[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re:Re:subversion issue: ignore server invaild certificate in linux

From: yuan lixin <woodsp_at_126.com>
Date: Sat, 22 Oct 2016 22:59:20 +0800 (CST)

At 2016-10-22 21:29:59, "yuan lixin" <woodsp_at_126.com> wrote:

The function "onSslServerTrustPrompt" is part of libsvncpp,
i put a few of it,the whole code is below:

/**
     * @see svn_auth_ssl_server_trust_prompt_func_t
     */
    static svn_error_t *
    onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
                           void *baton,
                           const char *realm,
                           apr_uint32_t failures,
                           const svn_auth_ssl_server_cert_info_t *info,
                           svn_boolean_t may_save,
                           apr_pool_t *pool)
    {
      Data * data = NULL;
      SVN_ERR(getData(baton, &data));

      ContextListener::SslServerTrustData trustData(failures);
      if (realm != NULL)
        trustData.realm = realm;
      trustData.hostname = info->hostname;
      trustData.fingerprint = info->fingerprint;
      trustData.validFrom = info->valid_from;
      trustData.validUntil = info->valid_until;
      trustData.issuerDName = info->issuer_dname;
      trustData.maySave = may_save != 0;

      if (data->listener == 0)
        return svn_error_create(SVN_ERR_CANCELLED, NULL,
                                "invalid listener");
      apr_uint32_t acceptedFailures;
      ContextListener::SslServerTrustAnswer answer =
        data->listener->contextSslServerTrustPrompt(
          trustData, acceptedFailures);

      if (answer == ContextListener::DONT_ACCEPT)
        *cred = NULL;
      else
      {
        svn_auth_cred_ssl_server_trust_t *cred_ =
          (svn_auth_cred_ssl_server_trust_t*)
          apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));

        if (answer == ContextListener::ACCEPT_PERMANENTLY)
        {
          cred_->may_save = 1;
          cred_->accepted_failures = acceptedFailures;
        }
        *cred = cred_;
      }

      return SVN_NO_ERROR;

    }

At 2016-10-22 20:40:11, "Daniel Shahaf" <danielsh_at_apache.org> wrote:
>yuan lixin wrote on Sat, Oct 22, 2016 at 20:26:42 +0800:
>> static svn_error_t *
>> onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
>> void *baton,
>> const char *realm,
>> apr_uint32_t failures,
>> const svn_auth_ssl_server_cert_info_t *info,
>> svn_boolean_t may_save,
>> apr_pool_t *pool)
>> {
>> svn_auth_cred_ssl_server_trust_t *cred_ =
>> (svn_auth_cred_ssl_server_trust_t*)
>> apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));
>
>Is this forward compatible? svn_auth_cred_ssl_server_trust_t doesn't
>have a constructor function, so if the above code is permissible, then
>we're not allowed to extend that struct type in minor releases.
>
>> cred_->may_save = 1;
>> cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.

>> cred_->may_save = 1;
>> cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.

Your idea is exact. the orignal code is:
https://github.com/nydehi/fluorescence/blob/master/src/updater/svncpp/context.cpp
https://github.com/nydehi/fluorescence/blob/master/src/updater/svn.cpp

 
Received on 2016-10-22 17:00:44 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.