Return-Path: <users-return-25270-archive-asf-public=cust-asf.ponee.io@subversion.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id CCB64200BA7
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Fri, 21 Oct 2016 14:04:54 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id CB506160AE8; Fri, 21 Oct 2016 12:04:54 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 1D46F160AE0
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 21 Oct 2016 14:04:53 +0200 (CEST)
Received: (qmail 30845 invoked by uid 500); 21 Oct 2016 12:04:53 -0000
Mailing-List: contact users-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@subversion.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@subversion.apache.org>
List-Post: <mailto:users@subversion.apache.org>
List-Id: <users.subversion.apache.org>
Delivered-To: mailing list users@subversion.apache.org
Received: (qmail 30835 invoked by uid 99); 21 Oct 2016 12:04:53 -0000
Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 21 Oct 2016 12:04:53 +0000
Received: from zulu.local (unknown [77.234.149.122])
	by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 7DA311A0143
	for <users@subversion.apache.org>; Fri, 21 Oct 2016 12:04:52 +0000 (UTC)
Subject: Re: subversion issue: ignore server invaild certificate in linux
To: users@subversion.apache.org
References: <2a1d970.9388.157e6b6da6b.Coremail.woodsp@126.com>
 <20161021105209.k6jxzx5vpbgkxbjw@jim.stsp.name>
 <2484e9fe.aaab.157e704f916.Coremail.woodsp@126.com>
From: =?UTF-8?Q?Branko_=c4=8cibej?= <brane@apache.org>
Organization: The Apache Software Foundation
Message-ID: <c88aa5aa-df50-daf1-4fd0-b7ee73a92150@apache.org>
Date: Fri, 21 Oct 2016 14:04:49 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <2484e9fe.aaab.157e704f916.Coremail.woodsp@126.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
archived-at: Fri, 21 Oct 2016 12:04:55 -0000

On 21.10.2016 13:34, yuan lixin wrote:
> but  in the  interface "svn_auth_ssl_server_trust_prompt_func_t",  <br/>the actual parameter is "failures", not "*failures". so it can not change <br/>the svn's failures in linux, then can not ignore certificate.

The svn_auth_ssl_server_trust_prompt_func_t function must return an
svn_auth_cred_ssl_server_trust_t structure, which has a member
accepted_failures; set that to the value of the incoming failures
parameter and may_save to FALSE and you're done. See
svn_cmdline_auth_ssl_server_trust_prompt() in
subversion/libsvn_subr/prompt.c.

This is all documented in the headers, see include/svn_auth.h.

> could you look at my code for a solution.

You've already been told that changing a public API is not acceptable.

-- Brane

> At 2016-10-21 18:52:09, "Stefan Sperling" <stsp@elego.de> wrote:
>> On Fri, Oct 21, 2016 at 06:08:45PM +0800, yuan lixin wrote:
>>> Dear stefan:
>>>
>>> At first, my code is using the "libsvncpp", that has its own providers, and it can run normal in windows.
>>> second, i used the svns's code to implement of downloading and uploading, not the svn cmd line. the "--trust-server-cert” and “”--trust-server-cert-failures” is the layer of svn.exe，but refer to the two parameter , i trace  the svn code :
>>>
>>> code file:"\src-trunk\subversion\libsvn_subr\ssl_server_trust_providers.c"
>>>>        ...
>>>>        *failures = 0;   //wj  add
>>>>         /* If all failures are cleared now, we return the creds */
>>>>         if (! *failures)
>>>>         {
>>>>               svn_auth_cred_ssl_server_trust_t *creds =
>>>>                 apr_pcalloc(pool, sizeof(*creds));
>>>>                   creds->may_save = FALSE; /* No need to save it again... */
>>>>               *credentials = creds;
>>>>
>>>>         }
>>> or 
>>>>     typedef svn_error_t *(*svn_auth_ssl_server_trust_prompt_func_t)(
>>>>             svn_auth_cred_ssl_server_trust_t **cred,
>>>>             void *baton,
>>>>             const char *realm,
>>>>             apr_uint32_t *failures,
>>>>             const svn_auth_ssl_server_cert_info_t *cert_info,
>>>>             svn_boolean_t may_save,
>>>>             apr_pool_t *pool);
>>> but my leader ask me to do not change the svn's code, so it a problem for me. would you help me for another adear.
>>> Thank you
>>> --woodsp
>>>
>>>
>> I am not suggesting that you use svn.exe. I am suggesting that you use
>> similar code in your application as svn.exe is using, and use SVN's API.
>>
>> Implement your own provieder with an svn_auth_ssl_server_trust_prompt_func_t
>> which just sets *failures to 0. Then register that provider when you
>> init the auth subsystem.
>>
>> It sounds like libsvncpp is managing the auth subssytem for you.
>> So you may need to modify libsvncpp for this.
>>
>> Another and better solution might be using a valid SSL certificate ;-)