Author: rhuijben
Date: Tue Jan 17 14:02:35 2012
New Revision: 1232413
URL: http://svn.apache.org/viewvc?rev=1232413&view=rev
Log:
Improve certificate failure reporting in libsvn_ra_serf by collecting results
the same way as neon.
* subversion/libsvn_ra_serf/ra_serf.h
(server_cert_failures): New variable.
* subversion/libsvn_ra_serf/serf.c
(svn_ra_serf__open): Initialize new variable in connection.
* subversion/libsvn_ra_serf/util.c
(ssl_server_cert): Collect multiple failures to report them
in one place.
Modified:
subversion/trunk/subversion/libsvn_ra_serf/ra_serf.h
subversion/trunk/subversion/libsvn_ra_serf/serf.c
subversion/trunk/subversion/libsvn_ra_serf/util.c
Modified: subversion/trunk/subversion/libsvn_ra_serf/ra_serf.h
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/ra_serf.h?rev=1232413&r1=1232412&r2=1232413&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/ra_serf.h (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/ra_serf.h Tue Jan 17 14:02:35
2012
@@ -78,6 +78,7 @@ typedef struct svn_ra_serf__connection_t
/* Are we using ssl */
svn_boolean_t using_ssl;
+ int server_cert_failures; /* Collected cert failures in chain */
/* Should we ask for compressed responses? */
svn_boolean_t using_compression;
Modified: subversion/trunk/subversion/libsvn_ra_serf/serf.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/serf.c?rev=1232413&r1=1232412&r2=1232413&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/serf.c (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/serf.c Tue Jan 17 14:02:35 2012
@@ -403,6 +403,7 @@ svn_ra_serf__open(svn_ra_session_t *sess
serf_sess->conns[0]->last_status_code = -1;
serf_sess->conns[0]->using_ssl = serf_sess->using_ssl;
+ serf_sess->conns[0]->server_cert_failures = 0;
serf_sess->conns[0]->using_compression = serf_sess->using_compression;
serf_sess->conns[0]->hostname = url.hostname;
serf_sess->conns[0]->useragent = NULL;
Modified: subversion/trunk/subversion/libsvn_ra_serf/util.c
URL:
http://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_ra_serf/util.c?rev=1232413&r1=1232412&r2=1232413&view=diff
==============================================================================
--- subversion/trunk/subversion/libsvn_ra_serf/util.c (original)
+++ subversion/trunk/subversion/libsvn_ra_serf/util.c Tue Jan 17 14:02:35 2012
@@ -271,6 +271,8 @@ ssl_server_cert(void *baton, int failure
/* Implicitly approve any non-server certs. */
if (serf_ssl_cert_depth(cert) > 0)
{
+ if (failures)
+ conn->server_cert_failures |= ssl_convert_serf_failures(failures);
return APR_SUCCESS;
}
@@ -295,7 +297,8 @@ ssl_server_cert(void *baton, int failure
cert_info.issuer_dname = convert_organisation_to_str(issuer, scratch_pool);
cert_info.ascii_cert = serf_ssl_cert_export(cert, scratch_pool);
- svn_failures = ssl_convert_serf_failures(failures);
+ svn_failures = (ssl_convert_serf_failures(failures)
+ | conn->server_cert_failures);
/* Try to find matching server name via subjectAltName first... */
if (san) {
