Re: [PATCH]: Allow misc https cert for git-svnimport

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: Eric Wong <normalperson@yhbt•net>
To: "P. Christeas" <p_christ@hol•gr>
Cc: git@vger•kernel.org, Matthias Urlichs <smurf@smurf•noris.de>
Subject: Re: [PATCH]: Allow misc https cert for git-svnimport
Date: Tue, 2 May 2006 14:44:55 -0700	[thread overview]
Message-ID: <20060502214455.GA4591@hand.yhbt.net> (raw)
In-Reply-To: <200604281801.07155.p_christ@hol.gr>

"P. Christeas" <p_christ@hol•gr> wrote:
> Just had to access a server with a broken certificate (self signed), so I 
> added that patch to git-svnimport.

Matthias should know more about git-svnimport than I do :)

I'm not fully up-to-date on how the SVN:: modules work for this, nor do
I know off the top of my head an ssl svn server with a self-signed cert
to test with.  I just copied the ssl stuff off svn-mirror a while ago :)

> --- /usr/bin/git-svnimport	2006-04-13 09:39:39.000000000 +0300
> +++ /home/panos/bin/git-svnimport	2006-04-28 17:55:45.000000000 +0300
> @@ -96,9 +96,14 @@
>  sub conn {
>  	my $self = shift;
>  	my $repo = $self->{'fullrep'};
> -	my $auth = SVN::Core::auth_open ([SVN::Client::get_simple_provider,
> +# 	my $auth = SVN::Core::auth_open ([SVN::Client::get_simple_provider,
> +# 			  SVN::Client::get_ssl_server_trust_file_provider,
> +# 			  SVN::Client::get_ssl_server_trust_prompt_provider(\&_trust_callback),
> +# 			  SVN::Client::get_username_provider]);
> +	my $auth = [SVN::Client::get_simple_provider,
>  			  SVN::Client::get_ssl_server_trust_file_provider,
> -			  SVN::Client::get_username_provider]);
> +			  SVN::Client::get_ssl_server_trust_prompt_provider(\&_trust_callback),
> +			  SVN::Client::get_username_provider];
>  	my $s = SVN::Ra->new(url => $repo, auth => $auth);
>  	die "SVN connection to $repo: $!\n" unless defined $s;
>  	$self->{'svn'} = $s;
> @@ -125,6 +130,45 @@
>  	return $name;
>  }
>  
> +sub _trust_callback {
> +	my ($cred,$realm,$ifailed,$server_cert_info,$may_save) = @_;
> +	#$cred->accepted_failures($SVN::Auth::SSL::UNKNOWNCA);
> +	print "SSL certificate is not trusted: $ifailed \n";
> +	print "Fingerprint: " . $server_cert_info->fingerprint . "\n";
> +	print "Hostname:    ". $server_cert_info->hostname ;
> +	print " (MISMATCH)" if ( $ifailed & $SVN::Auth::SSL::CNMISMATCH);
> +	print "\n";
> +	
> +	print "Valid from:  ". $server_cert_info->valid_from;
> +	print " (NOT YET)" if ( $ifailed & $SVN::Auth::SSL::NOTYETVALID);
> +	print "\n";
> +	
> +	print "Valid until: ". $server_cert_info->valid_until;
> +	print " (EXPIRED)" if ( $ifailed & $SVN::Auth::SSL::EXPIRED);
> +	print "\n";
> +	
> +	print "Issuer:      ". $server_cert_info->issuer_dname;
> +	print " (UNKNOWN)" if ( $ifailed & $SVN::Auth::SSL::UNKNOWNCA);
> +	print "\n\n";
> +	
> +	print "Do you still want to accept that certificate? [y/N] ";
> +	my $accept = <STDIN>;
> +	chomp($accept);
> +	print "\n";
> +	if (($accept eq "y") or ($accept eq "Y" )) {
> +		$cred->accepted_failures($ifailed);
> +	# 	print "Save cert, so that it is accepted in future calls? [y/N] ";
> +	# 	my $mmsave = <STDIN>;
> +	# 	chomp($mmsave);
> +	# 	if (($mmsave eq "y") or ($mmsave eq "Y" )) {
> +	# 		$may_save = 1;
> +	# 	}
> +		print "\n";
> +	}
> +
> +}
> +
> +
>  package main;
>  use URI;
>  


-- 
Eric Wong

     prev parent reply	other threads:[~2006-05-02 21:44 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-28 15:01 [PATCH]: Allow misc https cert for git-svnimport P. Christeas
2006-05-02 21:44 ` Eric Wong [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060502214455.GA4591@hand.yhbt.net \
    --to=normalperson@yhbt$(echo .)net \
    --cc=git@vger$(echo .)kernel.org \
    --cc=p_christ@hol$(echo .)gr \
    --cc=smurf@smurf$(echo .)noris.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox