subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <s...@elego.de>
Subject Re: subversion issue: ignore server invaild certificate in linux
Date Fri, 21 Oct 2016 10:52:09 GMT
On Fri, Oct 21, 2016 at 06:08:45PM +0800, yuan lixin wrote:
> Dear stefan:
> 
> At first, my code is using the "libsvncpp", that has its own providers, and it can run
normal in windows.
> second, i used the svns's code to implement of downloading and uploading, not the svn
cmd line. the "--trust-server-cert” and “”--trust-server-cert-failures” is the layer
of svn.exe,but refer to the two parameter , i trace  the svn code :
> 
> code file:"\src-trunk\subversion\libsvn_subr\ssl_server_trust_providers.c"
> >        ...
> >        *failures = 0;   //wj  add
> >         /* If all failures are cleared now, we return the creds */
> >         if (! *failures)
> >         {
> >               svn_auth_cred_ssl_server_trust_t *creds =
> >                 apr_pcalloc(pool, sizeof(*creds));
> >                   creds->may_save = FALSE; /* No need to save it again... */
> >               *credentials = creds;
> > 
> >         }
> or 
> >     typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)(
> >             svn_auth_cred_ssl_server_trust_t **cred,
> >             void *baton,
> >             const char *realm,
> >             apr_uint32_t *failures,
> >             const svn_auth_ssl_server_cert_info_t *cert_info,
> >             svn_boolean_t may_save,
> >             apr_pool_t *pool);
> 
> but my leader ask me to do not change the svn's code, so it a problem for me. would you
help me for another adear.
> Thank you
> --woodsp
> 
> 

I am not suggesting that you use svn.exe. I am suggesting that you use
similar code in your application as svn.exe is using, and use SVN's API.

Implement your own provieder with an svn_auth_ssl_server_trust_prompt_func_t
which just sets *failures to 0. Then register that provider when you
init the auth subsystem.

It sounds like libsvncpp is managing the auth subssytem for you.
So you may need to modify libsvncpp for this.

Another and better solution might be using a valid SSL certificate ;-)

Mime
View raw message