> -----Original Message-----
> From: Stefan Sperling [mailto:s...@apache.org]
> Sent: donderdag 27 februari 2014 13:27
> To: Bert Huijben
> Cc: dev@subversion.apache.org
> Subject: Re: svn commit: r1572105 - in /subversion/trunk/subversion:
> svn/auth-cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn--
> help_stdout tests/cmdline/getopt_tests_data/svn_help_stdout
>
> On Thu, Feb 27, 2014 at 02:13:10AM +0100, Bert Huijben wrote:
> >
> >
> > > -----Original Message-----
> > > From: s...@apache.org [mailto:s...@apache.org]
> > > Sent: woensdag 26 februari 2014 16:48
> > > To: comm...@subversion.apache.org
> > > Subject: svn commit: r1572105 - in /subversion/trunk/subversion:
> svn/auth-
> > > cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn--
> help_stdout
> > > tests/cmdline/getopt_tests_data/svn_help_stdout
> > >
> > > Author: stsp
> > > Date: Wed Feb 26 15:48:06 2014
> > > New Revision: 1572105
> > >
> > > URL: http://svn.apache.org/r1572105
> > > Log:
> > > Introduce 'svn auth', a subcommand for managing the authentication
> cache
> > > which supersedes the 'svnauth' tool. Currently, cached credentials can
be
> > > listed and removed. In the future, this subcommand could also provide
a
> > > mechanism to add credentials to the cache.
> >
> > Currently 'svn auth' is broken for ssl certificates on Windows, because
you
> use (a Serf api which uses) openssl without properly initializing openssl
first.
> >
> > This serf api, further uses stdio to access the certificate file, which
doesn't
> work on Windows without other workarounds.
> >
> > The problem in Serf is fixed in r2314, but this will bump the required
Serf
> version for 1.9.0 to a currently not released serf version, and I'm not
sure if
> that is what we want here.
> >
> > Bert
>
> Woah, I didn't know about this bug at all. This is news to me.
>
> I suspect this problem was only discovered recently?
> This problem would also have affected 'svnauth', so I'm not sure
> why we didn't know about this before and how it moving this
> functionality into 'svn' makes any difference. The feature must
> have been broken on Windows all along.
Did you write a test case that dumped a certificate?
You would have seen a line
[[
OPENSSL_Uplink(62BDF000,08): no OPENSSL_Applink
]]
Instead of the certificate and an exit of the process on Windows, if this
case was tested on the buildbots.
Lieven also thinks that using this function without a context is an invalid
use of serf, as it makes it impossible to use other implementations than
openssl.
And using 'serf' directly from 'svn' will make 'svn' directly link serf in
serf.exe on Windows, because the shared library instance in libsvn_ra-1.dll
is not accessible from svn.
Perhaps we should store/cache the information that we want to show in the
auth file itself...
That allows making the UI a lot easier and providing the same information to
other clients that don't want to depend on implementation details in the ra
and auth layers.
Bert
