Uploaded image for project: 'Subversion'
  1. Subversion
  2. SVN-3239

client cert passphrase cache keyed by relative path, not absolute path

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 1.6.0
    • Component/s: unknown
    • Labels:
      None

      Description

      In the following transcript (with r32132 of trunk), the reason I don't get
      prompted for a client cert passphrase for the first checkout is that the
      passphrase for client cert file "user.p12" is already cached.  But notice how I
      *do* get prompted for a passphrase after doing 'cd wc' and then 'svn up',
      because that time when I provide the client cert file, I say "../user.p12". 
      Same file, different path -- which is apparently enough to fool Subversion:
      
         $ rm -rf wc; svn co https://117.193.193.134/svn/repos wc
         Authentication realm: https://117.193.193.134:443
         Client certificate filename: user.p12
         Error validating server certificate for 'https://117.193.193.134:443':
          - The certificate is not issued by a trusted authority. Use the
            fingerprint to validate the certificate manually!
          - The certificate hostname does not match.
         Certificate information:
          - Hostname: Senthil Kumaran S
          - Valid: from Thu, 10 Jul 2008 11:36:24 GMT until \
                        Fri, 10 Jul 2009 11:36:24 GMT
          - Issuer: Subversion, My organization, Chennai, TamilNadu, IN
          - Fingerprint: 9b:25:9e:3c:f7:d2:6b:a0:5d:95:2c:a7:50:42:33:ce:da:f0:f1:76
         (R)eject, accept (t)emporarily or accept (p)ermanently? t
         A    wc/README
         Checked out revision 1.
         $ cd wc
         $ svn up
         Authentication realm: https://117.193.193.134:443
         Client certificate filename: ../user.p12
         Passphrase for '../user.p12': uservision
         
         -----------------------------------------------------------------------
         ATTENTION!  Your passphrase for client certificate:
         
            ../user.p12
         
         can only be stored to disk unencrypted!  You are advised to configure
         your system so that Subversion can store passphrase encrypted, if
         possible.  See the documentation for details.
         
         You can avoid future appearances of this warning by setting the value
         of the 'store-ssl-client-cert-pp-plaintext' option to either 'yes' or
         'no' in '/home/kfogel/.subversion/servers'.
         -----------------------------------------------------------------------
         Store passphrase unencrypted (yes/no)? yes
         Error validating server certificate for 'https://117.193.193.134:443':
          - The certificate is not issued by a trusted authority. Use the
            fingerprint to validate the certificate manually!
          - The certificate hostname does not match.
         Certificate information:
          - Hostname: Senthil Kumaran S
          - Valid: from Thu, 10 Jul 2008 11:36:24 GMT until \
                        Fri, 10 Jul 2009 11:36:24 GMT
          - Issuer: Subversion, My organization, Chennai, TamilNadu, IN
          - Fingerprint: 9b:25:9e:3c:f7:d2:6b:a0:5d:95:2c:a7:50:42:33:ce:da:f0:f1:76
         (R)eject, accept (t)emporarily or accept (p)ermanently? t
         At revision 1.
         $ 
      
      You can see the difference in the auth cache:
      
         $ ls ~/.subversion/auth/svn.ssl.client-passphrase/
         974aec6ed25a3fe4181ea51c15cc882c  b8768e65b8c6d76a119573bf188ae6b1
         $ cat
      ~/.subversion/auth/svn.ssl.client-passphrase/974aec6ed25a3fe4181ea51c15cc882c
         K 10
         passphrase
         V 10
         uservision
         K 8
         passtype
         V 6
         simple
         K 15
         svn:realmstring
         V 8
         user.p12
         END
         $ cat
      ~/.subversion/auth/svn.ssl.client-passphrase/b8768e65b8c6d76a119573bf188ae6b1
         K 10
         passphrase
         V 10
         uservision
         K 8
         passtype
         V 6
         simple
         K 15
         svn:realmstring
         V 11
         ../user.p12
         END
         $
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              kfogel Karl Fogel
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: