subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhuij...@apache.org
Subject svn commit: r1535532 - /subversion/trunk/subversion/libsvn_ra_serf/util.c
Date Thu, 24 Oct 2013 20:32:15 GMT
Author: rhuijben
Date: Thu Oct 24 20:32:15 2013
New Revision: 1535532

URL: http://svn.apache.org/r1535532
Log:
Properly handle the 'accepted_failures' flag of SVN_AUTH_CRED_SSL_SERVER_TRUST
handlers in ra_serf. Before this patch the code assumed that all handlers would
 always accept all failures when they return a credential.

In certain client scenarios this bug could allow certain certificate errors
to go unnoticed, but non of the standard clients is affected because all of
them always accept all certificate failures at once or none at all.

* subversion/libsvn_ra_serf/util.c
  (ssl_server_cert): Clear accepted failures and obtain further results
    in an attempt to accept more failures.
    Return an error when at least one failure type is not accepted.

Found by: SharpSvn tests

Modified:
    subversion/trunk/subversion/libsvn_ra_serf/util.c

Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/util.c?rev=1535532&r1=1535531&r2=1535532&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/util.c Thu Oct 24 20:32:15 2013
@@ -396,13 +396,27 @@ ssl_server_cert(void *baton, int failure
   if (creds)
     {
       server_creds = creds;
+      svn_failures &= ~server_creds->accepted_failures;
       SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
     }
 
+  while (svn_failures && creds)
+    {
+      SVN_ERR(svn_auth_next_credentials(&creds, state, scratch_pool));
+
+      if (creds)
+        {
+          server_creds = creds;
+          svn_failures &= ~server_creds->accepted_failures;
+          SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
+        }
+    }
+
   svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
                          SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO, NULL);
 
-  if (!server_creds)
+  /* Are there non accepted failures left? */
+  if (svn_failures)
     {
       svn_stringbuf_t *errmsg;
       int reasons = 0;



Mime
View raw message