subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doros Agathangelou <>
Subject [PATCH] Fix for temporarily accepting ssl certificate not working in javahl
Date Thu, 13 Oct 2016 16:20:47 GMT
Hi All

I discovered a small bug in javahl and I believe I have a one line patch
that fixes it.

When connecting to a server via https and a self signed certificate is used
on the server, we get a callback
on UserPasswordCallback.askTrustSSLServer() method that asks the user
whether to reject the certificate, accept it temporarily or accept it

If we choose temporarily, whatever operation we were attempting fails with
a certificate not trusted error. The bug can be seen in a live environment
by using the subclipse plugin under Eclipse and trying to load a repository
using https:// from a server with a self signed certificate. When the
accept certificate dialog comes up, hit accept temporarily and you can see
that the operation fails because the certificate is not trusted.

As for the fix:
The following excerpt from Prompter.cpp shows the cred->accepted_failures =
failures; line. This is the line that 'accepts' any identified errors.

This line can be seen under the AcceptPermanently section but it is missing
under the AcceptTemporary section. Adding the line to the AcceptTemporary
section fixes this problem. The difference between the two blocks of code
then becomes whether the credentials may be saved or not (i.e. the
cred->may_save differs)

 switch (authn.ask_trust_ssl_server(::Java::String(env, question),
      cred->may_save = FALSE;
 cred->accepted_failures = failures;   // ** NEW LINE I ADDED **
      *cred_p = cred;
      cred->may_save = TRUE;
      cred->accepted_failures = failures;
      *cred_p = cred;
      *cred_p = NULL;
  return SVN_NO_ERROR;

   Fix for temporarily accepting ssl certificate not working in javahl

   * subversion/bindings/javahl/native/Prompter.cpp
   (accept certificate temporarily): set the accepted failures to the
identified failures in the temporarily accepted section

Best Regards

View raw message