subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "yuan lixin" <woo...@126.com>
Subject Re:Re:subversion issue: ignore server invaild certificate in linux
Date Sat, 22 Oct 2016 14:59:20 GMT
At 2016-10-22 21:29:59, "yuan lixin" <woodsp@126.com> wrote:

The function "onSslServerTrustPrompt"  is part of libsvncpp,
i put a few of it,the whole code is below:


/**
     * @see svn_auth_ssl_server_trust_prompt_func_t
     */
    static svn_error_t *
    onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
                           void *baton,
                           const char *realm,
                           apr_uint32_t failures,
                           const svn_auth_ssl_server_cert_info_t *info,
                           svn_boolean_t may_save,
                           apr_pool_t *pool)
    {
      Data * data = NULL;
      SVN_ERR(getData(baton, &data));

      ContextListener::SslServerTrustData trustData(failures);
      if (realm != NULL)
        trustData.realm = realm;
      trustData.hostname = info->hostname;
      trustData.fingerprint = info->fingerprint;
      trustData.validFrom = info->valid_from;
      trustData.validUntil = info->valid_until;
      trustData.issuerDName = info->issuer_dname;
      trustData.maySave = may_save != 0;

      if (data->listener == 0)
        return svn_error_create(SVN_ERR_CANCELLED, NULL,
                                "invalid listener");
      apr_uint32_t acceptedFailures;
      ContextListener::SslServerTrustAnswer answer =
        data->listener->contextSslServerTrustPrompt(
          trustData, acceptedFailures);

      if (answer == ContextListener::DONT_ACCEPT)
        *cred = NULL;
      else
      {
        svn_auth_cred_ssl_server_trust_t *cred_ =
          (svn_auth_cred_ssl_server_trust_t*)
          apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));

        if (answer == ContextListener::ACCEPT_PERMANENTLY)
        {
          cred_->may_save = 1;
          cred_->accepted_failures = acceptedFailures;
        }
        *cred = cred_;
      }

      return SVN_NO_ERROR;

    }







At 2016-10-22 20:40:11, "Daniel Shahaf" <danielsh@apache.org> wrote:
>yuan lixin wrote on Sat, Oct 22, 2016 at 20:26:42 +0800:
>>       static svn_error_t *
>>       onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
>>                            void *baton,
>>                            const char *realm,
>>                            apr_uint32_t failures,
>>                            const svn_auth_ssl_server_cert_info_t *info,
>>                            svn_boolean_t may_save,
>>                            apr_pool_t *pool)
>>      {
>>           svn_auth_cred_ssl_server_trust_t *cred_ =
>>                  (svn_auth_cred_ssl_server_trust_t*)
>>                  apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));
>
>Is this forward compatible?  svn_auth_cred_ssl_server_trust_t doesn't
>have a constructor function, so if the above code is permissible, then
>we're not allowed to extend that struct type in minor releases.
>
>>           cred_->may_save = 1;
>>           cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.



>>           cred_->may_save = 1;
>>           cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.



Your  idea is exact. the orignal code is:
https://github.com/nydehi/fluorescence/blob/master/src/updater/svncpp/context.cpp
https://github.com/nydehi/fluorescence/blob/master/src/updater/svn.cpp 


 
Mime
View raw message