My pages		Projects		Community		openCollabNet

Project tools

Project home

Membership

How do I...

Category	Featured projects
scm	Subversion, Subclipse, TortoiseSVN, RapidSVN
issuetrack	Scarab
requirements	xmlbasedsrs
design	ArgoUML
techcomm	SubEtha, eyebrowse, midgard, cowiki
construction	antelope, scons, frameworx, build-interceptor, propel, phing
testing	maxq, aut
deployment	current
process	ReadySET
libraries	GEF, Axion, Style, SSTree
Over 500 more tools...

Subversion and IDEs
Eclipse
JDeveloper
NetBeans
Visual Studio
Subversion Hosting

Tigris.org (Whole-Site) Admin Contacts
Announcements mail list
Status Blog at WordPress
@tigrisdotorg on Twitter
Problem reports on the whole site
Problems and suggestions about individual projects should go to users@thatproject.tigris.org

Discussions > dev [DISABLED] > [proposal] Add option for trusting server certs

subversion
Discussion topic

There will be a brief maintenance window every Friday at 17:00 Pacific.
For further details, see CollabNet's maintenance and upgrade policy.

Back to topic list

[proposal] Add option for trusting server certs

Hide message headers

Header	From: Daniel Rall <dlr at finemaltcoding dot com> To: dev at subversion dot tigris dot org Message-Id: <20050923231746 dot GE17658 at despot dot finemaltcoding dot com> Subject: [proposal] Add option for trusting server certs Return-Path: <dlr at dsl027-176-145 dot sfo1 dot dsl dot speakeasy dot net> Mailing-List: contact dev-help at subversion dot tigris dot org; run by ezmlm Delivered-To: mailing list dev at subversion dot tigris dot org Received: (qmail 15129 invoked from network); 23 Sep 2005 23:17:49 -0000 Received: from dsl027-176-145.sfo1.dsl.speakeasy.net (216.27.176.145) by sc79.sfo.collab.net with SMTP; 23 Sep 2005 23:17:49 -0000 Received: by dsl027-176-145.sfo1.dsl.speakeasy.net (Postfix, from userid 500) id DD6977DC889; Fri, 23 Sep 2005 16:17:48 -0700 (PDT) Date: Fri, 23 Sep 2005 16:17:46 -0700 Cc: madan at collab dot net, Joe Orton <joe at light dot plus dot com> References: <20050923190823 dot GQ11766 at despot dot finemaltcoding dot com> <OF7B6BB820 dot 5185E048-ON85257085 dot 006A3E7C-85257085 dot 006A91FF at softlanding dot com> <20050923193342 dot GD17658 at despot dot finemaltcoding dot com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050923193342 dot GD17658 at despot dot finemaltcoding dot com> User-Agent: Mutt/1.4.2.1i
Author	dlr
Full name	Daniel Rall
Date	2005-09-23 16:17:46 PDT
Message	Invocation of 'svn --non-interactive' which contacts a mod_dav_svn server over SSL should be possible. Currently, this doesn't seem to be possible for self-signed certificates. Use case: Code which has auth credentials available but does not run interactively should be able to contact a Subversion repository over SSL using ra_dav without having to jump through hoops (see "Existing work-arounds" below). Considerations: This is behavior inconsistent with other Subversion options and sub-commands, which all (?) provide a means to turn off interactivity without impacting their basic usage. svn's current behavior of identifying a server certificate as "issuer not trusted" is consistent with most web browsers for questionable server certs, which is to prompt for acceptance when a server cert with an unknown CA (e.g. self-signed). However, the fact that this behavior is absolute is not conducive to programmatic execution of svn or its APIs. I'm guessing that the experimental svnserve-ssl branch has similar issues, and would need to conform to any API modification. http://svn.collab.net/repos/svn/branches/svnserve-ssl/ Existing work-arounds: Open a pipe to the svn binary and omit --non-interactive. This has the unfortunate site effect of requiring the caller to handle _all_ possible interactivity, not just the "accept certificate" prompt (for instance, an auth failure will also re-prompt for auth). Especially when the caller actually desires the --non-interactive behavior for the non-server cert case, this is less than ideal. Suggested interface: Add the equivalent of a 'svn --trust-server-cert' argument to the libsvn_client and libsvn_ra APIs, and exposed it via the command-line client. Existing implementation: libsvn_ra_dav indirectly invokes Neon's ne_openssl.c:check_certificate() (passing in some callbacks), which hands back an error saying that the server cannot be trusted: case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: /* TODO: and probably more result codes here... / failures \|= NE_SSL_UNTRUSTED; ... if (failures == 0) { / verified OK! / ret = NE_OK; } else { / Set up the error string. / verify_err(sess, failures); ret = NE_ERROR; / Allow manual override / if (sess->ssl_verify_fn && sess->ssl_verify_fn(sess->ssl_verify_ud, failures, chain) == 0) ret = NE_OK; } Neon allows errors to be ignored via a ne_session callback: / A callback which is used when server certificate verification is * needed. The reasons for verification failure are given in the * 'failures' parameter, which is a binary OR of one or more of the * above NE_SSL_* values. failures is guaranteed to be non-zero. The * callback must return zero to accept the certificate: a non-zero * return value will fail the SSL negotiation. / typedef int (ne_ssl_verify_fn)(void userdata, int failures, const ne_ssl_certificate cert);

« Previous message in topic | 4 of 8 | Next message in topic »

Messages

Show all messages in topic

Subject	Author	Full name	Date posted +
Trusting server certs and --non-interactive SSL access	dlr	Daniel Rall	2005-09-23 12:08:23 PDT
Re: Trusting server certs and --non-interactive SSL access	Mark Phippard <MarkP at softlanding dot com>	Mark Phippard <MarkP at softlanding dot com>	2005-09-23 12:20:51 PDT
Re: Trusting server certs and --non-interactive SSL access	dlr	Daniel Rall	2005-09-23 12:33:42 PDT
[proposal] Add option for trusting server certs	dlr	Daniel Rall	2005-09-23 16:17:46 PDT
Re: [proposal] Add option for trusting server certs	joe	Joe Orton	2005-09-24 07:21:59 PDT
Re: [proposal] Add option for trusting server certs	sussman	Ben Collins-Sussman	2005-09-24 08:54:56 PDT
Re: [proposal] Add option for trusting server certs	brane	Branko Cibej	2005-09-24 09:35:39 PDT
Re: [proposal] Add option for trusting server certs	dlr	Daniel Rall	2005-09-26 11:34:12 PDT

Messages per page:

subversion Discussion topic

[proposal] Add option for trusting server certs

Messages

subversion
Discussion topic