You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@subversion.apache.org by st...@apache.org on 2014/02/27 14:13:44 UTC

svn commit: r1572548 - /subversion/trunk/subversion/svn/auth-cmd.c

Author: stsp
Date: Thu Feb 27 13:13:44 2014
New Revision: 1572548

URL: http://svn.apache.org/r1572548
Log:
* subversion/svn/auth-cmd.c: Disable pretty-printing on SSL certs on Windows,
   because it is broken with all currently released versions of serf.
   To make it easier to enable/disable this feature, add a new
   SVN_AUTH_PRETTY_PRINT_SSL_CERTS define switch instead of directly
   using SVN_HAVE_SERF for this purpose.

Found by: rhuijben

Modified:
    subversion/trunk/subversion/svn/auth-cmd.c

Modified: subversion/trunk/subversion/svn/auth-cmd.c
URL: http://svn.apache.org/viewvc/subversion/trunk/subversion/svn/auth-cmd.c?rev=1572548&r1=1572547&r2=1572548&view=diff
==============================================================================
--- subversion/trunk/subversion/svn/auth-cmd.c (original)
+++ subversion/trunk/subversion/svn/auth-cmd.c Thu Feb 27 13:13:44 2014
@@ -32,6 +32,15 @@
 
 #ifdef SVN_HAVE_SERF
 #include <serf.h>
+
+/* Don't enable SSL cert pretty-printing on Windows yet because of a
+   known issue in serf. See serf's r2314. Once this fix is part of a
+   serf release, we'll want a SERF_VERSION_AT_LEAST() check here. */
+#ifndef WIN32
+#define SVN_AUTH_PRETTY_PRINT_SSL_CERTS
+#endif
+#else /* !SVN_HAVE_SERF */
+#undef SVN_AUTH_PRETTY_PRINT_SSL_CERTS
 #endif
 
 #include "svn_private_config.h"
@@ -56,7 +65,7 @@
 #define SEP_STRING \
   "------------------------------------------------------------------------\n"
 
-#ifdef SVN_HAVE_SERF
+#ifdef SVN_AUTH_PRETTY_PRINT_SSL_CERTS
 /* Because APR hash order is unstable we use a token map of keys
  * to ensure values are always presented in the same order. */
 typedef enum svnauth__cert_info_keys {
@@ -197,9 +206,7 @@ split_ascii_cert(const char *ascii_cert,
 
   return svn_cstring_join(lines, "\n", result_pool);
 }
-#endif /* SVN_HAVE_SERF */
 
-#ifdef SVN_HAVE_SERF
 static svn_error_t *
 load_cert(serf_ssl_certificate_t **cert,
           const char *ascii_cert,
@@ -259,7 +266,7 @@ static svn_error_t *
 show_ascii_cert(const char *ascii_cert,
                 apr_pool_t *scratch_pool)
 {
-#ifdef SVN_HAVE_SERF
+#ifdef SVN_AUTH_PRETTY_PRINT_SSL_CERTS
   serf_ssl_certificate_t *cert;
   apr_hash_t *cert_info;
 
@@ -297,7 +304,7 @@ show_ascii_cert(const char *ascii_cert,
   SVN_ERR(svn_cmdline_printf(scratch_pool,
                              _("Base64-encoded certificate: %s\n"),
                              ascii_cert));
-#endif /* SVN_HAVE_SERF */
+#endif /* SVN_AUTH_PRETTY_PRINT_SSL_CERTS */
 
   return SVN_NO_ERROR;
 }
@@ -369,7 +376,7 @@ match_pattern(const char *pattern, const
   return (apr_fnmatch(p, value, 0) == APR_SUCCESS);
 }
 
-#ifdef SVN_HAVE_SERF
+#ifdef SVN_AUTH_PRETTY_PRINT_SSL_CERTS
 static svn_error_t *
 match_cert_info(svn_boolean_t *match,
                 const char *pattern,
@@ -405,7 +412,7 @@ match_ascii_cert(svn_boolean_t *match,
                  const char *ascii_cert,
                  apr_pool_t *scratch_pool)
 {
-#ifdef SVN_HAVE_SERF
+#ifdef SVN_AUTH_PRETTY_PRINT_SSL_CERTS
   serf_ssl_certificate_t *cert;
   apr_hash_t *cert_info;

RE: svn commit: r1572548 - /subversion/trunk/subversion/svn/auth-cmd.c

Posted by Bert Huijben <be...@qqmail.nl>.


> -----Original Message-----
> From: stsp@apache.org [mailto:stsp@apache.org]
> Sent: donderdag 27 februari 2014 14:14
> To: commits@subversion.apache.org
> Subject: svn commit: r1572548 - /subversion/trunk/subversion/svn/auth-
> cmd.c
> 
> Author: stsp
> Date: Thu Feb 27 13:13:44 2014
> New Revision: 1572548
> 
> URL: http://svn.apache.org/r1572548
> Log:
> * subversion/svn/auth-cmd.c: Disable pretty-printing on SSL certs on
> Windows,
>    because it is broken with all currently released versions of serf.
>    To make it easier to enable/disable this feature, add a new
>    SVN_AUTH_PRETTY_PRINT_SSL_CERTS define switch instead of directly
>    using SVN_HAVE_SERF for this purpose.

Note that the function is also unreliable on other platforms... You are not allowed to call openssl functions, before initializing openssl!

The problem is just bigger on Windows, as it breaks harder there. But perhaps the next openssl crashes harder on another platform.

	Bert

RE: svn commit: r1572548 - /subversion/trunk/subversion/svn/auth-cmd.c

Posted by Bert Huijben <be...@qqmail.nl>.


> -----Original Message-----
> From: stsp@apache.org [mailto:stsp@apache.org]
> Sent: donderdag 27 februari 2014 14:14
> To: commits@subversion.apache.org
> Subject: svn commit: r1572548 - /subversion/trunk/subversion/svn/auth-
> cmd.c
> 
> Author: stsp
> Date: Thu Feb 27 13:13:44 2014
> New Revision: 1572548
> 
> URL: http://svn.apache.org/r1572548
> Log:
> * subversion/svn/auth-cmd.c: Disable pretty-printing on SSL certs on
> Windows,
>    because it is broken with all currently released versions of serf.
>    To make it easier to enable/disable this feature, add a new
>    SVN_AUTH_PRETTY_PRINT_SSL_CERTS define switch instead of directly
>    using SVN_HAVE_SERF for this purpose.

Note that the function is also unreliable on other platforms... You are not allowed to call openssl functions, before initializing openssl!

The problem is just bigger on Windows, as it breaks harder there. But perhaps the next openssl crashes harder on another platform.

	Bert