At 2016-10-22 21:29:59, "yuan lixin" <woo...@126.com> wrote:
The function "onSslServerTrustPrompt" is part of libsvncpp,
i put a few of it,the whole code is below:
/**
* @see svn_auth_ssl_server_trust_prompt_func_t
*/
static svn_error_t *
onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
void *baton,
const char *realm,
apr_uint32_t failures,
const svn_auth_ssl_server_cert_info_t *info,
svn_boolean_t may_save,
apr_pool_t *pool)
{
Data * data = NULL;
SVN_ERR(getData(baton, &data));
ContextListener::SslServerTrustData trustData(failures);
if (realm != NULL)
trustData.realm = realm;
trustData.hostname = info->hostname;
trustData.fingerprint = info->fingerprint;
trustData.validFrom = info->valid_from;
trustData.validUntil = info->valid_until;
trustData.issuerDName = info->issuer_dname;
trustData.maySave = may_save != 0;
if (data->listener == 0)
return svn_error_create(SVN_ERR_CANCELLED, NULL,
"invalid listener");
apr_uint32_t acceptedFailures;
ContextListener::SslServerTrustAnswer answer =
data->listener->contextSslServerTrustPrompt(
trustData, acceptedFailures);
if (answer == ContextListener::DONT_ACCEPT)
*cred = NULL;
else
{
svn_auth_cred_ssl_server_trust_t *cred_ =
(svn_auth_cred_ssl_server_trust_t*)
apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));
if (answer == ContextListener::ACCEPT_PERMANENTLY)
{
cred_->may_save = 1;
cred_->accepted_failures = acceptedFailures;
}
*cred = cred_;
}
return SVN_NO_ERROR;
}
At 2016-10-22 20:40:11, "Daniel Shahaf" <danie...@apache.org> wrote:
>yuan lixin wrote on Sat, Oct 22, 2016 at 20:26:42 +0800:
>> static svn_error_t *
>> onSslServerTrustPrompt(svn_auth_cred_ssl_server_trust_t **cred,
>> void *baton,
>> const char *realm,
>> apr_uint32_t failures,
>> const svn_auth_ssl_server_cert_info_t *info,
>> svn_boolean_t may_save,
>> apr_pool_t *pool)
>> {
>> svn_auth_cred_ssl_server_trust_t *cred_ =
>> (svn_auth_cred_ssl_server_trust_t*)
>> apr_palloc(pool, sizeof(svn_auth_cred_ssl_server_trust_t));
>
>Is this forward compatible? svn_auth_cred_ssl_server_trust_t doesn't
>have a constructor function, so if the above code is permissible, then
>we're not allowed to extend that struct type in minor releases.
>
>> cred_->may_save = 1;
>> cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.
>> cred_->may_save = 1;
>> cred_->accepted_failures = acceptedFailures;
>
>You may want to do (acceptedFailures & failures) so once you switch to
>a valid certificate, the cache will not record more "accepted
>failures" than are required.
Your idea is exact. the orignal code is:
https://github.com/nydehi/fluorescence/blob/master/src/updater/svncpp/context.cpp
https://github.com/nydehi/fluorescence/blob/master/src/updater/svn.cpp
