Sigfred Håversen <bsdlist@mumak.com> (sigfred)


Found Patch Suggested
r861477, r859057 r859349, r859339, r859338, r852205, r852204, r852148, r852134, r852130, r851811, r851810, r851809, r851767 r857167

r851767 | mbk | 2004-10-31 22:57:04 +0000 (Sun, 31 Oct 2004)

Initial SSL implementation.  This change does not represent the
intended end-state; several pieces of work remain, including
significant modularization and configuration and build-system
integration.

Patch by: Sigfred Haversen <bsdlist@mumak.com>
(Tweaked by me.)

* subversion/include/svn_error_codes.h
  (SVN_ERR_RA_SVN_SSL_INIT, SVN_ERR_RA_SVN_SSL_ERROR): New error codes.

* subversion/include/svn_base64.h
  (svn_base64_from_buffer): New function prototype.

* subversion/include/svn_ra_svn.h
  (SVN_RA_SVN_CAP_SSL): Macro for new svn protocol transceiver
   capability: "ssl".
  (svn_ra_svn_ssl_init, svn_ra_svn_ssl_accept, svn_ra_svn_ssl_connect): New
   function prototypes.

* subversion/libsvn_subr/svn_base64.c
  (svn_base_64_from_buffer): New function, generalized from
   svn_base_64_from_md5.
  (svn_base_64_from_md5): Update to call the more general function.

* subversion/libsvn_ra_svn/client.c
  Add #include "svn_base64.h")
  Add #include <openssl/x509v3.h>
  (ra_svn_session_baton_t): Add "hostname" and "ssl_ctx" members.
  (auth_response): Include SVN_RA_SVN_CAP_SSL in response.
  (asn1time_to_string): New function.  Really.
  (match_hostname, verify_hostname, fill_server_cert_info, do_ssl_auth,
   init_ssl_ctx): New functions.
  (ra_svn_open): Initialize new baton members.  Update comment.
   Include SVN_RA_SVN_CAP_SSL in capabilities sent to server, and
   set up SSL connection if both endpoints are capable.

* subversion/libsvn_ra_svn/marshal.c
  (svn_ra_svn_create_conn): Initialize new conn members.
  (do_ssl_operation, readbuf_input_ssl, writebuf_output_ssl,
   network_biopair_interop, cleanup_ssl, svn_ra_svn_ssl_init
   svn_ra_svn_ssl_accept, svn_ra_svn_ssl_connect): New functions.
  (svn_ra_svn__input_waiting): Call do_ssl_operation on SSL connections.
  (writebuf_output): Call writebuf_output_ssl on SSL connections.
  (readbuf_input): Call readbuf_input_ssl on SSL connections.

* subversion/libsvn_ra_svn/ra_svn.h
  Add #include <openssl/ssl.h>
  Add #include <openssl/bio.h>
  (struct svn_ra_svn_conn_st): Add new members: "use_ssl", "ssl",
   "internal_bio", and "network_bio".

* subversion/svnserve/main.c
  Add #include <openssl/err.h>
  (SVNSERVE_OPT_CERT_FILE, SVNSERVE_OPT_KEY_FILE): New getopt option code
   macros.
  (svnserver__options): Add entries for "cert-file" and "key-file".
  (ssl_last_error, init_ssl_ctx, destroy_ssl_ctx): New functions.
  (main): Add variables to hold values for new options.  Initialize
   new params members.  Handle new options in getopt switch.  Initialize
   the SSL context when necessary, and destroy it before exiting normally.
 
* subversion/svnserve/serve.c
  (server_baton_t): New member: "ssl_ctx".
  (serve): Copy ssl_ctx out of params and into the server baton.
   When SSL is configured for this server: send a version-2-only greeting,
   include SVN_RA_SVN_CAP_SSL in the capabilities list sent to the client,
   throw an error if a client insists on version 1 or if the client
   doesn't have the SVN_RA_SVN_CAP_SSL capabability, and handle the normal
   setup of the SSL connection.

* subversion/svnserve/server.h
  Add #include <openssl/ssl.h>
  (serve_params_t): New members: "ssl_layer" and "ssl_ctx".


r851809 | mbk | 2004-11-03 15:04:04 +0000 (Wed, 03 Nov 2004)

Allow clients without SSL capability to connect to an svnserve with SSL
capability.  

Patch by: Sigfred Haverson <bsdlist@mumak.com>

* subversion/svnserve/serve.c
  (server):  Revert to normal behaviour if client lacks SSL capabilities.


r851810 | mbk | 2004-11-03 15:11:27 +0000 (Wed, 03 Nov 2004)

Patch by: Sigfred Haverson <bsdlist@mumak.com>

* subversion/libsvn_ra_svn/marshal.c
  (writebuf_output_ssl): Only write buffers with positive sizes.


r851811 | mbk | 2004-11-03 15:20:26 +0000 (Wed, 03 Nov 2004)

Formatting cleanups.

Patch by: Sigfred Haverson <bsdlist@mumak.com>

* subversion/libsvn_ra_svn/client.c
  (asn1time_to_string): Fix comment.
  (match_hostname): Fix comment.
  (verify_hostname): Fix comments.
  (fill_server_cert_info): Fix comment.  Wrap long line.
  (do_ssl_auth): Fix comment.

* subversion/libsvn_ra_svn/marshal.c
  (network_biopair_interop): Fix comments.
  (do_ssl_operation): Fix comments/indentation.
  (cleanup_ssl): Fix comment/indentation.
  (svn_ra_svn_ssl_init): Fix comments.

* subversion/svnserve/main.c
  (init_ssl_ctx): Fix comment.  Remove extra blank line.
  (main): Wrap long line.


r852130 | mbk | 2004-11-27 21:52:06 +0000 (Sat, 27 Nov 2004)

Add configure-time discovery of OpenSSL availability.

Patch by: Sigfred Haversen <bsdlist@mumak.com>
(Tweaked by me.)

* Makefile.in
  Add SVN_SSL_LIBS and SVN_SSL_INCLUDES, to be populated by
  configure.

* build.conf
  ([svn]): Add ssl to libs.
  ([libsvn_ra_svn]): Add ssl to libs.
  ([svnserve]): Add ssl to libs.
  ([ssl]): New section.

* build/ac-macros/ssl.4
  New file.

* configure.in
  Include build/ac-macros/ssl.m4, and call SVN_LIB_SSL.
  #define SVN_HAVE_SSL when appropriate.

* svn-config.in
  Add SVN_SSL_LIBS and SVN_SSL_INCLUDES, to be populated by
  configure.


r852134 | mbk | 2004-11-28 04:10:11 +0000 (Sun, 28 Nov 2004)

Add two new methods to the stream interface.

Patch by: Sigfred Haversen <bsdlist@mumak.com>

* subversion/include/svn_io.h
  (svn_timeout_fn_t, svn_data_pending_fn_t): New callback types.
  (svn_stream_set_timeout, svn_stream_set_data_pending,
   svn_stream_timeout, svn_stream_data_pending): New prototypes.

* subversion/libsvn_subr/stream.c
  (struct svn_stream_t): Add timeout_fn and data_pending_fn members.
  (svn_stream_create): Initialize new members.
  (svn_stream_set_timeout, svn_stream_set_data_pending,
   svn_stream_timeout, svn_stream_data_pending): New functions.


r852148 | mbk | 2004-11-28 22:48:59 +0000 (Sun, 28 Nov 2004)

Encapsulate the i/o channels managed by libsvn_ra_svn as streams.
Use this encapsulation to more cleanly separate the SSL integration
logic from the rest of the library.

Patch by: Sigfred Haversen <bsdlist@mumak.com>
          me

* subversion/libsvn_ra_svn/streams.c
  New file.

* subversion/libsvn_ra_svn/ssl.c
  New file.

* subversion/libsvn_ra_svn/ra_svn_ssl.h
  New file.

* subversion/libsvn_ra_svn/ra_svn.h
  Remove #include <openssl/ssl.h>
  Remove #include <openssl/bio.h>
  (svn_ra_svn_conn_st): Replace sock, in_file, out_file, proc, use_ssl,
   ssl, internal_bio, and network_bio members with in_stream and out_stream.
  (svn_ra_svn__sock_streams, svn_ra_svn__file_streams): New prototypes.

* subversion/libsvn_ra_svn/client.c
  Remove #include "ra_svn.h"
  Add #include "ra_svn_ssl.h"
  Remove #include <openssl/x509v3.h>
  (ra_svn_session_baton_t): Remove ssl_ctx.
  (asn1time_to_string, match_hostname, verify_hostname): Move to ssl.c
  (fill_server_cert_info): Move to ssl.c, rename to 
   svn_ra_svn__fill_server_cert_info, replace session baton parameter
   with ssl_conn.
  (do_ssl_auth): Update call to fill_server_cert_info.
  (make_tunnel): Remove initialization of conn->proc.
  (init_ssl_ctx): Move to ssl.c, rename to svn_ra_svn__init_ssl_ctx,
   replace session baton parameter with ssl_conn, remove config parameter.
  (destroy_ssl_ctx): Move to ssl.c
  (ra_svn_open): Remove initialization of sess->ssl_ctx, update to use
   new ssl interface.

* subversion/libsvn_ra_svn/marshal.c
  Add #include "svn_io.h"
  (do_ssl_operation): Remove prototype and implementation.
  (svn_ra_svn_create_conn): Remove initialization of sock/file/ssl
   members, instead initialize conn->in_stream and conn->out_stream
   as appropriate.
  (svn_ra_svn__set_block_handler): Call the new svn_stream_timeout()
   function, rather than its file/socket analogs.
  (svn_ra_svn__input_waiting): Call svn_stream_data_pending(), rather
   than its file/socket/ssl analogs.
  (writebuf_output_ssl, readbuf_input_ssl): Remove.
  (writebuf_output, readbuf_input): Use stream interface rather than
   file/socket/ssl functions.
  (network_biopair_interop): Move to ssl.c, change parameter type to 
   ssl_conn_t rather than svn_ra_svn_conn_t, update to use stream
   interface rather than socket functions.
  (do_ssl_operation): Move to ssl.c, change parameter type to
   ssl_conn_t rather than svn_ra_svn_conn_t.
  (cleanup_ssl, svn_ra_svn_ssl_start): Move to ssl.c
  (svn_ra_svn_ssl_init): Move to ssl.c, rename to
   svn_ra_svn__setup_ssl_conn, add ssl_conn_t output parameter. 
  (svn_ra_svn_ssl_accept): Remove.
  (svn_ra_svn_ssl_connect): Move to ssl.c, rename to
   svn_ra_svn__ssl_connect.


r852204 | sigfred | 2004-12-02 19:43:51 +0000 (Thu, 02 Dec 2004)

* COMMITTERS: Add Sigfred Haversen for svnserve-ssl branch.

r852205 | sigfred | 2004-12-02 21:27:42 +0000 (Thu, 02 Dec 2004)

* COMMITTERS: Add accidental removed magic chars in r12130.

r857167 | djames | 2005-10-29 16:39:08 +0000 (Sat, 29 Oct 2005)

* build/generator/gen_make.py
  (Generator.write): Avoid usage of $< in SWIG header wrapper generator rules,
  so that our Makefile will be compatible with BSD make.

Suggested by: Sigfred Haversen <bsdlist@mumak.com>



r859057 | dlr | 2006-03-22 03:26:19 +0000 (Wed, 22 Mar 2006)

A follow-up to r17910 (r18156 on the 1.3.x branch) to allow
libsvn_swig_py to link on OpenBSD.  Linking with Python 2.3 needs the
-L /.../config and -lpython2.3 arguments.  (Unsure what happens on
OpenBSD with a version of Python which has no lipython2.X.so -- it's
apparently been removed from the ports tree.)

A more correct fix down the road for cases like OpenBSD should be to
inspect the tool chain (e.g. linker, Python library version, etc.),
rather than the OS.

* build/get-py-info.py
  (link_options): Add -LSTATIC_LIDIR and -lpythonVER arguments on
   OpenBSD.

Found by: Sigfred H. <bsdlist@mumak.com>


r859338 | mbk | 2006-04-08 15:31:41 +0000 (Sat, 08 Apr 2006)

Encapsulate ra_svn's i/o with a stream-based wrapper.

This does clean things up slightly, but it is principally to
facilitate the subsequent introduction of an SSL integration
layer.

Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)

* subversion/libsvn_ra_svn/client.c
  (make_tunnel): Remove (now)-obsolete population of the connections "proc"
   member.
* subversion/libsvn_ra_svn/streams.c: New file.
* subversion/libsvn_ra_svn/marshal.c:
  #include "svn_io.h"
  (svn_ra_svn_create_conn): Don't initialize obsolete members of the
  connection, instead use the new svn_ra_svn__stream_pair_from_* functions
  to initialize the new stream members.
  (svn_ra_svn__set_block_handler, svn_ra_svn__input_waiting, writebuf_output,
  readbuf_input): Use the stream API on the new members, rather than the
  APR socket and pipe APIs on the old.
* subversion/libsvn_ra_svn/ra_svn.h
  (SVN_RA_SVN__IOCTL_TIMEOUT, SVN_RA_SVN__IOCTL_PENDING): New macros.
  (struct svn_ra_svn_conn_st): Remove "in_file", "out_file", and "proc"
  members in favor of "in_stream" and "out_stream".
  (svn_ra_svn__stream_pair_from_sock, svn_ra_svn__stream_pair_from_files):
  New function prototypes.


r859339 | mbk | 2006-04-08 15:42:19 +0000 (Sat, 08 Apr 2006)

Add configury for OpenSSL detection.

Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)

* Makefile.in
  (SVN_SSL_LIBS): New autoconf-provided macro.
  (INCLUDES): Updated to include SVN_SSL_INCLUDES, an autoconf-provided
  macro.
* build.conf
  ([svn], [svnserve]): Add dependant library "ssl".
  ([ssl]): New library definition.
* configure.in: Add call to SVN_LIB_SSL.
* build/ac-macros/ssl.m4: New file.
* aclocal.m4: Include build/ac-macros/ssl.m4.


r859349 | mbk | 2006-04-08 23:26:19 +0000 (Sat, 08 Apr 2006)

Add client-side support for SSL in the Subversion protocol.

Note: this implementation won't be useful until server-side
support is added.

Patch by: Sigfred Håversen <bsdlist@mumak.com>
(Tweaked by me.)

* subversion/include/svn_error_codes.h
  (SVN_ERR_RA_SVN_SSL_INIT, SVN_ERR_RA_SVN_SSL_ERROR): New errors.
* subversion/include/svn_ra_svn.h
  (SVN_RA_SVN_CAP_STARTTLS): New macro.
* subversion/libsvn_ra_svn/client.c
  (ra_svn_session_baton_t): Add "hostname" member.
  (do_auth): Handle "STARTTLS" mechanism.
  (open_session): Store uri->hostname in sess, and present
  SVN_RA_SVN_CAP_STARTTLS to the server as a capability.
* subversion/libsvn_ra_svn/ssl.c: New file.
* subversion/libsvn_ra_svn/ra_svn.h:
  #include "svn_auth.h"
  (svn_ra_svn__conn_ssl_client): New function prototype.


r861477 | glasser | 2006-09-10 18:57:49 +0000 (Sun, 10 Sep 2006)

Fix a typo introduced in the backport (r20979) of r20940.

Found by: Sigfred Håversen

* build.conf
  (svnsync): Set the 'manpages' section variable correctly.