You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by rh...@apache.org on 2015/05/11 13:56:46 UTC
svn commit: r1678734 - in /subversion/trunk/subversion: include/private/
libsvn_subr/ svn/ svnbench/ svnmucc/ svnrdump/ svnsync/
tests/cmdline/getopt_tests_data/
Author: rhuijben
Date: Mon May 11 11:56:46 2015
New Revision: 1678734
URL: http://svn.apache.org/r1678734
Log:
Following up on an irc discussion integrate the --trust-unknown-ca,
--trust-cn-mismatch, --trust-expired, --trust-not-yet-valid and
--trust-other-failure commandline options of svn, svnbench, svnmucc,
svnrdump and svnsync into a new --trust-server-cert-failures option
with arguments that specify which error will be ignored.
This patch is based on an initial (much smaller)
Patch by: danielsh
This patch should be released in 1.9.0 or at least partially reverted.
* subversion/include/private/svn_cmdline_private.h
(svn_cmdline__parse_trust_options): New function.
* subversion/libsvn_subr/cmdline.c
(svn_cmdline__parse_trust_options): New function.
* subversion/svn/svn.c
(svn_cl__longopt_t): Tweak options.
(svn_cl__options): Update definition and documentation.
(svn_cl__global_options): Update.
(sub_main): Use new api. Tweak error.
* subversion/svnbench/svnbench.c
(svn_cl__longopt_t): Tweak options.
(svn_cl__options): Update definition and documentation.
(svn_cl__global_options): Update.
(sub_main): Use new api. Tweak error.
* subversion/svnmucc/svnmucc.c
(help): Update documentation.
(sub_main): Tweak options, definition and usage.
* subversion/svnrdump/svnrdump.c
(svn_svnrdump__longopt_t,
SVN_SVNRDUMP__BASE_OPTIONS): Tweak options.
(svnrdump__options): Update definition and documentation.
(sub_main): Use new api. Tweak error.
* subversion/svnsync/svnsync.c
(svnsync__opt,
SVNSYNC_OPTS_DEFAULT): Tweak options.
(svnsync_options): Update definition and documentation.
(sub_main): Use new api. Tweak error.
* subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout
Update expected output.
Modified:
subversion/trunk/subversion/include/private/svn_cmdline_private.h
subversion/trunk/subversion/libsvn_subr/cmdline.c
subversion/trunk/subversion/svn/svn.c
subversion/trunk/subversion/svnbench/svnbench.c
subversion/trunk/subversion/svnmucc/svnmucc.c
subversion/trunk/subversion/svnrdump/svnrdump.c
subversion/trunk/subversion/svnsync/svnsync.c
subversion/trunk/subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout
Modified: subversion/trunk/subversion/include/private/svn_cmdline_private.h
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/include/private/svn_cmdline_private.h?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/include/private/svn_cmdline_private.h (original)
+++ subversion/trunk/subversion/include/private/svn_cmdline_private.h Mon May 11 11:56:46 2015
@@ -224,6 +224,21 @@ svn_boolean_t
svn_cmdline__be_interactive(svn_boolean_t non_interactive,
svn_boolean_t force_interactive);
+/* Parses the argument value of '--trust-server-cert-failures' into the
+ * expected booleans for passing to svn_cmdline_create_auth_baton2()
+ *
+ * @since New in 1.9.
+ */
+svn_error_t *
+svn_cmdline__parse_trust_options(
+ svn_boolean_t *trust_server_cert_unknown_ca,
+ svn_boolean_t *trust_server_cert_cn_mismatch,
+ svn_boolean_t *trust_server_cert_expired,
+ svn_boolean_t *trust_server_cert_not_yet_valid,
+ svn_boolean_t *trust_server_cert_other_failure,
+ const char *opt_arg,
+ const char *error_prefix,
+ apr_pool_t *scratch_pool);
#ifdef __cplusplus
}
Modified: subversion/trunk/subversion/libsvn_subr/cmdline.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_subr/cmdline.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_subr/cmdline.c (original)
+++ subversion/trunk/subversion/libsvn_subr/cmdline.c Mon May 11 11:56:46 2015
@@ -1529,3 +1529,52 @@ svn_cmdline__edit_string_externally(svn_
return svn_error_trace(err);
}
+
+svn_error_t *
+svn_cmdline__parse_trust_options(
+ svn_boolean_t *trust_server_cert_unknown_ca,
+ svn_boolean_t *trust_server_cert_cn_mismatch,
+ svn_boolean_t *trust_server_cert_expired,
+ svn_boolean_t *trust_server_cert_not_yet_valid,
+ svn_boolean_t *trust_server_cert_other_failure,
+ const char *opt_arg,
+ const char *error_prefix,
+ apr_pool_t *scratch_pool)
+{
+ apr_array_header_t *failures;
+ int i;
+
+ *trust_server_cert_unknown_ca = FALSE;
+ *trust_server_cert_cn_mismatch = FALSE;
+ *trust_server_cert_expired = FALSE;
+ *trust_server_cert_not_yet_valid = FALSE;
+ *trust_server_cert_other_failure = FALSE;
+
+ failures = svn_cstring_split(opt_arg, ", \n\r\t\v", TRUE, scratch_pool);
+
+ for (i = 0; i < failures->nelts; i++)
+ {
+ const char *value = APR_ARRAY_IDX(failures, i, const char *);
+ if (!strcmp(value, "unknown-ca"))
+ *trust_server_cert_unknown_ca = TRUE;
+ else if (!strcmp(value, "cn-mismatch"))
+ *trust_server_cert_cn_mismatch = TRUE;
+ else if (!strcmp(value, "expired"))
+ *trust_server_cert_expired = TRUE;
+ else if (!strcmp(value, "not-yet-valid"))
+ *trust_server_cert_not_yet_valid = TRUE;
+ else if (!strcmp(value, "other"))
+ *trust_server_cert_other_failure = TRUE;
+ else
+ return svn_error_createf(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
+ _("%sUnknown value '%s' for %s.\n"
+ "Supported values: %s"),
+ error_prefix ? error_prefix : "",
+ value,
+ "--trust-server-cert-failures",
+ "unknown-ca, cn-mismatch, expired, "
+ "not-yet-valid, other");
+ }
+
+ return SVN_NO_ERROR;
+}
Modified: subversion/trunk/subversion/svn/svn.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/svn.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/svn.c (original)
+++ subversion/trunk/subversion/svn/svn.c Mon May 11 11:56:46 2015
@@ -125,11 +125,7 @@ typedef enum svn_cl__longopt_t {
opt_show_revs,
opt_reintegrate,
opt_trust_server_cert,
- opt_trust_server_cert_unknown_ca,
- opt_trust_server_cert_cn_mismatch,
- opt_trust_server_cert_expired,
- opt_trust_server_cert_not_yet_valid,
- opt_trust_server_cert_other_failure,
+ opt_trust_server_cert_failures,
opt_strip,
opt_ignore_keywords,
opt_reverse_diff,
@@ -243,29 +239,17 @@ const apr_getopt_option_t svn_cl__option
{"no-auth-cache", opt_no_auth_cache, 0,
N_("do not cache authentication tokens")},
{"trust-server-cert", opt_trust_server_cert, 0,
- N_("deprecated; same as --trust-unknown-ca")},
- {"trust-unknown-ca", opt_trust_server_cert_unknown_ca, 0,
- N_("with --non-interactive, accept SSL server\n"
+ N_("deprecated; same as\n"
" "
- "certificates from unknown certificate authorities")},
- {"trust-cn-mismatch", opt_trust_server_cert_cn_mismatch, 0,
+ "--trust-server-cert-failures=unknown-ca")},
+ {"trust-server-cert-failures", opt_trust_server_cert_failures, 1,
N_("with --non-interactive, accept SSL server\n"
" "
- "certificates even if the server hostname does not\n"
- " "
- "match the certificate's common name attribute")},
- {"trust-expired", opt_trust_server_cert_expired, 0,
- N_("with --non-interactive, accept expired SSL server\n"
+ "certificates with failures; ARG is comma-\n"
" "
- "certificates")},
- {"trust-not-yet-valid", opt_trust_server_cert_not_yet_valid, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates from the future")},
- {"trust-other-failure", opt_trust_server_cert_other_failure, 0,
- N_("with --non-interactive, accept SSL server\n"
+ "separated list of 'unknown-ca', 'cn-mismatch',\n"
" "
- "certificates with failures other than the above")},
+ "'expired', 'not-yet-valid', and 'other'.")},
{"non-interactive", opt_non_interactive, 0,
N_("do no interactive prompting (default is to prompt\n"
" "
@@ -459,9 +443,7 @@ const apr_getopt_option_t svn_cl__option
const int svn_cl__global_options[] =
{ opt_auth_username, opt_auth_password, opt_no_auth_cache, opt_non_interactive,
opt_force_interactive, opt_trust_server_cert,
- opt_trust_server_cert_unknown_ca, opt_trust_server_cert_cn_mismatch,
- opt_trust_server_cert_expired, opt_trust_server_cert_not_yet_valid,
- opt_trust_server_cert_other_failure,
+ opt_trust_server_cert_failures,
opt_config_dir, opt_config_options, 0
};
@@ -2187,20 +2169,17 @@ sub_main(int *exit_code, int argc, const
force_interactive = TRUE;
break;
case opt_trust_server_cert: /* backwards compat to 1.8 */
- case opt_trust_server_cert_unknown_ca:
opt_state.trust_server_cert_unknown_ca = TRUE;
break;
- case opt_trust_server_cert_cn_mismatch:
- opt_state.trust_server_cert_cn_mismatch = TRUE;
- break;
- case opt_trust_server_cert_expired:
- opt_state.trust_server_cert_expired = TRUE;
- break;
- case opt_trust_server_cert_not_yet_valid:
- opt_state.trust_server_cert_not_yet_valid = TRUE;
- break;
- case opt_trust_server_cert_other_failure:
- opt_state.trust_server_cert_other_failure = TRUE;
+ case opt_trust_server_cert_failures:
+ SVN_ERR(svn_utf_cstring_to_utf8(&utf8_opt_arg, opt_arg, pool));
+ SVN_ERR(svn_cmdline__parse_trust_options(
+ &opt_state.trust_server_cert_unknown_ca,
+ &opt_state.trust_server_cert_cn_mismatch,
+ &opt_state.trust_server_cert_expired,
+ &opt_state.trust_server_cert_not_yet_valid,
+ &opt_state.trust_server_cert_other_failure,
+ utf8_opt_arg, "svn: ", pool));
break;
case opt_no_diff_added:
opt_state.diff.no_diff_added = TRUE;
@@ -2637,25 +2616,13 @@ sub_main(int *exit_code, int argc, const
/* --trust-* options can only be used with --non-interactive */
if (!opt_state.non_interactive)
{
- if (opt_state.trust_server_cert_unknown_ca)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-unknown-ca requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_cn_mismatch)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-cn-mismatch requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_expired)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-expired requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_not_yet_valid)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-not-yet-valid requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_other_failure)
+ if (opt_state.trust_server_cert_unknown_ca
+ || opt_state.trust_server_cert_cn_mismatch
+ || opt_state.trust_server_cert_expired
+ || opt_state.trust_server_cert_not_yet_valid
+ || opt_state.trust_server_cert_other_failure)
return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-other-failure requires "
+ _("--trust-server-cert-failures requires "
"--non-interactive"));
}
Modified: subversion/trunk/subversion/svnbench/svnbench.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnbench/svnbench.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/svnbench/svnbench.c (original)
+++ subversion/trunk/subversion/svnbench/svnbench.c Mon May 11 11:56:46 2015
@@ -67,11 +67,7 @@ typedef enum svn_cl__longopt_t {
opt_with_all_revprops,
opt_with_no_revprops,
opt_trust_server_cert,
- opt_trust_server_cert_unknown_ca,
- opt_trust_server_cert_cn_mismatch,
- opt_trust_server_cert_expired,
- opt_trust_server_cert_not_yet_valid,
- opt_trust_server_cert_other_failure,
+ opt_trust_server_cert_failures,
opt_changelist
} svn_cl__longopt_t;
@@ -127,29 +123,17 @@ const apr_getopt_option_t svn_cl__option
{"no-auth-cache", opt_no_auth_cache, 0,
N_("do not cache authentication tokens")},
{"trust-server-cert", opt_trust_server_cert, 0,
- N_("deprecated; same as --trust-unknown-ca")},
- {"trust-unknown-ca", opt_trust_server_cert_unknown_ca, 0,
- N_("with --non-interactive, accept SSL server\n"
+ N_("deprecated; same as\n"
" "
- "certificates from unknown certificate authorities")},
- {"trust-cn-mismatch", opt_trust_server_cert_cn_mismatch, 0,
+ "--trust-server-cert-failures=unknown-ca")},
+ {"trust-server-cert-failures", opt_trust_server_cert_failures, 1,
N_("with --non-interactive, accept SSL server\n"
" "
- "certificates even if the server hostname does not\n"
- " "
- "match the certificate's common name attribute")},
- {"trust-expired", opt_trust_server_cert_expired, 0,
- N_("with --non-interactive, accept expired SSL server\n"
- " "
- "certificates")},
- {"trust-not-yet-valid", opt_trust_server_cert_not_yet_valid, 0,
- N_("with --non-interactive, accept SSL server\n"
+ "certificates with failures; ARG is comma-\n"
" "
- "certificates from the future")},
- {"trust-other-failure", opt_trust_server_cert_other_failure, 0,
- N_("with --non-interactive, accept SSL server\n"
+ "separated list of 'unknown-ca', 'cn-mismatch',\n"
" "
- "certificates with failures other than the above")},
+ "'expired', 'not-yet-valid', and 'other'.\n")},
{"non-interactive", opt_non_interactive, 0,
N_("do no interactive prompting")},
{"config-dir", opt_config_dir, 1,
@@ -205,9 +189,7 @@ const apr_getopt_option_t svn_cl__option
willy-nilly to every invocation of 'svn') . */
const int svn_cl__global_options[] =
{ opt_auth_username, opt_auth_password, opt_no_auth_cache, opt_non_interactive,
- opt_trust_server_cert, opt_trust_server_cert_unknown_ca,
- opt_trust_server_cert_cn_mismatch, opt_trust_server_cert_expired,
- opt_trust_server_cert_not_yet_valid, opt_trust_server_cert_other_failure,
+ opt_trust_server_cert, opt_trust_server_cert_failures,
opt_config_dir, opt_config_options, 0
};
@@ -624,20 +606,17 @@ sub_main(int *exit_code, int argc, const
opt_state.non_interactive = TRUE;
break;
case opt_trust_server_cert: /* backwards compat to 1.8 */
- case opt_trust_server_cert_unknown_ca:
opt_state.trust_server_cert_unknown_ca = TRUE;
break;
- case opt_trust_server_cert_cn_mismatch:
- opt_state.trust_server_cert_cn_mismatch = TRUE;
- break;
- case opt_trust_server_cert_expired:
- opt_state.trust_server_cert_expired = TRUE;
- break;
- case opt_trust_server_cert_not_yet_valid:
- opt_state.trust_server_cert_not_yet_valid = TRUE;
- break;
- case opt_trust_server_cert_other_failure:
- opt_state.trust_server_cert_other_failure = TRUE;
+ case opt_trust_server_cert_failures:
+ SVN_ERR(svn_utf_cstring_to_utf8(&utf8_opt_arg, opt_arg, pool));
+ SVN_ERR(svn_cmdline__parse_trust_options(
+ &opt_state.trust_server_cert_unknown_ca,
+ &opt_state.trust_server_cert_cn_mismatch,
+ &opt_state.trust_server_cert_expired,
+ &opt_state.trust_server_cert_not_yet_valid,
+ &opt_state.trust_server_cert_other_failure,
+ utf8_opt_arg, "svnbench: ", pool));
break;
case opt_config_dir:
{
@@ -813,25 +792,13 @@ sub_main(int *exit_code, int argc, const
/* --trust-* options can only be used with --non-interactive */
if (!opt_state.non_interactive)
{
- if (opt_state.trust_server_cert_unknown_ca)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-unknown-ca requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_cn_mismatch)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-cn-mismatch requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_expired)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-expired requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_not_yet_valid)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-not-yet-valid requires "
- "--non-interactive"));
- if (opt_state.trust_server_cert_other_failure)
+ if (opt_state.trust_server_cert_unknown_ca
+ || opt_state.trust_server_cert_cn_mismatch
+ || opt_state.trust_server_cert_expired
+ || opt_state.trust_server_cert_not_yet_valid
+ || opt_state.trust_server_cert_other_failure)
return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-other-failure requires "
+ _("--trust-server-cert-failures requires "
"--non-interactive"));
}
Modified: subversion/trunk/subversion/svnmucc/svnmucc.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnmucc/svnmucc.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/svnmucc/svnmucc.c (original)
+++ subversion/trunk/subversion/svnmucc/svnmucc.c Mon May 11 11:56:46 2015
@@ -295,18 +295,13 @@ help(FILE *stream, apr_pool_t *pool)
" prompt only if standard input is a terminal)\n"
" --force-interactive : do interactive prompting even if standard\n"
" input is not a terminal\n"
- " --trust-server-cert : deprecated; same as --trust-unknown-ca\n"
- " --trust-unknown-ca : with --non-interactive, accept SSL server\n"
- " certificates from unknown certificate authorities\n"
- " --trust-cn-mismatch : with --non-interactive, accept SSL server\n"
- " certificates even if the server hostname does not\n"
- " match the certificate's common name attribute\n"
- " --trust-expired : with --non-interactive, accept expired SSL server\n"
- " certificates\n"
- " --trust-not-yet-valid : with --non-interactive, accept SSL server\n"
- " certificates from the future\n"
- " --trust-other-failure : with --non-interactive, accept SSL server\n"
- " certificates with failures other than the above\n"
+ " --trust-server-cert : deprecated;\n"
+ " same as --trust-server-cert-failures=unknown-ca\n"
+ " --trust-server-cert-failures ARG\n"
+ " Accept SSL server certificates with failures;\n"
+ " ARG is comma-separated list of 'unknown-ca',\n"
+ " 'cn-mismatch', 'expired', 'not-yet-valid' and\n"
+ " 'other'.\n"
" -X [--extra-args] ARG : append arguments from file ARG (one per line;\n"
" use \"-\" to read from standard input)\n"
" --config-dir ARG : use ARG to override the config directory\n"
@@ -472,11 +467,7 @@ sub_main(int *exit_code, int argc, const
non_interactive_opt,
force_interactive_opt,
trust_server_cert_opt,
- trust_server_cert_unknown_ca_opt,
- trust_server_cert_cn_mismatch_opt,
- trust_server_cert_expired_opt,
- trust_server_cert_not_yet_valid_opt,
- trust_server_cert_other_failure_opt,
+ trust_server_cert_failures_opt,
};
static const apr_getopt_option_t options[] = {
{"message", 'm', 1, ""},
@@ -492,11 +483,7 @@ sub_main(int *exit_code, int argc, const
{"non-interactive", non_interactive_opt, 0, ""},
{"force-interactive", force_interactive_opt, 0, ""},
{"trust-server-cert", trust_server_cert_opt, 0, ""},
- {"trust-unknown-ca", trust_server_cert_unknown_ca_opt, 0, ""},
- {"trust-cn-mismatch", trust_server_cert_cn_mismatch_opt, 0, ""},
- {"trust-expired", trust_server_cert_expired_opt, 0, ""},
- {"trust-not-yet-valid", trust_server_cert_not_yet_valid_opt, 0, ""},
- {"trust-other-failure", trust_server_cert_other_failure_opt, 0, ""},
+ {"trust-server-cert-failures", trust_server_cert_failures_opt, 1, ""},
{"config-dir", config_dir_opt, 1, ""},
{"config-option", config_inline_opt, 1, ""},
{"no-auth-cache", no_auth_cache_opt, 0, ""},
@@ -604,20 +591,17 @@ sub_main(int *exit_code, int argc, const
force_interactive = TRUE;
break;
case trust_server_cert_opt: /* backward compat */
- case trust_server_cert_unknown_ca_opt:
trust_unknown_ca = TRUE;
break;
- case trust_server_cert_cn_mismatch_opt:
- trust_cn_mismatch = TRUE;
- break;
- case trust_server_cert_expired_opt:
- trust_expired = TRUE;
- break;
- case trust_server_cert_not_yet_valid_opt:
- trust_not_yet_valid = TRUE;
- break;
- case trust_server_cert_other_failure_opt:
- trust_other_failure = TRUE;
+ case trust_server_cert_failures_opt:
+ SVN_ERR(svn_utf_cstring_to_utf8(&opt_arg, arg, pool));
+ SVN_ERR(svn_cmdline__parse_trust_options(
+ &trust_unknown_ca,
+ &trust_cn_mismatch,
+ &trust_expired,
+ &trust_not_yet_valid,
+ &trust_other_failure,
+ opt_arg, "svnmucc: ", pool));
break;
case config_dir_opt:
SVN_ERR(svn_utf_cstring_to_utf8(&config_dir, arg, pool));
@@ -665,25 +649,10 @@ sub_main(int *exit_code, int argc, const
if (!non_interactive)
{
- if (trust_unknown_ca)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-unknown-ca requires "
- "--non-interactive"));
- if (trust_cn_mismatch)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-cn-mismatch requires "
- "--non-interactive"));
- if (trust_expired)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-expired requires "
- "--non-interactive"));
- if (trust_not_yet_valid)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-not-yet-valid requires "
- "--non-interactive"));
- if (trust_other_failure)
+ if (trust_unknown_ca || trust_cn_mismatch || trust_expired
+ || trust_not_yet_valid || trust_other_failure)
return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-other-failure requires "
+ _("--trust-server-cert-failures requires "
"--non-interactive"));
}
Modified: subversion/trunk/subversion/svnrdump/svnrdump.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnrdump/svnrdump.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/svnrdump/svnrdump.c (original)
+++ subversion/trunk/subversion/svnrdump/svnrdump.c Mon May 11 11:56:46 2015
@@ -85,11 +85,7 @@ enum svn_svnrdump__longopt_t
opt_force_interactive,
opt_incremental,
opt_trust_server_cert,
- opt_trust_server_cert_unknown_ca,
- opt_trust_server_cert_cn_mismatch,
- opt_trust_server_cert_expired,
- opt_trust_server_cert_not_yet_valid,
- opt_trust_server_cert_other_failure,
+ opt_trust_server_cert_failures,
opt_version
};
@@ -99,11 +95,7 @@ enum svn_svnrdump__longopt_t
opt_auth_password, \
opt_auth_nocache, \
opt_trust_server_cert, \
- opt_trust_server_cert_unknown_ca, \
- opt_trust_server_cert_cn_mismatch, \
- opt_trust_server_cert_expired, \
- opt_trust_server_cert_not_yet_valid, \
- opt_trust_server_cert_other_failure, \
+ opt_trust_server_cert_failures, \
opt_non_interactive, \
opt_force_interactive
@@ -164,30 +156,18 @@ static const apr_getopt_option_t svnrdum
"For example:\n"
" "
" servers:global:http-library=serf")},
- {"trust-server-cert", opt_trust_server_cert, 0,
- N_("deprecated; same as --trust-unknown-ca")},
- {"trust-unknown-ca", opt_trust_server_cert_unknown_ca, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates from unknown certificate authorities")},
- {"trust-cn-mismatch", opt_trust_server_cert_cn_mismatch, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates even if the server hostname does not\n"
- " "
- "match the certificate's common name attribute")},
- {"trust-expired", opt_trust_server_cert_expired, 0,
- N_("with --non-interactive, accept expired SSL server\n"
- " "
- "certificates")},
- {"trust-not-yet-valid", opt_trust_server_cert_not_yet_valid, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates from the future")},
- {"trust-other-failure", opt_trust_server_cert_other_failure, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates with failures other than the above")},
+ {"trust-server-cert", opt_trust_server_cert, 0,
+ N_("deprecated; same as\n"
+ " "
+ "--trust-server-cert-failures=unknown-ca")},
+ {"trust-server-cert-failures", opt_trust_server_cert_failures, 1,
+ N_("with --non-interactive, accept SSL server\n"
+ " "
+ "certificates with failures; ARG is comma-\n"
+ " "
+ "separated list of 'unknown-ca', 'cn-mismatch',\n"
+ " "
+ "'expired', 'not-yet-valid', and 'other'.")},
{0, 0, 0, 0}
};
@@ -927,20 +907,17 @@ sub_main(int *exit_code, int argc, const
svn_hash_sets(opt_baton->skip_revprops, opt_arg, opt_arg);
break;
case opt_trust_server_cert: /* backward compat */
- case opt_trust_server_cert_unknown_ca:
trust_unknown_ca = TRUE;
break;
- case opt_trust_server_cert_cn_mismatch:
- trust_cn_mismatch = TRUE;
- break;
- case opt_trust_server_cert_expired:
- trust_expired = TRUE;
- break;
- case opt_trust_server_cert_not_yet_valid:
- trust_not_yet_valid = TRUE;
- break;
- case opt_trust_server_cert_other_failure:
- trust_other_failure = TRUE;
+ case opt_trust_server_cert_failures:
+ SVN_ERR(svn_utf_cstring_to_utf8(&opt_arg, opt_arg, pool));
+ SVN_ERR(svn_cmdline__parse_trust_options(
+ &trust_unknown_ca,
+ &trust_cn_mismatch,
+ &trust_expired,
+ &trust_not_yet_valid,
+ &trust_other_failure,
+ opt_arg, "svnrdump: ", pool));
break;
case opt_config_option:
if (!config_options)
@@ -1061,25 +1038,10 @@ sub_main(int *exit_code, int argc, const
/* --trust-* can only be used with --non-interactive */
if (!non_interactive)
{
- if (trust_unknown_ca)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-unknown-ca requires "
- "--non-interactive"));
- if (trust_cn_mismatch)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-cn-mismatch requires "
- "--non-interactive"));
- if (trust_expired)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-expired requires "
- "--non-interactive"));
- if (trust_not_yet_valid)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-not-yet-valid requires "
- "--non-interactive"));
- if (trust_other_failure)
+ if (trust_unknown_ca || trust_cn_mismatch || trust_expired
+ || trust_not_yet_valid || trust_other_failure)
return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-other-failure requires "
+ _("--trust-server-cert-failures requires "
"--non-interactive"));
}
Modified: subversion/trunk/subversion/svnsync/svnsync.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svnsync/svnsync.c?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/svnsync/svnsync.c (original)
+++ subversion/trunk/subversion/svnsync/svnsync.c Mon May 11 11:56:46 2015
@@ -68,11 +68,7 @@ enum svnsync__opt {
svnsync_opt_disable_locking,
svnsync_opt_version,
svnsync_opt_trust_server_cert,
- svnsync_opt_trust_server_cert_unknown_ca,
- svnsync_opt_trust_server_cert_cn_mismatch,
- svnsync_opt_trust_server_cert_expired,
- svnsync_opt_trust_server_cert_not_yet_valid,
- svnsync_opt_trust_server_cert_other_failure,
+ svnsync_opt_trust_server_cert_failures,
svnsync_opt_allow_non_empty,
svnsync_opt_steal_lock
};
@@ -83,11 +79,7 @@ enum svnsync__opt {
svnsync_opt_auth_username, \
svnsync_opt_auth_password, \
svnsync_opt_trust_server_cert, \
- svnsync_opt_trust_server_cert_unknown_ca, \
- svnsync_opt_trust_server_cert_cn_mismatch, \
- svnsync_opt_trust_server_cert_expired, \
- svnsync_opt_trust_server_cert_not_yet_valid, \
- svnsync_opt_trust_server_cert_other_failure, \
+ svnsync_opt_trust_server_cert_failures, \
svnsync_opt_source_username, \
svnsync_opt_source_password, \
svnsync_opt_sync_username, \
@@ -204,29 +196,17 @@ static const apr_getopt_option_t svnsync
" "
"see --source-password and --sync-password)") },
{"trust-server-cert", svnsync_opt_trust_server_cert, 0,
- N_("deprecated; same as --trust-unknown-ca")},
- {"trust-unknown-ca", svnsync_opt_trust_server_cert_unknown_ca, 0,
- N_("with --non-interactive, accept SSL server\n"
+ N_("deprecated; same as\n"
" "
- "certificates from unknown certificate authorities")},
- {"trust-cn-mismatch", svnsync_opt_trust_server_cert_cn_mismatch, 0,
+ "--trust-server-cert-failures=unknown-ca")},
+ {"trust-server-cert-failures", svnsync_opt_trust_server_cert_failures, 1,
N_("with --non-interactive, accept SSL server\n"
" "
- "certificates even if the server hostname does not\n"
- " "
- "match the certificate's common name attribute")},
- {"trust-expired", svnsync_opt_trust_server_cert_expired, 0,
- N_("with --non-interactive, accept expired SSL server\n"
+ "certificates with failures; ARG is comma-\n"
" "
- "certificates")},
- {"trust-not-yet-valid", svnsync_opt_trust_server_cert_not_yet_valid, 0,
- N_("with --non-interactive, accept SSL server\n"
- " "
- "certificates from the future")},
- {"trust-other-failure", svnsync_opt_trust_server_cert_other_failure, 0,
- N_("with --non-interactive, accept SSL server\n"
+ "separated list of 'unknown-ca', 'cn-mismatch',\n"
" "
- "certificates with failures other than the above")},
+ "'expired', 'not-yet-valid', and 'other'.")},
{"source-username", svnsync_opt_source_username, 1,
N_("connect to source repository with username ARG") },
{"source-password", svnsync_opt_source_password, 1,
@@ -2008,24 +1988,18 @@ sub_main(int *exit_code, int argc, const
break;
case svnsync_opt_trust_server_cert: /* backwards compat */
- case svnsync_opt_trust_server_cert_unknown_ca:
opt_baton.trust_server_cert_unknown_ca = TRUE;
break;
- case svnsync_opt_trust_server_cert_cn_mismatch:
- opt_baton.trust_server_cert_cn_mismatch = TRUE;
- break;
-
- case svnsync_opt_trust_server_cert_expired:
- opt_baton.trust_server_cert_expired = TRUE;
- break;
-
- case svnsync_opt_trust_server_cert_not_yet_valid:
- opt_baton.trust_server_cert_not_yet_valid = TRUE;
- break;
-
- case svnsync_opt_trust_server_cert_other_failure:
- opt_baton.trust_server_cert_other_failure = TRUE;
+ case svnsync_opt_trust_server_cert_failures:
+ SVN_ERR(svn_utf_cstring_to_utf8(&opt_arg, opt_arg, pool));
+ SVN_ERR(svn_cmdline__parse_trust_options(
+ &opt_baton.trust_server_cert_unknown_ca,
+ &opt_baton.trust_server_cert_cn_mismatch,
+ &opt_baton.trust_server_cert_expired,
+ &opt_baton.trust_server_cert_not_yet_valid,
+ &opt_baton.trust_server_cert_other_failure,
+ opt_arg, "svnsync: ", pool));
break;
case svnsync_opt_no_auth_cache:
@@ -2216,25 +2190,13 @@ sub_main(int *exit_code, int argc, const
/* --trust-* can only be used with --non-interactive */
if (!opt_baton.non_interactive)
{
- if (opt_baton.trust_server_cert_unknown_ca)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-unknown-ca requires "
- "--non-interactive"));
- if (opt_baton.trust_server_cert_cn_mismatch)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-cn-mismatch requires "
- "--non-interactive"));
- if (opt_baton.trust_server_cert_expired)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-expired requires "
- "--non-interactive"));
- if (opt_baton.trust_server_cert_not_yet_valid)
- return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-not-yet-valid requires "
- "--non-interactive"));
- if (opt_baton.trust_server_cert_other_failure)
+ if (opt_baton.trust_server_cert_unknown_ca
+ || opt_baton.trust_server_cert_cn_mismatch
+ || opt_baton.trust_server_cert_expired
+ || opt_baton.trust_server_cert_not_yet_valid
+ || opt_baton.trust_server_cert_other_failure)
return svn_error_create(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
- _("--trust-other-failure requires "
+ _("--trust-server-cert-failures requires "
"--non-interactive"));
}
Modified: subversion/trunk/subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout?rev=1678734&r1=1678733&r2=1678734&view=diff
==============================================================================
--- subversion/trunk/subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout (original)
+++ subversion/trunk/subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout Mon May 11 11:56:46 2015
@@ -122,18 +122,12 @@ Global options:
only if standard input is a terminal device)
--force-interactive : do interactive prompting even if standard input
is not a terminal device
- --trust-server-cert : deprecated; same as --trust-unknown-ca
- --trust-unknown-ca : with --non-interactive, accept SSL server
- certificates from unknown certificate authorities
- --trust-cn-mismatch : with --non-interactive, accept SSL server
- certificates even if the server hostname does not
- match the certificate's common name attribute
- --trust-expired : with --non-interactive, accept expired SSL server
- certificates
- --trust-not-yet-valid : with --non-interactive, accept SSL server
- certificates from the future
- --trust-other-failure : with --non-interactive, accept SSL server
- certificates with failures other than the above
+ --trust-server-cert : deprecated; same as
+ --trust-server-cert-failures=unknown-ca
+ --trust-server-cert-failures ARG : with --non-interactive, accept SSL server
+ certificates with failures; ARG is comma-
+ separated list of 'unknown-ca', 'cn-mismatch',
+ 'expired', 'not-yet-valid', and 'other'.
--config-dir ARG : read user configuration files from directory ARG
--config-option ARG : set user configuration option in the format:
FILE:SECTION:OPTION=[VALUE]
@@ -215,18 +209,12 @@ Global options:
only if standard input is a terminal device)
--force-interactive : do interactive prompting even if standard input
is not a terminal device
- --trust-server-cert : deprecated; same as --trust-unknown-ca
- --trust-unknown-ca : with --non-interactive, accept SSL server
- certificates from unknown certificate authorities
- --trust-cn-mismatch : with --non-interactive, accept SSL server
- certificates even if the server hostname does not
- match the certificate's common name attribute
- --trust-expired : with --non-interactive, accept expired SSL server
- certificates
- --trust-not-yet-valid : with --non-interactive, accept SSL server
- certificates from the future
- --trust-other-failure : with --non-interactive, accept SSL server
- certificates with failures other than the above
+ --trust-server-cert : deprecated; same as
+ --trust-server-cert-failures=unknown-ca
+ --trust-server-cert-failures ARG : with --non-interactive, accept SSL server
+ certificates with failures; ARG is comma-
+ separated list of 'unknown-ca', 'cn-mismatch',
+ 'expired', 'not-yet-valid', and 'other'.
--config-dir ARG : read user configuration files from directory ARG
--config-option ARG : set user configuration option in the format:
FILE:SECTION:OPTION=[VALUE]
Re: svn commit: r1678734 - in
/subversion/trunk/subversion:include/private/ libsvn_subr/ svn/ svnbench/
svnmucc/ svnrdump/ svnsync/tests/cmdline/getopt_tests_data/
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Bert Huijben wrote on Mon, May 11, 2015 at 19:13:33 +0200:
> Hmm. I think I copied that from some code that uses it for showing warnings. (The config options parse function)
>
The --config-option parser needs 'prefix' because it calls
svn_handle_warning2(). You just call svn_error_create() so you don't
need a 'prefix' function.
Daniel
> Bert
>
> -----Original Message-----
> From: "Philip Martin" <ph...@wandisco.com>
> Sent: 11-5-2015 18:33
> To: "rhuijben@apache.org" <rh...@apache.org>
> Cc: "dev@subversion.apache.org" <de...@subversion.apache.org>
> Subject: Re: svn commit: r1678734 - in /subversion/trunk/subversion:include/private/ libsvn_subr/ svn/ svnbench/ svnmucc/ svnrdump/ svnsync/tests/cmdline/getopt_tests_data/
>
> rhuijben@apache.org writes:
>
> > Author: rhuijben
> > Date: Mon May 11 11:56:46 2015
> > New Revision: 1678734
>
> > +svn_error_t *
> > +svn_cmdline__parse_trust_options(
> > + svn_boolean_t *trust_server_cert_unknown_ca,
> > + svn_boolean_t *trust_server_cert_cn_mismatch,
> > + svn_boolean_t *trust_server_cert_expired,
> > + svn_boolean_t *trust_server_cert_not_yet_valid,
> > + svn_boolean_t *trust_server_cert_other_failure,
> > + const char *opt_arg,
> > + const char *error_prefix,
> > + apr_pool_t *scratch_pool)
>
> > + return svn_error_createf(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
> > + _("%sUnknown value '%s' for %s.\n"
> > + "Supported values: %s"),
> > + error_prefix ? error_prefix : "",
> > + value,
> > + "--trust-server-cert-failures",
> > + "unknown-ca, cn-mismatch, expired, "
> > + "not-yet-valid, other");
>
> Why are you using error_prefix here? We don't usually do that. It
> leads to output like "svn: E205000: svn:" with duplicate "svn:"
>
> $ svn ls --trust-server-cert-failures foo --non-interactive
> svn: E205000: svn: Unknown value 'foo' for --trust-server-cert-failures.
> Supported values: unknown-ca, cn-mismatch, expired, not-yet-valid, other
>
>
> --
> Philip Martin | Subversion Committer
> WANdisco // *Non-Stop Data*
RE: svn commit: r1678734 - in
/subversion/trunk/subversion:include/private/ libsvn_subr/ svn/ svnbench/
svnmucc/ svnrdump/ svnsync/tests/cmdline/getopt_tests_data/
Posted by Bert Huijben <be...@qqmail.nl>.
Hmm. I think I copied that from some code that uses it for showing warnings. (The config options parse function)
Bert
-----Original Message-----
From: "Philip Martin" <ph...@wandisco.com>
Sent: 11-5-2015 18:33
To: "rhuijben@apache.org" <rh...@apache.org>
Cc: "dev@subversion.apache.org" <de...@subversion.apache.org>
Subject: Re: svn commit: r1678734 - in /subversion/trunk/subversion:include/private/ libsvn_subr/ svn/ svnbench/ svnmucc/ svnrdump/ svnsync/tests/cmdline/getopt_tests_data/
rhuijben@apache.org writes:
> Author: rhuijben
> Date: Mon May 11 11:56:46 2015
> New Revision: 1678734
> +svn_error_t *
> +svn_cmdline__parse_trust_options(
> + svn_boolean_t *trust_server_cert_unknown_ca,
> + svn_boolean_t *trust_server_cert_cn_mismatch,
> + svn_boolean_t *trust_server_cert_expired,
> + svn_boolean_t *trust_server_cert_not_yet_valid,
> + svn_boolean_t *trust_server_cert_other_failure,
> + const char *opt_arg,
> + const char *error_prefix,
> + apr_pool_t *scratch_pool)
> + return svn_error_createf(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
> + _("%sUnknown value '%s' for %s.\n"
> + "Supported values: %s"),
> + error_prefix ? error_prefix : "",
> + value,
> + "--trust-server-cert-failures",
> + "unknown-ca, cn-mismatch, expired, "
> + "not-yet-valid, other");
Why are you using error_prefix here? We don't usually do that. It
leads to output like "svn: E205000: svn:" with duplicate "svn:"
$ svn ls --trust-server-cert-failures foo --non-interactive
svn: E205000: svn: Unknown value 'foo' for --trust-server-cert-failures.
Supported values: unknown-ca, cn-mismatch, expired, not-yet-valid, other
--
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*
Re: svn commit: r1678734 - in /subversion/trunk/subversion: include/private/ libsvn_subr/ svn/ svnbench/ svnmucc/ svnrdump/ svnsync/ tests/cmdline/getopt_tests_data/
Posted by Philip Martin <ph...@wandisco.com>.
rhuijben@apache.org writes:
> Author: rhuijben
> Date: Mon May 11 11:56:46 2015
> New Revision: 1678734
> +svn_error_t *
> +svn_cmdline__parse_trust_options(
> + svn_boolean_t *trust_server_cert_unknown_ca,
> + svn_boolean_t *trust_server_cert_cn_mismatch,
> + svn_boolean_t *trust_server_cert_expired,
> + svn_boolean_t *trust_server_cert_not_yet_valid,
> + svn_boolean_t *trust_server_cert_other_failure,
> + const char *opt_arg,
> + const char *error_prefix,
> + apr_pool_t *scratch_pool)
> + return svn_error_createf(SVN_ERR_CL_ARG_PARSING_ERROR, NULL,
> + _("%sUnknown value '%s' for %s.\n"
> + "Supported values: %s"),
> + error_prefix ? error_prefix : "",
> + value,
> + "--trust-server-cert-failures",
> + "unknown-ca, cn-mismatch, expired, "
> + "not-yet-valid, other");
Why are you using error_prefix here? We don't usually do that. It
leads to output like "svn: E205000: svn:" with duplicate "svn:"
$ svn ls --trust-server-cert-failures foo --non-interactive
svn: E205000: svn: Unknown value 'foo' for --trust-server-cert-failures.
Supported values: unknown-ca, cn-mismatch, expired, not-yet-valid, other
--
Philip Martin | Subversion Committer
WANdisco // *Non-Stop Data*