling converting from UCS-2, UCS-4 and ISO-8859-1
> by
> way of utf8proc rather than needing iconv. These are in the various utf
> named
> files.
>
> 3) Removal of the code that adds the extra keys to the auth store. See the
> ssl_server_trust_providers.c file and svn_config.h.
>
> 4) Adjustments to JavaHL to reflect these changes. Confined to JavaHL
> files.
>
> 5) Updating the auth command to use the new functions and not the keys on
> trunk. Currently, this code will output extra output if you have the keys.
> This is confined to the auth-cmd.c file.
>
> 6) Our code to convert a checksum into a displayable string has been
> changed to
> allow optional formatting. This is primarily in the checksum and md5
> files.
> But the fallout of this ends up being in most of the other remaining files
> not
> already mentioned by the above.
>
> You can get the diff with:
> svn diff ^/subversion/trunk_at_1616093 ^/subversion/branches/svn-auth-x509
>
> Per the decision in Berlin 2013, I'm asking for a vote to bring this branch
> into trunk. I believe we should merge this code before 1.9.x so that we
> can
> avoid the ugly extra keys in the auth files.
>
Hi Ben,
If I understand it correctly, the new parser is mainly intended to
improve our UI. To a degree that in itself will already result in
higher security.
What would a worst-case failure scenario look like? Could a faulty
parser result in the auth store reporting keys that the user does not
want to trust (e.g. by stitching together random portions of the file)?
-- Stefan^2.
Received on 2014-08-06 23:10:23 CEST