Sigfred Håversen <bsdlist@mumak.com> (sigfred)
| Found |
Patch |
Suggested |
|
r861477,
r859057 |
r859349,
r859339,
r859338,
r852205,
r852204,
r852148,
r852134,
r852130,
r851811,
r851810,
r851809,
r851767 |
r857167 |
r851767 | mbk | 2004-10-31 22:57:04 +0000 (Sun, 31 Oct 2004)
Initial SSL implementation. This change does not represent the
intended end-state; several pieces of work remain, including
significant modularization and configuration and build-system
integration.
Patch by: Sigfred Haversen <bsdlist@mumak.com>
(Tweaked by me.)
* subversion/include/svn_error_codes.h
(SVN_ERR_RA_SVN_SSL_INIT, SVN_ERR_RA_SVN_SSL_ERROR): New error codes.
* subversion/include/svn_base64.h
(svn_base64_from_buffer): New function prototype.
* subversion/include/svn_ra_svn.h
(SVN_RA_SVN_CAP_SSL): Macro for new svn protocol transceiver
capability: "ssl".
(svn_ra_svn_ssl_init, svn_ra_svn_ssl_accept, svn_ra_svn_ssl_connect): New
function prototypes.
* subversion/libsvn_subr/svn_base64.c
(svn_base_64_from_buffer): New function, generalized from
svn_base_64_from_md5.
(svn_base_64_from_md5): Update to call the more general function.
* subversion/libsvn_ra_svn/client.c
Add #include "svn_base64.h")
Add #include <openssl/x509v3.h>
(ra_svn_session_baton_t): Add "hostname" and "ssl_ctx" members.
(auth_response): Include SVN_RA_SVN_CAP_SSL in response.
(asn1time_to_string): New function. Really.
(match_hostname, verify_hostname, fill_server_cert_info, do_ssl_auth,
init_ssl_ctx): New functions.
(ra_svn_open): Initialize new baton members. Update comment.
Include SVN_RA_SVN_CAP_SSL in capabilities sent to server, and
set up SSL connection if both endpoints are capable.
* subversion/libsvn_ra_svn/marshal.c
(svn_ra_svn_create_conn): Initialize new conn members.
(do_ssl_operation, readbuf_input_ssl, writebuf_output_ssl,
network_biopair_interop, cleanup_ssl, svn_ra_svn_ssl_init
svn_ra_svn_ssl_accept, svn_ra_svn_ssl_connect): New functions.
(svn_ra_svn__input_waiting): Call do_ssl_operation on SSL connections.
(writebuf_output): Call writebuf_output_ssl on SSL connections.
(readbuf_input): Call readbuf_input_ssl on SSL connections.
* subversion/libsvn_ra_svn/ra_svn.h
Add #include <openssl/ssl.h>
Add #include <openssl/bio.h>
(struct svn_ra_svn_conn_st): Add new members: "use_ssl", "ssl",
"internal_bio", and "network_bio".
* subversion/svnserve/main.c
Add #include <openssl/err.h>
(SVNSERVE_OPT_CERT_FILE, SVNSERVE_OPT_KEY_FILE): New getopt option code
macros.
(svnserver__options): Add entries for "cert-file" and "key-file".
(ssl_last_error, init_ssl_ctx, destroy_ssl_ctx): New functions.
(main): Add variables to hold values for new options. Initialize
new params members. Handle new options in getopt switch. Initialize
the SSL context when necessary, and destroy it before exiting normally.
* subversion/svnserve/serve.c
(server_baton_t): New member: "ssl_ctx".
(serve): Copy ssl_ctx out of params and into the server baton.
When SSL is configured for this server: send a version-2-only greeting,
include SVN_RA_SVN_CAP_SSL in the capabilities list sent to the client,
throw an error if a client insists on version 1 or if the client
doesn't have the SVN_RA_SVN_CAP_SSL capabability, and handle the normal
setup of the SSL connection.
* subversion/svnserve/server.h
Add #include <openssl/ssl.h>
(serve_params_t): New members: "ssl_layer" and "ssl_ctx".
r851809 | mbk | 2004-11-03 15:04:04 +0000 (Wed, 03 Nov 2004)
Allow clients without SSL capability to connect to an svnserve with SSL
capability.
Patch by: Sigfred Haverson <bsdlist@mumak.com>
* subversion/svnserve/serve.c
(server): Revert to normal behaviour if client lacks SSL capabilities.
r851810 | mbk | 2004-11-03 15:11:27 +0000 (Wed, 03 Nov 2004)
Patch by: Sigfred Haverson <bsdlist@mumak.com>
* subversion/libsvn_ra_svn/marshal.c
(writebuf_output_ssl): Only write buffers with positive sizes.
r851811 | mbk | 2004-11-03 15:20:26 +0000 (Wed, 03 Nov 2004)
Formatting cleanups.
Patch by: Sigfred Haverson <bsdlist@mumak.com>
* subversion/libsvn_ra_svn/client.c
(asn1time_to_string): Fix comment.
(match_hostname): Fix comment.
(verify_hostname): Fix comments.
(fill_server_cert_info): Fix comment. Wrap long line.
(do_ssl_auth): Fix comment.
* subversion/libsvn_ra_svn/marshal.c
(network_biopair_interop): Fix comments.
(do_ssl_operation): Fix comments/indentation.
(cleanup_ssl): Fix comment/indentation.
(svn_ra_svn_ssl_init): Fix comments.
* subversion/svnserve/main.c
(init_ssl_ctx): Fix comment. Remove extra blank line.
(main): Wrap long line.
r852130 | mbk | 2004-11-27 21:52:06 +0000 (Sat, 27 Nov 2004)
Add configure-time discovery of OpenSSL availability.
Patch by: Sigfred Haversen <bsdlist@mumak.com>
(Tweaked by me.)
* Makefile.in
Add SVN_SSL_LIBS and SVN_SSL_INCLUDES, to be populated by
configure.
* build.conf
([svn]): Add ssl to libs.
([libsvn_ra_svn]): Add ssl to libs.
([svnserve]): Add ssl to libs.
([ssl]): New section.
* build/ac-macros/ssl.4
New file.
* configure.in
Include build/ac-macros/ssl.m4, and call SVN_LIB_SSL.
#define SVN_HAVE_SSL when appropriate.
* svn-config.in
Add SVN_SSL_LIBS and SVN_SSL_INCLUDES, to be populated by
configure.
r852134 | mbk | 2004-11-28 04:10:11 +0000 (Sun, 28 Nov 2004)
Add two new methods to the stream interface.
Patch by: Sigfred Haversen <bsdlist@mumak.com>
* subversion/include/svn_io.h
(svn_timeout_fn_t, svn_data_pending_fn_t): New callback types.
(svn_stream_set_timeout, svn_stream_set_data_pending,
svn_stream_timeout, svn_stream_data_pending): New prototypes.
* subversion/libsvn_subr/stream.c
(struct svn_stream_t): Add timeout_fn and data_pending_fn members.
(svn_stream_create): Initialize new members.
(svn_stream_set_timeout, svn_stream_set_data_pending,
svn_stream_timeout, svn_stream_data_pending): New functions.
r852148 | mbk | 2004-11-28 22:48:59 +0000 (Sun, 28 Nov 2004)
Encapsulate the i/o channels managed by libsvn_ra_svn as streams.
Use this encapsulation to more cleanly separate the SSL integration
logic from the rest of the library.
Patch by: Sigfred Haversen <bsdlist@mumak.com>
me
* subversion/libsvn_ra_svn/streams.c
New file.
* subversion/libsvn_ra_svn/ssl.c
New file.
* subversion/libsvn_ra_svn/ra_svn_ssl.h
New file.
* subversion/libsvn_ra_svn/ra_svn.h
Remove #include <openssl/ssl.h>
Remove #include <openssl/bio.h>
(svn_ra_svn_conn_st): Replace sock, in_file, out_file, proc, use_ssl,
ssl, internal_bio, and network_bio members with in_stream and out_stream.
(svn_ra_svn__sock_streams, svn_ra_svn__file_streams): New prototypes.
* subversion/libsvn_ra_svn/client.c
Remove #include "ra_svn.h"
Add #include "ra_svn_ssl.h"
Remove #include <openssl/x509v3.h>
(ra_svn_session_baton_t): Remove ssl_ctx.
(asn1time_to_string, match_hostname, verify_hostname): Move to ssl.c
(fill_server_cert_info): Move to ssl.c, rename to
svn_ra_svn__fill_server_cert_info, replace session baton parameter
with ssl_conn.
(do_ssl_auth): Update call to fill_server_cert_info.
(make_tunnel): Remove initialization of conn->proc.
(init_ssl_ctx): Move to ssl.c, rename to svn_ra_svn__init_ssl_ctx,
replace session baton parameter with ssl_conn, remove config parameter.
(destroy_ssl_ctx): Move to ssl.c
(ra_svn_open): Remove initialization of sess->ssl_ctx, update to use
new ssl interface.
* subversion/libsvn_ra_svn/marshal.c
Add #include "svn_io.h"
(do_ssl_operation): Remove prototype and implementation.
(svn_ra_svn_create_conn): Remove initialization of sock/file/ssl
members, instead initialize conn->in_stream and conn->out_stream
as appropriate.
(svn_ra_svn__set_block_handler): Call the new svn_stream_timeout()
function, rather than its file/socket analogs.
(svn_ra_svn__input_waiting): Call svn_stream_data_pending(), rather
than its file/socket/ssl analogs.
(writebuf_output_ssl, readbuf_input_ssl): Remove.
(writebuf_output, readbuf_input): Use stream interface rather than
file/socket/ssl functions.
(network_biopair_interop): Move to ssl.c, change parameter type to
ssl_conn_t rather than svn_ra_svn_conn_t, update to use stream
interface rather than socket functions.
(do_ssl_operation): Move to ssl.c, change parameter type to
ssl_conn_t rather than svn_ra_svn_conn_t.
(cleanup_ssl, svn_ra_svn_ssl_start): Move to ssl.c
(svn_ra_svn_ssl_init): Move to ssl.c, rename to
svn_ra_svn__setup_ssl_conn, add ssl_conn_t output parameter.
(svn_ra_svn_ssl_accept): Remove.
(svn_ra_svn_ssl_connect): Move to ssl.c, rename to
svn_ra_svn__ssl_connect.
r852204 | sigfred | 2004-12-02 19:43:51 +0000 (Thu, 02 Dec 2004)
* COMMITTERS: Add Sigfred Haversen for svnserve-ssl branch.
r852205 | sigfred | 2004-12-02 21:27:42 +0000 (Thu, 02 Dec 2004)
* COMMITTERS: Add accidental removed magic chars in r12130.
r857167 | djames | 2005-10-29 16:39:08 +0000 (Sat, 29 Oct 2005)
* build/generator/gen_make.py
(Generator.write): Avoid usage of $< in SWIG header wrapper generator rules,
so that our Makefile will be compatible with BSD make.
Suggested by: Sigfred Haversen <bsdlist@mumak.com>
r859057 | dlr | 2006-03-22 03:26:19 +0000 (Wed, 22 Mar 2006)
A follow-up to r17910 (r18156 on the 1.3.x branch) to allow
libsvn_swig_py to link on OpenBSD. Linking with Python 2.3 needs the
-L /.../config and -lpython2.3 arguments. (Unsure what happens on
OpenBSD with a version of Python which has no lipython2.X.so -- it's
apparently been removed from the ports tree.)
A more correct fix down the road for cases like OpenBSD should be to
inspect the tool chain (e.g. linker, Python library version, etc.),
rather than the OS.
* build/get-py-info.py
(link_options): Add -LSTATIC_LIDIR and -lpythonVER arguments on
OpenBSD.
Found by: Sigfred H. <bsdlist@mumak.com>
r859338 | mbk | 2006-04-08 15:31:41 +0000 (Sat, 08 Apr 2006)
Encapsulate ra_svn's i/o with a stream-based wrapper.
This does clean things up slightly, but it is principally to
facilitate the subsequent introduction of an SSL integration
layer.
Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)
* subversion/libsvn_ra_svn/client.c
(make_tunnel): Remove (now)-obsolete population of the connections "proc"
member.
* subversion/libsvn_ra_svn/streams.c: New file.
* subversion/libsvn_ra_svn/marshal.c:
#include "svn_io.h"
(svn_ra_svn_create_conn): Don't initialize obsolete members of the
connection, instead use the new svn_ra_svn__stream_pair_from_* functions
to initialize the new stream members.
(svn_ra_svn__set_block_handler, svn_ra_svn__input_waiting, writebuf_output,
readbuf_input): Use the stream API on the new members, rather than the
APR socket and pipe APIs on the old.
* subversion/libsvn_ra_svn/ra_svn.h
(SVN_RA_SVN__IOCTL_TIMEOUT, SVN_RA_SVN__IOCTL_PENDING): New macros.
(struct svn_ra_svn_conn_st): Remove "in_file", "out_file", and "proc"
members in favor of "in_stream" and "out_stream".
(svn_ra_svn__stream_pair_from_sock, svn_ra_svn__stream_pair_from_files):
New function prototypes.
r859339 | mbk | 2006-04-08 15:42:19 +0000 (Sat, 08 Apr 2006)
Add configury for OpenSSL detection.
Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)
* Makefile.in
(SVN_SSL_LIBS): New autoconf-provided macro.
(INCLUDES): Updated to include SVN_SSL_INCLUDES, an autoconf-provided
macro.
* build.conf
([svn], [svnserve]): Add dependant library "ssl".
([ssl]): New library definition.
* configure.in: Add call to SVN_LIB_SSL.
* build/ac-macros/ssl.m4: New file.
* aclocal.m4: Include build/ac-macros/ssl.m4.
r859349 | mbk | 2006-04-08 23:26:19 +0000 (Sat, 08 Apr 2006)
Add client-side support for SSL in the Subversion protocol.
Note: this implementation won't be useful until server-side
support is added.
Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)
* subversion/include/svn_error_codes.h
(SVN_ERR_RA_SVN_SSL_INIT, SVN_ERR_RA_SVN_SSL_ERROR): New errors.
* subversion/include/svn_ra_svn.h
(SVN_RA_SVN_CAP_STARTTLS): New macro.
* subversion/libsvn_ra_svn/client.c
(ra_svn_session_baton_t): Add "hostname" member.
(do_auth): Handle "STARTTLS" mechanism.
(open_session): Store uri->hostname in sess, and present
SVN_RA_SVN_CAP_STARTTLS to the server as a capability.
* subversion/libsvn_ra_svn/ssl.c: New file.
* subversion/libsvn_ra_svn/ra_svn.h:
#include "svn_auth.h"
(svn_ra_svn__conn_ssl_client): New function prototype.
r861477 | glasser | 2006-09-10 18:57:49 +0000 (Sun, 10 Sep 2006)
Fix a typo introduced in the backport (r20979) of r20940.
Found by: Sigfred Håversen
* build.conf
(svnsync): Set the 'manpages' section variable correctly.