You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2014/01/26 05:04:31 UTC

svn commit: r1561442 - in /subversion/branches/1.8.x: ./ STATUS subversion/libsvn_ra_serf/util.c

Author: svn-role
Date: Sun Jan 26 04:04:30 2014
New Revision: 1561442

URL: http://svn.apache.org/r1561442
Log:
Merge r1535532 from trunk:

 * r1535532
   Make the certificate verification handling in ra_serf properly ask multiple
   providers for acceptance of certificate failures.
   Justification:
     Without this patch it is not possible to have one hook accept invalid
     ca roots, while another provider accepts an invalid date on a certificate.
     Probably only interesting for bindings and code that explicitly tests
     our certificate handling behavior.
   Votes:
     +1: rhuijben, stefan2, steveking

Modified:
    subversion/branches/1.8.x/   (props changed)
    subversion/branches/1.8.x/STATUS
    subversion/branches/1.8.x/subversion/libsvn_ra_serf/util.c

Propchange: subversion/branches/1.8.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1535532

Modified: subversion/branches/1.8.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/STATUS?rev=1561442&r1=1561441&r2=1561442&view=diff
==============================================================================
--- subversion/branches/1.8.x/STATUS (original)
+++ subversion/branches/1.8.x/STATUS Sun Jan 26 04:04:30 2014
@@ -264,17 +264,6 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1535532
-   Make the certificate verification handling in ra_serf properly ask multiple
-   providers for acceptance of certificate failures.
-   Justification:
-     Without this patch it is not possible to have one hook accept invalid
-     ca roots, while another provider accepts an invalid date on a certificate.
-     Probably only interesting for bindings and code that explicitly tests
-     our certificate handling behavior.
-   Votes:
-     +1: rhuijben, stefan2, steveking
-
  * r1560690, r1560701
    Fix repository-WC copies into relocated working copies and some wc-wc
    copy problems.

Modified: subversion/branches/1.8.x/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.8.x/subversion/libsvn_ra_serf/util.c?rev=1561442&r1=1561441&r2=1561442&view=diff
==============================================================================
--- subversion/branches/1.8.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.8.x/subversion/libsvn_ra_serf/util.c Sun Jan 26 04:04:30 2014
@@ -347,13 +347,27 @@ ssl_server_cert(void *baton, int failure
   if (creds)
     {
       server_creds = creds;
+      svn_failures &= ~server_creds->accepted_failures;
       SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
     }
 
+  while (svn_failures && creds)
+    {
+      SVN_ERR(svn_auth_next_credentials(&creds, state, scratch_pool));
+
+      if (creds)
+        {
+          server_creds = creds;
+          svn_failures &= ~server_creds->accepted_failures;
+          SVN_ERR(svn_auth_save_credentials(state, scratch_pool));
+        }
+    }
+
   svn_auth_set_parameter(conn->session->wc_callbacks->auth_baton,
                          SVN_AUTH_PARAM_SSL_SERVER_CERT_INFO, NULL);
 
-  if (!server_creds)
+  /* Are there non accepted failures left? */
+  if (svn_failures)
     {
       svn_stringbuf_t *errmsg;
       int reasons = 0;