subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1613700 - in /subversion/branches/svn-auth-x509/subversion: include/svn_config.h libsvn_subr/ssl_server_trust_providers.c svn/auth-cmd.c
Date Sat, 26 Jul 2014 18:42:06 GMT
Author: breser
Date: Sat Jul 26 18:42:05 2014
New Revision: 1613700

URL: http://svn.apache.org/r1613700
Log:
On the svn-auth-x509 branch, Remove the code that stores parsed certificate
info in the crediential store.

* subversion/include/svn_config.h
  (SVN_CONFIG_AUTHN_HOSTNAME, SVN_CONFIG_AUTHN_FINGERPRINT_KEY,
   SVN_CONFIG_AUTHN_VALID_FROM_KEY, SVN_CONFIG_AUTH_VALID_UNTIL_KEY,
   SVN_CONFIG_AUTHN_ISSUER_DN_KEY): Remove.

* subversion/svn/auth-cmd.c
  (match_credential): Remove the ability to match on the parsed out
    and stored hostname or fingerprint, we can put this back later
    in a different way.

* subversion/libsvn_subr/ssl_server_trust_providers.c
  (ssl_server_trust_file_first_credentials): Remove code to update an already
    saved cert.
  (ssl_server_trust_file_save_credentials): Remove the code to store parsed
    cert info in the credential store.


Modified:
    subversion/branches/svn-auth-x509/subversion/include/svn_config.h
    subversion/branches/svn-auth-x509/subversion/libsvn_subr/ssl_server_trust_providers.c
    subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c

Modified: subversion/branches/svn-auth-x509/subversion/include/svn_config.h
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/include/svn_config.h?rev=1613700&r1=1613699&r2=1613700&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/include/svn_config.h (original)
+++ subversion/branches/svn-auth-x509/subversion/include/svn_config.h Sat Jul 26 18:42:05
2014
@@ -731,31 +731,6 @@ svn_config_ensure(const char *config_dir
  */
 #define SVN_CONFIG_AUTHN_FAILURES_KEY           "failures"
 
-/** A hash-key for a hostname, such as hostnames in SSL certificates.
- * @since New in 1.9.
- */
-#define SVN_CONFIG_AUTHN_HOSTNAME_KEY           "hostname"
-
-/** A hash-key for a fingerprint, such as fingerprints in SSL certificates.
- * @since New in 1.9.
- */
-#define SVN_CONFIG_AUTHN_FINGERPRINT_KEY        "fingerprint"
-
-/** A hash-key for a valid-from date, such as dates in SSL certificates.
- * @since New in 1.9.
- */
-#define SVN_CONFIG_AUTHN_VALID_FROM_KEY         "valid_from"
-
-/** A hash-key for a valid-to date, such as dates in SSL certificates.
- * @since New in 1.9.
- */
-#define SVN_CONFIG_AUTHN_VALID_UNTIL_KEY        "valid_until"
-
-/** A hash-key for an issuer distinguished name, such as issuer names
- * in SSL certificates.
- * @since New in 1.9.
- */
-#define SVN_CONFIG_AUTHN_ISSUER_DN_KEY        "issuer_dn"
 
 /** @} */
 

Modified: subversion/branches/svn-auth-x509/subversion/libsvn_subr/ssl_server_trust_providers.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/libsvn_subr/ssl_server_trust_providers.c?rev=1613700&r1=1613699&r2=1613700&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/libsvn_subr/ssl_server_trust_providers.c
(original)
+++ subversion/branches/svn-auth-x509/subversion/libsvn_subr/ssl_server_trust_providers.c
Sat Jul 26 18:42:05 2014
@@ -74,57 +74,13 @@ ssl_server_trust_file_first_credentials(
       if (failstr)
         SVN_ERR(svn_cstring_atoui(&last_failures, failstr->data));
 
+      /* If the cert is trusted and there are no new failures, we
+       * accept it by clearing all failures. */
       if (trusted_cert &&
-          svn_string_compare(this_cert, trusted_cert))
+          svn_string_compare(this_cert, trusted_cert) &&
+          (*failures & ~last_failures) == 0)
         {
-          svn_boolean_t save_cert = FALSE;
-
-          /* If the cert is trusted and there are no new failures, we
-           * accept it by clearing all failures. */
-          if ((*failures & ~last_failures) == 0)
-            {
-              *failures = 0;
-            }
-
-          /* If the on-disk cert info is lacking new-in-1.9 human-readable
-             info, add the info now and save the cert. */
-          if (!svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_HOSTNAME_KEY))
-            {
-              svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_HOSTNAME_KEY,
-                            svn_string_create(cert_info->hostname, pool));
-              save_cert = TRUE;
-            }
-          if (!svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_FINGERPRINT_KEY))
-            {
-              svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_FINGERPRINT_KEY,
-                            svn_string_create(cert_info->fingerprint, pool));
-              save_cert = TRUE;
-            }
-          if (!svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_VALID_FROM_KEY))
-            {
-              svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_VALID_FROM_KEY,
-                            svn_string_create(cert_info->valid_from, pool));
-              save_cert = TRUE;
-            }
-          if (!svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_VALID_UNTIL_KEY))
-            {
-              svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_VALID_UNTIL_KEY,
-                            svn_string_create(cert_info->valid_until, pool));
-              save_cert = TRUE;
-            }
-          if (!svn_hash_gets(creds_hash, SVN_CONFIG_AUTHN_ISSUER_DN_KEY))
-            {
-              svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_ISSUER_DN_KEY,
-                            svn_string_create(cert_info->issuer_dname, pool));
-              save_cert = TRUE;
-            }
-
-          if (save_cert)
-            SVN_ERR(svn_config_write_auth_data(creds_hash,
-                                               SVN_AUTH_CRED_SSL_SERVER_TRUST,
-                                               realmstring,
-                                               config_dir,
-                                               pool));
+          *failures = 0;
         }
     }
 
@@ -167,16 +123,6 @@ ssl_server_trust_file_save_credentials(s
   svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_FAILURES_KEY,
                 svn_string_createf(pool, "%lu",
                                    (unsigned long)creds->accepted_failures));
-  svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_HOSTNAME_KEY,
-                svn_string_create(cert_info->hostname, pool));
-  svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_FINGERPRINT_KEY,
-                svn_string_create(cert_info->fingerprint, pool));
-  svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_VALID_FROM_KEY,
-                svn_string_create(cert_info->valid_from, pool));
-  svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_VALID_UNTIL_KEY,
-                svn_string_create(cert_info->valid_until, pool));
-  svn_hash_sets(creds_hash, SVN_CONFIG_AUTHN_ISSUER_DN_KEY,
-                svn_string_create(cert_info->issuer_dname, pool));
 
   SVN_ERR(svn_config_write_auth_data(creds_hash,
                                      SVN_AUTH_CRED_SSL_SERVER_TRUST,

Modified: subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c?rev=1613700&r1=1613699&r2=1613700&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c (original)
+++ subversion/branches/svn-auth-x509/subversion/svn/auth-cmd.c Sat Jul 26 18:42:05 2014
@@ -152,9 +152,6 @@ match_credential(svn_boolean_t *match,
                 continue; /* don't match secrets */
               else if (strcmp(key, SVN_CONFIG_AUTHN_ASCII_CERT_KEY) == 0)
                 continue; /* don't match base64 data */
-              else if (strcmp(key, SVN_CONFIG_AUTHN_HOSTNAME_KEY) == 0 ||
-                       strcmp(key, SVN_CONFIG_AUTHN_FINGERPRINT_KEY) == 0)
-                *match = match_pattern(pattern, value->data, TRUE, iterpool);
               else
                 *match = match_pattern(pattern, value->data, FALSE, iterpool);
 



Mime
View raw message