- changed 6 files
For non-interactive mode, allow fine-grained control over which SSLcertificate failures are considered fatal and which may be ignored.The --trust-server-cert option only accepts certificates signed by anunknown CA, and rejects certificates which fail for other reasons.However, in practice, people run into broken SSL configurations thattrigger other failure conditions such as hostname/CN mismatch, expiredcerts, etc. Sometimes they are not in a position to fix the problem themselvesand can't get work done (writing scripts) since SVN refuses to operate.This topic is one of the most discussed issues in the #svn IRC channel.Somewhat less so on the users@ mailing lists, though it also occurs there.There is no real reason to prefer one kind of failure condition overany other. An invalid cert is an invalid cert, regardless of why it failsvalidation. Ultimately, it is up to users to waive trust in SSL when itgets in the way in a particular situation. We should not be making thisdecision for them.Deprecate the --trust-server-cert option and add the following new optionsto 'svn', exposing all possible failure modes the underlying API can handle: --trust-unknown-ca : with --non-interactive, accept SSL server certificates from unknown certificate authorities --trust-cn-mismatch : with --non-interactive, accept SSL server certificates even if the server hostname does not match the certificate's common name attribute --trust-expired : with --non-interactive, accept expired SSL server certificates --trust-not-yet-valid : with --non-interactive, accept SSL server certificates from the future --trust-other-failure : with --non-interactive, accept SSL server certificates with failures other than the above* subversion/include/svn_cmdline.h (svn_cmdline_create_auth_baton2): Declare and document new parameters. (svn_cmdline_create_auth_baton): Deprecate.* subversion/libsvn_subr/cmdline.c (trust_server_cert_non_interactive_baton): New baton. (ssl_trust_unknown_server_cert): Rename to ... (trust_server_cert_non_interactive): .. this and implement generic validation failure checks according to flags passed in baton. (svn_cmdline_create_auth_baton): Move to libsvn_subr/deprecated.c. (svn_cmdline_create_auth_baton2): Implement new revision of this API with new options trust_server_cert_unknown_ca, trust_server_cert_cn_mismatch, trust_server_cert_expired, trust_server_cert_not_yet_valid, and trust_server_cert_other_failure.* subversion/libsvn_subr/deprecated.c (svn_cmdline_create_auth_baton): Implement as wrapper around svn_cmdline_create_auth_baton2.* subversion/svn/cl.h (svn_cl__opt_state_t): Add new options trust_server_cert_unknown_ca, trust_server_cert_cn_mismatch, trust_server_cert_expired, trust_server_cert_not_yet_valid, and trust_server_cert_other_failure. .* subversion/svn/svn.c (svn_cl__longopt_t): Add new options opt_trust_server_cert_unknown_ca, opt_trust_server_cert_cn_mismatch, opt_trust_server_cert_expired, opt_trust_server_cert_not_yet_valid, opt_trust_server_cert_other_failure. (svn_cl__options): Add options and help text for --trust-unknown-ca, --trust-cn-mismatch, --trust-expired, --trust-not-yet-valid, and --trust-other-failure. (svn_cl__global_options): Add the new options here. (sub_main): Process new options and use svn_cmdline_create_auth_baton2(). * subversion/tests/cmdline/getopt_tests_data/svn_help_log_switch_stdout: Adjust expected output.