You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Sören Bernstein <qu...@barkhof.uni-bremen.de> on 2010/07/03 06:04:43 UTC
Regression: Bad cert handling in subversion 1.6.11
Hello all
since I've upgraded to subversion 1.6.11 found that there is a bug while
accepting bad certs. This is also true for 1.6.12. I'm running gentoo stable
amd64 and gentoo stable x86.
While checking out a trunk from svn with a bad server cert, svn warns about
it,but then it does not print the message with the options to except or
dicard. Instead it sits and waits for user input, AFTER which it will show the
input options.
Subversion 1.6.9 does not have the error.
Reproducible: Always
Steps to Reproduce:
1. Install subversion 1.6.11
2. Checkout from a server with bad cert
3. Wait for the warning message of subversion
Actual Results:
Subversion will print the information about the bad certificate and waits for
user input. After Input it will show the input options for the prior input.
Expected Results:
Subversion should print the input options before waiting for input.
A svn trunk with broken server cert could be found at:
https://svn.tabos.org/repos/ffgtk/trunk
CU
--
Dipl. Inform.
Sören Bernstein
ZeS, Barkhof
Universität Bremen
Re: Regression: Bad cert handling in subversion 1.6.11
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Sören Bernstein wrote on Sun, 4 Jul 2010 at 09:24 -0000:
> I don't have the sources installed, so there's nothing I can do with the
> diffset. But, there must be some differences between 1.6.9 and 1.6.11 because
> 1.6.9 is working correctly while 1.6.11 is not.
On Gentoo and doesn't have the sources installed? That's new to me.
Are 1.6.9 and 1.6.11 using exactly the same dependencies, environment,
etc.? Or have you upgraded other libraries too.
If you haven't done so already, feel free to make an entry in the bug
tracker, so this issue isn't forgotten.
> Maybe you should run a diif between those to versions.
Done, I didn't spot anything relevant. (If you see something, please
point it out.)
Re: Regression: Bad cert handling in subversion 1.6.11
Posted by Sören Bernstein <qu...@barkhof.uni-bremen.de>.
Am Sonntag 04 Juli 2010, 07:59:42 schrieb Daniel Shahaf:
> Sören Bernstein wrote on Sun, 4 Jul 2010 at 08:25 -0000:
> > Am Samstag 03 Juli 2010, 20:30:47 schrieben Sie:
> > > Firstly, thanks for the very clear bug report.
> > >
> > > Sören Bernstein wrote on Sat, 3 Jul 2010 at 09:04 -0000:
> > > > Hello all
> > > >
> > > > since I've upgraded to subversion 1.6.11 found that there is a bug
> > > > while accepting bad certs. This is also true for 1.6.12. I'm running
> > > > gentoo stable amd64 and gentoo stable x86.
> > > >
> > > > While checking out a trunk from svn with a bad server cert, svn warns
> > > > about it,but then it does not print the message with the options to
> > > > except or dicard. Instead it sits and waits for user input, AFTER
> > > > which it will show the input options.
> > > >
> > > > Subversion 1.6.9 does not have the error.
> > > >
> > > > Reproducible: Always
> > > >
> > > > Steps to Reproduce:
> > > > 1. Install subversion 1.6.11
> > > > 2. Checkout from a server with bad cert
> > > > 3. Wait for the warning message of subversion
> > > >
> > > > Actual Results:
> > > > Subversion will print the information about the bad certificate and
> > > > waits for user input. After Input it will show the input options for
> > > > the prior input.
> > > >
> > > > Expected Results:
> > > > Subversion should print the input options before waiting for input.
> > > >
> > > > A svn trunk with broken server cert could be found at:
> > > > https://svn.tabos.org/repos/ffgtk/trunk
> > >
> > > I cannot reproduce this using either svn 1.6.12 or svn 1.7.0-dev
> > > (>=r937607) on Windows, over neon, if I run
> > >
> > > svn co https://svn.tabos.org/repos/ffgtk/trunk
> > >
> > > then I get the following prompt:
> > > [[[
> > >
> > > Error validating server certificate for 'https://svn.tabos.org:443':
> > > - The certificate is not issued by a trusted authority. Use the
> > >
> > > fingerprint to validate the certificate manually!
> > >
> > > - The certificate hostname does not match.
> > >
> > > Certificate information:
> > > - Hostname: *.krueger-it.net
> > > - Valid: from Sat, 07 Feb 2009 13:02:12 GMT until Mon, 07 Feb 2011
> > >
> > > 13:02:12 GMT
> > >
> > > - Issuer: http://www.cacert.org, Root CA
> > >
> > > - Fingerprint:
> > > a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21 (R)eject,
> > > accept (t)emporarily or accept (p)ermanently?
> > >
> > > ]]]
> > >
> > > Just to clarify, if you type 'R<newline>' blindly at the prompt, does
> > > svn read that and proceed to (R)eject the certificate? (it should
> > > print an error message)
> >
> > I'm running neon 0.29.3 which is the lastest stable version for gentoo
> > linux. Runnung svn co https://svn.tabos.org/repos/ffgtk/trunk leads to
> > this with system env set to german):
> >
> > [[[
> > Fehler bei der Validierung des Serverzertifikats für
> >
> > »https://svn.tabos.org:443«:
> > - Der Hostname des Zertifikats stimmt nicht überein.
> >
> > Zertifikats-Informationen:
> > - Hostname: *.krueger-it.net
> > - Gültig: von Sat, 07 Feb 2009 15:02:12 GMT bis Mon, 07 Feb 2011
> > 15:02:12 GMT - Aussteller: http://www.cacert.org, Root CA
> > - Fingerabdruck:
> > a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
> >
> > ]]]
> >
> > with LANG="en-US.UFT-8" I get:
> >
> > [[[
> >
> > Error validating server certificate for 'https://svn.tabos.org:443':
> > - The certificate hostname does not match.
> >
> > Certificate information:
> > - Hostname: *.krueger-it.net
> > - Valid: from Sat, 07 Feb 2009 15:02:12 GMT until Mon, 07 Feb 2011
> > 15:02:12
> >
> > GMT
> >
> > - Issuer: http://www.cacert.org, Root CA
> > - Fingerprint:
> > a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
> >
> > ]]]
> >
> > and subversion is waiting for user input. After the user input, which is
> > working as expected, I get the question with all the allowed option, but
> > it is a little to late for that:
> >
> > [[[
> > (R)eject, accept (t)emporarily or accept (p)ermanently?
> > ]]]
> >
> > In all other aspect the ceckout is working. So there is some mixup with
> > the question and the input reading.
>
> On the surface, the code seems okay: the "(R)eject" line is part of the
> same C-string as the rest of the prompt, and we do fflush() after
> printing the prompt.
>
> The following diff highlights the relevant parts in the code.
> [[[
> Index: subversion/libsvn_subr/prompt.c
> ===================================================================
> --- subversion/libsvn_subr/prompt.c (revision 958675)
> +++ subversion/libsvn_subr/prompt.c (working copy)
> @@ -105,6 +105,7 @@ prompt(const char **result,
> {
> svn_boolean_t saw_first_half_of_eol = FALSE;
> SVN_ERR(svn_cmdline_fputs(prompt_msg, stderr, pool));
> + SVN_ERR(svn_cmdline_fflush(stderr));
> fflush(stderr);
>
> while (1)
> @@ -302,11 +303,11 @@ svn_cmdline_auth_ssl_server_trust_prompt
> if (may_save)
> {
> svn_stringbuf_appendcstr
> - (buf, _("(R)eject, accept (t)emporarily or accept (p)ermanently?
> ")); + (buf, _("(R)eject, accept (t)emporarily or accept
> (p)ermanently? \n")); }
> else
> {
> - svn_stringbuf_appendcstr(buf, _("(R)eject or accept (t)emporarily?
> ")); + svn_stringbuf_appendcstr(buf, _("(R)eject or accept
> (t)emporarily? \n")); }
> SVN_ERR(prompt(&choice, buf->data, FALSE, pb, pool));
>
> ]]]
>
> > CU
> >
> > S. Bernstein
>
> (There's an svn_cmdline_fflush() because I didn't notice there is
> already fflush() there.)
I don't have the sources installed, so there's nothing I can do with the
diffset. But, there must be some differences between 1.6.9 and 1.6.11 because
1.6.9 is working correctly while 1.6.11 is not. Maybe you should run a diif
between those to versions.
--
Dipl. Inform.
Sören Bernstein
ZeS, Barkhof
Universität Bremen
Re: Regression: Bad cert handling in subversion 1.6.11
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Sören Bernstein wrote on Sun, 4 Jul 2010 at 08:25 -0000:
> Am Samstag 03 Juli 2010, 20:30:47 schrieben Sie:
> > Firstly, thanks for the very clear bug report.
> >
> > Sören Bernstein wrote on Sat, 3 Jul 2010 at 09:04 -0000:
> > > Hello all
> > >
> > > since I've upgraded to subversion 1.6.11 found that there is a bug while
> > > accepting bad certs. This is also true for 1.6.12. I'm running gentoo
> > > stable amd64 and gentoo stable x86.
> > >
> > > While checking out a trunk from svn with a bad server cert, svn warns
> > > about it,but then it does not print the message with the options to
> > > except or dicard. Instead it sits and waits for user input, AFTER which
> > > it will show the input options.
> > >
> > > Subversion 1.6.9 does not have the error.
> > >
> > > Reproducible: Always
> > >
> > > Steps to Reproduce:
> > > 1. Install subversion 1.6.11
> > > 2. Checkout from a server with bad cert
> > > 3. Wait for the warning message of subversion
> > >
> > > Actual Results:
> > > Subversion will print the information about the bad certificate and waits
> > > for user input. After Input it will show the input options for the prior
> > > input.
> > >
> > > Expected Results:
> > > Subversion should print the input options before waiting for input.
> > >
> > > A svn trunk with broken server cert could be found at:
> > > https://svn.tabos.org/repos/ffgtk/trunk
> >
> > I cannot reproduce this using either svn 1.6.12 or svn 1.7.0-dev
> > (>=r937607) on Windows, over neon, if I run
> >
> > svn co https://svn.tabos.org/repos/ffgtk/trunk
> >
> > then I get the following prompt:
> >
> > [[[
> > Error validating server certificate for 'https://svn.tabos.org:443':
> > - The certificate is not issued by a trusted authority. Use the
> > fingerprint to validate the certificate manually!
> > - The certificate hostname does not match.
> > Certificate information:
> > - Hostname: *.krueger-it.net
> > - Valid: from Sat, 07 Feb 2009 13:02:12 GMT until Mon, 07 Feb 2011
> > 13:02:12 GMT
> >
> > - Issuer: http://www.cacert.org, Root CA
> > - Fingerprint:
> > a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21 (R)eject,
> > accept (t)emporarily or accept (p)ermanently?
> > ]]]
> >
> > Just to clarify, if you type 'R<newline>' blindly at the prompt, does svn
> > read that and proceed to (R)eject the certificate? (it should print an
> > error message)
>
> I'm running neon 0.29.3 which is the lastest stable version for gentoo linux.
> Runnung svn co https://svn.tabos.org/repos/ffgtk/trunk leads to this with
> system env set to german):
>
> [[[
> Fehler bei der Validierung des Serverzertifikats für
> »https://svn.tabos.org:443«:
> - Der Hostname des Zertifikats stimmt nicht überein.
> Zertifikats-Informationen:
> - Hostname: *.krueger-it.net
> - Gültig: von Sat, 07 Feb 2009 15:02:12 GMT bis Mon, 07 Feb 2011 15:02:12 GMT
> - Aussteller: http://www.cacert.org, Root CA
> - Fingerabdruck: a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
> ]]]
>
> with LANG="en-US.UFT-8" I get:
>
> [[[
> Error validating server certificate for 'https://svn.tabos.org:443':
> - The certificate hostname does not match.
> Certificate information:
> - Hostname: *.krueger-it.net
> - Valid: from Sat, 07 Feb 2009 15:02:12 GMT until Mon, 07 Feb 2011 15:02:12
> GMT
> - Issuer: http://www.cacert.org, Root CA
> - Fingerprint: a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
> ]]]
>
> and subversion is waiting for user input. After the user input, which is
> working as expected, I get the question with all the allowed option, but it is
> a little to late for that:
>
> [[[
> (R)eject, accept (t)emporarily or accept (p)ermanently?
> ]]]
>
> In all other aspect the ceckout is working. So there is some mixup with the
> question and the input reading.
>
On the surface, the code seems okay: the "(R)eject" line is part of the
same C-string as the rest of the prompt, and we do fflush() after
printing the prompt.
The following diff highlights the relevant parts in the code.
[[[
Index: subversion/libsvn_subr/prompt.c
===================================================================
--- subversion/libsvn_subr/prompt.c (revision 958675)
+++ subversion/libsvn_subr/prompt.c (working copy)
@@ -105,6 +105,7 @@ prompt(const char **result,
{
svn_boolean_t saw_first_half_of_eol = FALSE;
SVN_ERR(svn_cmdline_fputs(prompt_msg, stderr, pool));
+ SVN_ERR(svn_cmdline_fflush(stderr));
fflush(stderr);
while (1)
@@ -302,11 +303,11 @@ svn_cmdline_auth_ssl_server_trust_prompt
if (may_save)
{
svn_stringbuf_appendcstr
- (buf, _("(R)eject, accept (t)emporarily or accept (p)ermanently? "));
+ (buf, _("(R)eject, accept (t)emporarily or accept (p)ermanently? \n"));
}
else
{
- svn_stringbuf_appendcstr(buf, _("(R)eject or accept (t)emporarily? "));
+ svn_stringbuf_appendcstr(buf, _("(R)eject or accept (t)emporarily? \n"));
}
SVN_ERR(prompt(&choice, buf->data, FALSE, pb, pool));
]]]
> CU
>
> S. Bernstein
>
(There's an svn_cmdline_fflush() because I didn't notice there is
already fflush() there.)
Re: Regression: Bad cert handling in subversion 1.6.11
Posted by Daniel Shahaf <d....@daniel.shahaf.name>.
Firstly, thanks for the very clear bug report.
Sören Bernstein wrote on Sat, 3 Jul 2010 at 09:04 -0000:
> Hello all
>
> since I've upgraded to subversion 1.6.11 found that there is a bug while
> accepting bad certs. This is also true for 1.6.12. I'm running gentoo stable
> amd64 and gentoo stable x86.
>
> While checking out a trunk from svn with a bad server cert, svn warns about
> it,but then it does not print the message with the options to except or
> dicard. Instead it sits and waits for user input, AFTER which it will show the
> input options.
>
> Subversion 1.6.9 does not have the error.
>
> Reproducible: Always
>
> Steps to Reproduce:
> 1. Install subversion 1.6.11
> 2. Checkout from a server with bad cert
> 3. Wait for the warning message of subversion
>
> Actual Results:
> Subversion will print the information about the bad certificate and waits for
> user input. After Input it will show the input options for the prior input.
>
> Expected Results:
> Subversion should print the input options before waiting for input.
>
> A svn trunk with broken server cert could be found at:
> https://svn.tabos.org/repos/ffgtk/trunk
>
I cannot reproduce this using either svn 1.6.12 or svn 1.7.0-dev
(>=r937607) on Windows, over neon, if I run
svn co https://svn.tabos.org/repos/ffgtk/trunk
then I get the following prompt:
[[[
Error validating server certificate for 'https://svn.tabos.org:443':
- The certificate is not issued by a trusted authority. Use the
fingerprint to validate the certificate manually!
- The certificate hostname does not match.
Certificate information:
- Hostname: *.krueger-it.net
- Valid: from Sat, 07 Feb 2009 13:02:12 GMT until Mon, 07 Feb 2011 13:02:12 GMT
- Issuer: http://www.cacert.org, Root CA
- Fingerprint: a2:d3:f0:83:f9:8e:96:dd:d6:7f:9e:eb:1f:0c:6a:56:28:86:e9:21
(R)eject, accept (t)emporarily or accept (p)ermanently?
]]]
Just to clarify, if you type 'R<newline>' blindly at the prompt, does svn
read that and proceed to (R)eject the certificate? (it should print an
error message)