You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by sv...@apache.org on 2018/10/02 04:00:05 UTC
svn commit: r1842578 - in /subversion/branches/1.10.x: ./ STATUS
subversion/libsvn_ra_serf/util.c
subversion/libsvn_subr/ssl_client_cert_pw_providers.c
Author: svn-role
Date: Tue Oct 2 04:00:05 2018
New Revision: 1842578
URL: http://svn.apache.org/viewvc?rev=1842578&view=rev
Log:
Merge the r1836762 group from trunk:
* r1836762, r1836802
Store the HTTPS client cert password.
Justification:
Restores a feature lost when we switched from neon to serf.
Votes:
+1: philip, rhuijben, stsp
Modified:
subversion/branches/1.10.x/ (props changed)
subversion/branches/1.10.x/STATUS
subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c
subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
Propchange: subversion/branches/1.10.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Oct 2 04:00:05 2018
@@ -101,4 +101,4 @@
/subversion/branches/verify-at-commit:1462039-1462408
/subversion/branches/verify-keep-going:1439280-1546110
/subversion/branches/wc-collate-path:1402685-1480384
-/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822587,1822591,1822996,1823202-1823203,1823211,1823327,1823791,1823966,1823989,1824033,1825024,1825045,1825215,1825266,1825306,1825709,1825711,1825721,1825736,1825778,1825783,1825787-1825788,1825979,1826720-1826721,1826747,1826811,1826814,1826877,1826907,1826971,1827105,1827114,1827191,1827562,1827574,1827670,1828613,1829012,1829015,1829241,1829260,1829344,1830083,1830882-1830883,1830885,1830900-1830901,1831110,1831112,1831540,1833465,1833621,1833836,1833842,1833864,1833866,1833895,1833897,1833899,1833901,1835760,1836306,1837037
+/subversion/trunk:1817837,1817856,1818577-1818578,1818584,1818651,1818662,1818727,1818801,1818803,1818807,1818868,1818871,1819036-1819037,1819043,1819049,1819052,1819093,1819146,1819162,1819444,1819556-1819557,1819603,1819804,1819911,1820044,1820046-1820047,1820518,1820627,1820718,1820778,1821183,1821224,1821621,1821678,1822401,1822587,1822591,1822996,1823202-1823203,1823211,1823327,1823791,1823966,1823989,1824033,1825024,1825045,1825215,1825266,1825306,1825709,1825711,1825721,1825736,1825778,1825783,1825787-1825788,1825979,1826720-1826721,1826747,1826811,1826814,1826877,1826907,1826971,1827105,1827114,1827191,1827562,1827574,1827670,1828613,1829012,1829015,1829241,1829260,1829344,1830083,1830882-1830883,1830885,1830900-1830901,1831110,1831112,1831540,1833465,1833621,1833836,1833842,1833864,1833866,1833895,1833897,1833899,1833901,1835760,1836306,1836762,1836802,1837037
Modified: subversion/branches/1.10.x/STATUS
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/STATUS?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/STATUS (original)
+++ subversion/branches/1.10.x/STATUS Tue Oct 2 04:00:05 2018
@@ -21,13 +21,6 @@ Veto-blocked changes:
Approved changes:
=================
- * r1836762, r1836802
- Store the HTTPS client cert password.
- Justification:
- Restores a feature lost when we switched from neon to serf.
- Votes:
- +1: philip, rhuijben, stsp
-
* r1834612, r1834835
On the '1.10.x-issue4758' branch: Fix SVN-4758 "Unable to shelve changes
when using custom diff-cmd".
Modified: subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/branches/1.10.x/subversion/libsvn_ra_serf/util.c Tue Oct 2 04:00:05 2018
@@ -756,6 +756,9 @@ handle_client_cert_pw(void *data,
if (creds)
{
+ /* At this stage we are unable to check whether the password
+ is correct; if it is incorrect serf will fail to establish
+ an SSL connection and will return a generic SSL error. */
svn_auth_cred_ssl_client_cert_pw_t *pw_creds;
pw_creds = creds;
*password = pw_creds->password;
@@ -1445,6 +1448,23 @@ handle_response(serf_request_t *request,
process_body:
+ /* A client cert file password was obtained and worked (any HTTP
+ response means that the SSL connection was established.) */
+ if (handler->conn->ssl_client_pw_auth_state)
+ {
+ SVN_ERR(svn_auth_save_credentials(handler->conn->ssl_client_pw_auth_state,
+ handler->session->pool));
+ handler->conn->ssl_client_pw_auth_state = NULL;
+ }
+ if (handler->conn->ssl_client_auth_state)
+ {
+ /* The cert file provider doesn't have any code to save creds so
+ this is currently a no-op. */
+ SVN_ERR(svn_auth_save_credentials(handler->conn->ssl_client_auth_state,
+ handler->session->pool));
+ handler->conn->ssl_client_auth_state = NULL;
+ }
+
/* We've been instructed to ignore the body. Drain whatever is present. */
if (handler->discard_body)
{
Modified: subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c
URL: http://svn.apache.org/viewvc/subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c?rev=1842578&r1=1842577&r2=1842578&view=diff
==============================================================================
--- subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c (original)
+++ subversion/branches/1.10.x/subversion/libsvn_subr/ssl_client_cert_pw_providers.c Tue Oct 2 04:00:05 2018
@@ -36,7 +36,7 @@
#include "svn_private_config.h"
/*-----------------------------------------------------------------------*/
-/* File provider */
+/* File password provider */
/*-----------------------------------------------------------------------*/
/* Baton type for the ssl client cert passphrase provider. */
@@ -51,6 +51,13 @@ typedef struct ssl_client_cert_pw_file_p
apr_hash_t *plaintext_answers;
} ssl_client_cert_pw_file_provider_baton_t;
+/* The client cert password provider only deals with a password and
+ realm (the client cert filename), there is no username. The gnome
+ keyring backend based on libsecret requires a non-NULL username so
+ we have to invent one. An empty string is acceptable and doesn't
+ change the value stored by the kwallet backend. */
+#define DUMMY_USERNAME ""
+
/* This implements the svn_auth__password_get_t interface.
Set **PASSPHRASE to the plaintext passphrase retrieved from CREDS;
ignore other parameters. */
@@ -132,7 +139,8 @@ svn_auth__ssl_client_cert_pw_cache_get(v
svn_boolean_t done;
SVN_ERR(passphrase_get(&done, &password, creds_hash, realmstring,
- NULL, parameters, non_interactive, pool));
+ DUMMY_USERNAME, parameters, non_interactive,
+ pool));
if (!done)
password = NULL;
}
@@ -293,7 +301,7 @@ svn_auth__ssl_client_cert_pw_cache_set(s
if (may_save_passphrase)
{
SVN_ERR(passphrase_set(saved, creds_hash, realmstring,
- NULL, creds->password, parameters,
+ DUMMY_USERNAME, creds->password, parameters,
non_interactive, pool));
if (*saved && passtype)