Fix SSL regressions with Subversion.
Review Request #5936 — Created June 5, 2014 and submitted
Subversion's SSL support badly broke with the subvertpy work done in
2.0. The new code flat-out didn't work with self-signed certificates,
and seemed to have trouble with verification all-together. This was true
of both PySVN and Subvertpy.In PySVN's case, the SSL trust callback was never set. The base SVNTool
tried to set it on our Client class for PySVN, but it never got set on
the real Client class provided by PySVN.Subvertpy was missing a bunch of provider classes that were necessary
for reading and writing the certificate verification files in the
.subversion directory.In both cases, the new accept_certificate() functions were failing to
actually return the generated certificate. They were also not being
careful with the 'failures' key in the resulting certificate. PySVN
prematurely deleted it (causing us to fail when looking up the failures,
if needed), and Subvertpy was leaving it in.This brings our support for SSL certificates back to a working state.
Performed the following tests with both PySVN and Subvertpy backends:
- Set up a self-signed cert for a new SVN server.
- Added the repository to Review Board.
- Saw the trust prompt, with all the appropriate cert information.
- Clicked "I trust this host."
- Saw the repository was added.
- Ran 'svn info' on the repository, and wasn't prompted about the cert.
- Saw the cert file in
.subversion.- Re-saved the repository, and wasn't prompted.
| Description | From | Last Updated |
|---|---|---|
|
redefinition of unused 'Client' from line 19 |
 reviewbot
|
This is a review from Review Bot. Tool: PEP8 Style Checker Processed Files: reviewboard/scmtools/svn/subvertpy.py reviewboard/scmtools/svn/pysvn.py reviewboard/scmtools/svn/__init__.py reviewboard/scmtools/svn/base.py Ignored Files: