[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Fix for temporarily accepting ssl certificate not working in javahl

From: Doros Agathangelou <doros_at_triadiktyo.com>
Date: Thu, 13 Oct 2016 19:20:47 +0300

Hi All

I discovered a small bug in javahl and I believe I have a one line patch
that fixes it.

When connecting to a server via https and a self signed certificate is used
on the server, we get a callback
on UserPasswordCallback.askTrustSSLServer() method that asks the user
whether to reject the certificate, accept it temporarily or accept it
permanently.

If we choose temporarily, whatever operation we were attempting fails with
a certificate not trusted error. The bug can be seen in a live environment
by using the subclipse plugin under Eclipse and trying to load a repository
using https:// from a server with a self signed certificate. When the
accept certificate dialog comes up, hit accept temporarily and you can see
that the operation fails because the certificate is not trusted.

As for the fix:
The following excerpt from Prompter.cpp shows the cred->accepted_failures =
failures; line. This is the line that 'accepts' any identified errors.

This line can be seen under the AcceptPermanently section but it is missing
under the AcceptTemporary section. Adding the line to the AcceptTemporary
section fixes this problem. The difference between the two blocks of code
then becomes whether the credentials may be saved or not (i.e. the
cred->may_save differs)

 switch (authn.ask_trust_ssl_server(::Java::String(env, question),
may_save))
    {
    case
org_apache_subversion_javahl_callback_UserPasswordCallback_AcceptTemporary:
      cred->may_save = FALSE;
 cred->accepted_failures = failures; // ** NEW LINE I ADDED **
      *cred_p = cred;
      break;
    case
org_apache_subversion_javahl_callback_UserPasswordCallback_AcceptPermanently:
      cred->may_save = TRUE;
      cred->accepted_failures = failures;
      *cred_p = cred;
      break;
    default:
      *cred_p = NULL;
    }
  return SVN_NO_ERROR;

[[[
   Fix for temporarily accepting ssl certificate not working in javahl

   * subversion/bindings/javahl/native/Prompter.cpp
   (accept certificate temporarily): set the accepted failures to the
identified failures in the temporarily accepted section
]]]

Best Regards
Doros

Received on 2016-10-14 02:37:51 CEST

This is an archived mail posted to the Subversion Dev mailing list.