I applied your patch on trunk and nominated it for the next 1.9 release. I
created a similar patch for 1.8 as the code has the same bug there. I think the
problem became visible after checking the accepted failures was improved in our
ra-serf library.
Bert
Sent from my Windows 10 phone
From: Doros Agathangelou
Sent: vrijdag 14 oktober 2016 02:37
To: dev@subversion.apache.org
Subject: [PATCH] Fix for temporarily accepting ssl certificate not working
injavahl
Hi All
I discovered a small bug in javahl and I believe I have a one line patch that
fixes it.
When connecting to a server via https and a self signed certificate is used on
the server, we get a callback on UserPasswordCallback.askTrustSSLServer()
method that asks the user whether to reject the certificate, accept it
temporarily or accept it permanently.
If we choose temporarily, whatever operation we were attempting fails with a
certificate not trusted error. The bug can be seen in a live environment by
using the subclipse plugin under Eclipse and trying to load a repository using
https:// from a server with a self signed certificate. When the accept
certificate dialog comes up, hit accept temporarily and you can see that the
operation fails because the certificate is not trusted.
As for the fix:
The following excerpt from Prompter.cpp shows the cred->accepted_failures =
failures; line. This is the line that 'accepts' any identified errors.
This line can be seen under the AcceptPermanently section but it is missing
under the AcceptTemporary section. Adding the line to the AcceptTemporary
section fixes this problem. The difference between the two blocks of code then
becomes whether the credentials may be saved or not (i.e. the cred->may_save
differs)
switch (authn.ask_trust_ssl_server(::Java::String(env, question), may_save))
{
case
org_apache_subversion_javahl_callback_UserPasswordCallback_AcceptTemporary:
cred->may_save = FALSE;
cred->accepted_failures = failures; // ** NEW LINE I ADDED **
*cred_p = cred;
break;
case
org_apache_subversion_javahl_callback_UserPasswordCallback_AcceptPermanently:
cred->may_save = TRUE;
cred->accepted_failures = failures;
*cred_p = cred;
break;
default:
*cred_p = NULL;
}
return SVN_NO_ERROR;
[[[
Fix for temporarily accepting ssl certificate not working in javahl
* subversion/bindings/javahl/native/Prompter.cpp
(accept certificate temporarily): set the accepted failures to the
identified failures in the temporarily accepted section
]]]
Best Regards
Doros
