On 27.02.2014 15:22, Bert Huijben wrote: > >> -----Original Message----- >> From: Stefan Sperling [mailto:s...@apache.org] >> Sent: donderdag 27 februari 2014 13:27 >> To: Bert Huijben >> Cc: dev@subversion.apache.org >> Subject: Re: svn commit: r1572105 - in /subversion/trunk/subversion: >> svn/auth-cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn-- >> help_stdout tests/cmdline/getopt_tests_data/svn_help_stdout >> >> On Thu, Feb 27, 2014 at 02:13:10AM +0100, Bert Huijben wrote: >>> >>>> -----Original Message----- >>>> From: s...@apache.org [mailto:s...@apache.org] >>>> Sent: woensdag 26 februari 2014 16:48 >>>> To: comm...@subversion.apache.org >>>> Subject: svn commit: r1572105 - in /subversion/trunk/subversion: >> svn/auth- >>>> cmd.c svn/cl.h svn/svn.c tests/cmdline/getopt_tests_data/svn-- >> help_stdout >>>> tests/cmdline/getopt_tests_data/svn_help_stdout >>>> >>>> Author: stsp >>>> Date: Wed Feb 26 15:48:06 2014 >>>> New Revision: 1572105 >>>> >>>> URL: http://svn.apache.org/r1572105 >>>> Log: >>>> Introduce 'svn auth', a subcommand for managing the authentication >> cache >>>> which supersedes the 'svnauth' tool. Currently, cached credentials can > be >>>> listed and removed. In the future, this subcommand could also provide > a >>>> mechanism to add credentials to the cache. >>> Currently 'svn auth' is broken for ssl certificates on Windows, because > you >> use (a Serf api which uses) openssl without properly initializing openssl > first. >>> This serf api, further uses stdio to access the certificate file, which > doesn't >> work on Windows without other workarounds. >>> The problem in Serf is fixed in r2314, but this will bump the required > Serf >> version for 1.9.0 to a currently not released serf version, and I'm not > sure if >> that is what we want here. >>> Bert >> Woah, I didn't know about this bug at all. This is news to me. >> >> I suspect this problem was only discovered recently? >> This problem would also have affected 'svnauth', so I'm not sure >> why we didn't know about this before and how it moving this >> functionality into 'svn' makes any difference. The feature must >> have been broken on Windows all along. > Did you write a test case that dumped a certificate? > > You would have seen a line > [[ > OPENSSL_Uplink(62BDF000,08): no OPENSSL_Applink > ]] > Instead of the certificate and an exit of the process on Windows, if this > case was tested on the buildbots. > > > Lieven also thinks that using this function without a context is an invalid > use of serf, as it makes it impossible to use other implementations than > openssl. > > And using 'serf' directly from 'svn' will make 'svn' directly link serf in > serf.exe on Windows, because the shared library instance in libsvn_ra-1.dll > is not accessible from svn.
And why is that a problem? The alternative (as Stefan pointed out) is to do all this with raw OpenSSL; and make "svn" depend on that; and write yet another cert parser. -- Brane -- Branko Čibej | Director of Subversion WANdisco // Non-Stop Data e. br...@wandisco.com
