Switch branches/tags
Commits on May 27, 2015
  1. * CHANGES: Fix mismatched quotes.

    breser committed May 27, 2015
    Found by: danielsh
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on May 26, 2015
  1. * CHANGES: Bring 1.9.0 entries up to date to r1681318.

    breser committed May 26, 2015
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Apr 21, 2015
Commits on Apr 20, 2015
  1. * subversion/bindings/swig/INSTALL: Update to mention not to use 3.0.…

    breser committed Apr 20, 2015
    …0 or newer.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Apr 18, 2015
  1. * tools/dist/

    breser committed Apr 18, 2015
      (tool_versions): Lower SWIG back to 2.0.12.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. * build/ac-macros/swig.m4:

    breser committed Apr 18, 2015
      (SVN_FIND_SWIG): Update version warning on SWIG to complain about 3.0.0 and
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Apr 12, 2015
  1. Follow up r1673004, avoid parsing certificates multiple times.

    breser committed Apr 12, 2015
    * subversion/svn/auth-cmd.c
      (match_certificate): pass the certinfo back to the caller and
        allocate it in a result_pool.
      (match_credential): Add parameters to pass into match_certificate()
        and adjust the match_certificate() calls.
      (show_cert): Add a certinfo argument and shortcut parsing if the
        certinfo is already filled.
      (list_credential): Add a certinfo argument to pass into show_cert()
        and adjust show_cert() call.
      (walk_credentials): Adjust calls to match_credential() and 
        list_credential() accordingly.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. Follow up r1673004, fix segfault when cert has no hostnames.

    breser committed Apr 12, 2015
    * subversion/svn/auth-cmd.c
      (match_certificate): hostnames can be NULL if the cert doesn't have
        a CN that looks like a hostname and has no Subject Alt Names.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  3. Fix two error leaks in X.509 parser.

    breser committed Apr 12, 2015
    * subversion/libsvn_subr/x509parse.c
      (x509_get_ext): when handling subject alt names, properly return
        unexpected errors.
      (svn_x509_parse_cert): correctly add a child error that was inadvertently
        being discarded.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  4. Allow the auth command to match on certificate subjects, issuers, dig…

    breser committed Apr 12, 2015
    and hostnames.  We had this functionality and I unintentionally removed it
    when converting to using the X.509 parser rather than storing the details
    * subversion/svn/auth-cmd.c
      (parse_certificate, match_certificate): New functions.
      (match_credential): Call match_certificate() instead of
        ignoring the certificate.
      (show_cert): Use parse_certificate() which was factored out
        of this function.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Apr 2, 2015
  1. Fix building with apr trunk by removing unnecessary header includes.

    breser committed Apr 2, 2015
    apr_thread_mutex.h is included by apr_allocator.h which is included
    by apr_pools.h.  This header is prone to circular references because
    it also includes apr_pools.h and despite efforts to prevent this
    it's blowing up clang pretty bad with apr trunk.  However, we don't
    need it at all because we always have apr_pools.h.
    * subversion/include/private/svn_mutex.h,
      subversion/libsvn_subr/pool.c:  Remove apr_thread_mutex.h include.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Apr 1, 2015
  1. Followup to r1668323: Unbreak trunk with serf trunk.

    breser committed Apr 1, 2015
    * subversion/libsvn_ra_serf/serf.c
      (load_config): Update an argument to use the new dual pools.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Mar 22, 2015
  1. Add missing POD directives to resolve pod2man warnings

    breser committed Mar 22, 2015
    * subversion/bindings/swig/perl/native/
      (svn_log_entry_t): Add missing "=over 4" and "=back" directives
    Patch by: James McCoy <jamessan{_AT_}>
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Mar 10, 2015
  1. * subversion/tests/cmdline/svntest/

    breser committed Mar 10, 2015
      (_mod_dav_url_quoting_broken_versions): The quoting failures go all the way
        back to 2.4.5 when PR 54611 was "fixed."
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. * subversion/tests/cmdline/svntest/

    breser committed Mar 10, 2015
      (_mod_dav_url_quoting_broken_versions): Expand set to include the versions
        impacted by either Apache httpd PR 56480 or PR 55397.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Mar 5, 2015
  1. * CHANGES: Use a consistent style, reorder major changes based on wha…

    breser committed Mar 5, 2015
    …t I expect
       most users would care about, remove r1562417 change that was implicitly
       reverted by r1653032.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Mar 4, 2015
  1. * CHANGES: Remove two javahl entries that are internal implementation…

    breser committed Mar 4, 2015
    … details.
    Suggested by: brane
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. * CHANGES: Fix a typo.

    breser committed Mar 4, 2015
    Found by: brane
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  3. * CHANGES: Bring up to date with 1.9.x branch. This probably needs so…

    breser committed Mar 4, 2015
    …me more
    proof reading and could use some review by people with complex changes.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Feb 18, 2015
Commits on Feb 10, 2015
  1. Resolve some edge cases of parsing X.509 certificates.

    breser committed Feb 10, 2015
    Multiple attributes of the a Subject or Issuer with the same object id.
    Overflow of an object id segment.
    Leading zeros in an object id segment.
    * subversion/include/svn_x509.h
       SVN_X509_OID_EMAIL): Change from string representations to DER encoded
        object ids.
      (svn_x509_name_attr_t): New opaque struct for storing an attribute
        object id and value pair.
      (svn_x509_name_attr_dup, svn_x509_name_attr_get_oid,
       svn_x509_name_attr_get_value, svn_x509_certinfo_get_subject_attrs,
       svn_x509_certinfo_get_issuer_attrs, svn_x509_oid_to_string): New functions.
      (svn_x509_certinfo_get_subject_oids, svn_x509_certinfo_get_issuer_oids):
    * subversion/libsvn_subr/x509.h
      (svn_x509_name_attr_t): Add struct.
      (svn_x509_certinfo_t): Remove issuer_oids and subject_oids members and
        make issuer and subject members into an array.
    * subversion/libsvn_subr/x509info.c
      (svn_x509_name_attr_dup, deep_copy_name_attrs,
       svn_x509_certinfo_get_issuer_attrs): New functions.
      (deep_copy_hash, svn_x509_certinfo_get_subject_oids,
       svn_x509_certinfo_get_subject_attr, svn_x509_certinfo_get_issuer_oids,
       svn_x509_certinfo_get_issuer_attr): Remove functions.
      (svn_x509_certinfo_dup): Update to reflect changes to the certinfo
      (asn1_oid): Use the DER encoding of the object id and not a string of dotted
        decimal values for the oid.
      (CONSTANT_PAIR): Convenience macro.
      (asn1_oids): Adjust for the changes to the struct.
      (svn_x509_oid_to_string): Moved from asn1_oid_to_strin() and deal with
        overflows and leading zeros.
      (oid_string_to_asn1_oid): Rename to ...
      (oid_to_asn1_oid): ... and adjust to use DER oids instead of strings.
      (oid_string_to_best_label): Rename to ...
      (oid_to_best_label): ... and adjust to use DER oids instead of strings.
      (get_dn, svn_x509_certinfo_get_subject, svn_x509_certinfo_get_issuer):
        Adjust to use the new array of svn_x509_name_attr_t instead of an array and
        hash for the attributes.
    * subversion/libsvn_subr/x509parse.c
      (asn1_oid_to_string): Moved to svn_x509_oid_to_string().
      (x509_name_to_certinfo): Adjust to reflect the change to the certinfo struct.
      (x509parse_get_cn): New function to retrieve the common name.
      (x509parse_get_hostnames): Use x509parse_get_cn().
      (svn_x509_parse_cert): Reflect changes to certinfo struct.
    * subversion/tests/libsvn_subr/x509-test.c
      (cert_tests): Add tests for edge cases repaired by this commit.
      (compare_oids, compare_results): Update to reflect the API changes.
      (broken_cert_tests, test_x509_parse_cert_broken, test_funcs): Disable the XFAIL
        test setup since we have none now.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Jan 30, 2015
  1. Add a x509-parser command to the tools/dev directory.

    breser committed Jan 30, 2015
    Intended to make it easy to try our X.509 parser out on various certificates
    in files or from stdin.
    * build.conf
      (x509-parser): Add the command to the build.
    * tools/dev/x509-parser.c: New file
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. Fix the X.509 parser to support multiple Relative Distinguished Names…

    breser committed Jan 30, 2015
    … (RDN).
    Certificates of this nature can be somewhat questionable as to their validity,
    but for our purposes it's irrelevant and sometimes people generate certificates
    this way.  So simply accept them and ignore the minor semantic difference.
    * subversion/libsvn_subr/x509parse.c
      (x509_get_attribute): New function.
      (x509_get_name): Remove the code that went into x509_get_attribute() and
        iterate over the members of the RDN set.  Adjust some variables and
        comments variables to be clearer in the process.
    * subversion/tests/libsvn_subr/x509-test.c
      (cert_tests): Add the cert from Chromium's test suite for this.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  3. Try to parse issuerUniqueID, subjectUniqueID and

    breser committed Jan 30, 2015
    extensions for every X.509 certificate version (v1, v2 and v3).
    If they aren't present, we are fine, but we don't want to throw an error if
    they are.  v1 and v2 certificates with the corresponding extra fields are
    ill-formed per RFC 5280 s. 4.1, but we suspect they could exist in the real
    world.  Other X.509 parsers (e.g., within OpenSSL or Microsoft CryptoAPI)
    aren't picky about these certificates.  As long as we are only willing to
    display the certificate data in the 'svn auth' command, we can also be less
    strict about them.
    * subversion/libsvn_subr/x509parse.c
      (svn_x509_parse_cert): Try to parse issuerUniqueID, subjectUniqueID and
       extensions for all known X.509 versions (v1, v2, v3).
      (x509parse_get_hostnames): Do not check CRT->DNSNAMES for null, because
       it is no longer necessary.
      (cert_tests): Add a new test case.
    Patch by: kotkov
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  4. Merge the svn-auth-x509 branch to trunk.

    breser committed Jan 30, 2015
    This adds an X.509 parser which we use to display certificates via the auth
    command rather than storing the details provided by serf from a connection.
    * LICENSE,
      NOTICE: Note that the X.509 parser is based on the parser from TropicSSL.
    * build.conf
      (libsvn_subr): Add svn_x509.h header to msvc-export.
      (x509-test, __ALL_TESTS__): Add C tests for X.509 parser.
    * subversion/include/private/svn_utf_private.h
      (svn_utf__encode_ucs4_string, svn_utf__utf16_to_utf8,
       svn_utf__utf32_to_utf8): New functions for converting various Unicode
         character encodings needed by the X.509 parser.
    * subversion/include/svn_x509.h: New header.
    * subversion/include/svn_error_codes.h
      (SVN_ERR_X509_CATEGORY_START): New category for errors from X.509 parser.
        New error codes.
    * subversion/include/svn_config.h
       SVN_CONFIG_AUTHN_ISSUER_DN_KEY): Remove constants used as keys for
        storing parsed certificate info in authn files.
    * subversion/libsvn_subr/x509parse.c,
      subversion/include/x509.h: New files for implementing the X.509 parser.
    * subversion/libsvn_subr/ssl_server_trust_providers.c
       ssl_server_trust_file_save_credentials): Don't store/retrive parsed
        details of X.509 certificates.
    * subversion/libsvn_subr/utf.c
      (membuf_insert_ucs4, svn_utf__utf16_to_utf8, svn_utf__utf32_to_utf8):
        New functions to implement Unicode conversions.
    * subversion/libsvn_subr/utf8proc.c
      (encode_ucs4_string): Convert to the private function ...
      (svn_utf__encode_ucs4_string): New function.
      (svn_utf__glob): Update caller.
    * subversion/svn/auth-cmd.c
      (match_credential): Remove code to match the hostname/fingerprint since
        the data isn't stored.
      (show_cert): New function to drive the X.509 parser and then display
        the certificate to the user.
      (list_credential): Use show_cert().
    * subversion/tests/libsvn_subr/utf-test.c
      (test_utf_conversions, test_funcs): Add tests for new unicode character
        set conversions.
    * subversion/tests/libsvn_subr/x509-test.c: Add tests for X.509 parser.
    [in subverison/bindings/javahl]
    * native/jniwrapper/jni_base.cpp,
        Add IllegalArgumentException exeption.
    * native/AuthnCallback.cpp,
      (AuthnCallback::SSLServerCertInfo): Update the getters and constructor to
        reflect the info available from the X.509 parser.
    * native/org_apache_subversion_javahl_util_ConfigLib.cpp
      (build_credential): Update to feed AuthnCallback::SSLServerCertInfo the info
        that is available.
        Update the searching of the certificates to parse the certificate rather
        than depending on the stored data.
    * src/org/apache/subversion/javahl/
      (SVNUtil.searchCredentials): Update hostnamePattern documentation.
    * native/Promper.cpp
      (Prompter::dispatch_ssl_server_trust_prompt): Update to reflect changes
        to SSLServerCertInfo.
    * src/org/apache/subversion/javahl/util/ Remove some commented
        out code.
    * tests/org/apache/subversion/javahl/
      (util_cred_ssl_server, testCredentials): Update tests as needed.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Jan 27, 2015
  1. On the 'svn-auth-x509' branch, add a test for overflow in object ids.

    breser committed Jan 27, 2015
    This test is currently XFAIL.  I'll commit the fix tomorrow.
    * subversion/tests/libsvn_subr/x509-test.c
      (broken_cert_tests, test_x509_parse_cert_broken): New test.
      (test_funcs): Add the new test.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Jan 19, 2015
  1. On 'svn-auth-x509' branch, Add a test for v1 certificates which we cr…

    breser committed Jan 19, 2015
    …ashed on
    prior to r1619861.
    * subversion/tests/libsvn_subr/x509-test.c
      (cert_tests): New test case.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Jan 13, 2015
  1. Silence a warning by casting to the appropriate type.

    breser committed Jan 13, 2015
    * subversion/tests/libsvn-fs_fs/fs-fs-fuzzy-test.c
      (fuzzing_1_byte_1_rev): Cast an apr_off_t to apr_uint64_t in order
        to use the APR_UINT64_T_HEX_FMT since there is no APR_OFF_T_FMT.
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Dec 9, 2014
  1. * CHANGES: Update 1.8.11 entries.

    breser committed Dec 9, 2014
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
  2. * CHANGES: Update 1.7.19 entries

    breser committed Dec 9, 2014
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68
Commits on Dec 6, 2014
  1. * Bump suggested serf version to 1.3.8

    breser committed Dec 6, 2014
    git-svn-id: 13f79535-47bb-0310-9956-ffa450edef68