subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Martin <phi...@codematters.co.uk>
Subject Re: Http authentication
Date Thu, 19 Jul 2018 15:29:28 GMT
"Felix E." <felixessig@gmail.com> writes:

> I understand that the very first request shouldn't contain any auth header.
> But If a svn function is called multiple times(for the same host etc.) and
> there was already a successful authentication, it should be possible to add
> the auth header to the following requests instead of waiting for a auth
> required response. At least I hoped so.

It's not just the auth header -- the repeat client calls create/destroy
complete TCP connections, so for https:// that involves cert exchange
and renegotiating the encryption keys.  Ivan did some work on fixing
this in the past by caching the connections, but that proves tricky
because the client API allows the caller (you) to change the user
credentials between calls and reusing the session with the wrong
credentials is bad.  It's hard to fix at the higher level RA layer
because the RA layer doesn't know about the credentials.

Without connection caching the obvious place to store the auth knowledge
is missing.  One way to fix this bit might be to have the lower ra_serf
layer cache the credentials, perhaps in long lived pool provided by the
caller or via a callback provided by the caller.  The ra_serf layer
knows all about username, auth method, auth token, repository root,
etc. so it could decide when to reuse.

-- 
Philip

Mime
View raw message