RE: [PATCH] Fix for temporarily accepting ssl certificate not working injavahl
Date: Fri, 14 Oct 2016 18:46:43 +0200
I applied your patch on trunk and nominated it for the next 1.9 release. I created a similar patch for 1.8 as the code has the same bug there. I think the problem became visible after checking the accepted failures was improved in our ra-serf library.
From: Doros Agathangelou
I discovered a small bug in javahl and I believe I have a one line patch that fixes it.
When connecting to a server via https and a self signed certificate is used on the server, we get a callback on UserPasswordCallback.askTrustSSLServer() method that asks the user whether to reject the certificate, accept it temporarily or accept it permanently.
If we choose temporarily, whatever operation we were attempting fails with a certificate not trusted error. The bug can be seen in a live environment by using the subclipse plugin under Eclipse and trying to load a repository using https:// from a server with a self signed certificate. When the accept certificate dialog comes up, hit accept temporarily and you can see that the operation fails because the certificate is not trusted.
As for the fix:
This line can be seen under the AcceptPermanently section but it is missing under the AcceptTemporary section. Adding the line to the AcceptTemporary section fixes this problem. The difference between the two blocks of code then becomes whether the credentials may be saved or not (i.e. the cred->may_save differs)
switch (authn.ask_trust_ssl_server(::Java::String(env, question), may_save))
This is an archived mail posted to the Subversion Dev mailing list.