You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by rh...@apache.org on 2013/10/24 22:32:15 UTC

svn commit: r1535532 - /subversion/trunk/subversion/libsvn_ra_serf/util.c

Author: rhuijben
Date: Thu Oct 24 20:32:15 2013
New Revision: 1535532

URL: http://svn.apache.org/r1535532
Log:
Properly handle the 'accepted_failures' flag of SVN_AUTH_CRED_SSL_SERVER_TRUST
handlers in ra_serf. Before this patch the code assumed that all handlers would
 always accept all failures when they return a credential.

In certain client scenarios this bug could allow certain certificate errors
to go unnoticed, but non of the standard clients is affected because all of
them always accept all certificate failures at once or none at all.

* subversion/libsvn_ra_serf/util.c
  (ssl_server_cert): Clear accepted failures and obtain further results
    in an attempt to accept more failures.
    Return an error when at least one failure type is not accepted.

Found by: SharpSvn tests

Modified:
    subversion/trunk/subversion/libsvn_ra_serf/util.c

Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/util.c?rev=1535532&r1=1535531&r2=1535532&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/util.c Thu Oct 24 20:32:15 2013
@@ -396,13 +396,27 @@ ssl_server_cert(void *baton, int failure
   if (creds)
     {
       server_creds = creds;
+      svn_failures &= ~server_creds->accepted_failures;
       SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
     }
 
+  while (svn_failures && creds)
+    {
+      SVN_ERR(svn_auth_next_credentials(&creds, state, scratch_pool));
+
+      if (creds)
+        {
+          server_creds = creds;
+          svn_failures &= ~server_creds->accepted_failures;
+          SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
+        }
+    }
+
   svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
                          SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO, NULL);
 
-  if (!server_creds)
+  /* Are there non accepted failures left? */
+  if (svn_failures)
     {
       svn_stringbuf_t *errmsg;
       int reasons = 0;