"P. Christeas" <p_christ@xxxxxx> wrote:
> Just had to access a server with a broken certificate (self signed), so I
> added that patch to git-svnimport.
Matthias should know more about git-svnimport than I do :)
I'm not fully up-to-date on how the SVN:: modules work for this, nor do
I know off the top of my head an ssl svn server with a self-signed cert
to test with. I just copied the ssl stuff off svn-mirror a while ago :)
> --- /usr/bin/git-svnimport 2006-04-13 09:39:39.000000000 +0300
> +++ /home/panos/bin/git-svnimport 2006-04-28 17:55:45.000000000 +0300
> @@ -96,9 +96,14 @@
> sub conn {
> my $self = shift;
> my $repo = $self->{'fullrep'};
> - my $auth = SVN::Core::auth_open ([SVN::Client::get_simple_provider,
> +# my $auth = SVN::Core::auth_open ([SVN::Client::get_simple_provider,
> +# SVN::Client::get_ssl_server_trust_file_provider,
> +# SVN::Client::get_ssl_server_trust_prompt_provider(\&_trust_callback),
> +# SVN::Client::get_username_provider]);
> + my $auth = [SVN::Client::get_simple_provider,
> SVN::Client::get_ssl_server_trust_file_provider,
> - SVN::Client::get_username_provider]);
> + SVN::Client::get_ssl_server_trust_prompt_provider(\&_trust_callback),
> + SVN::Client::get_username_provider];
> my $s = SVN::Ra->new(url => $repo, auth => $auth);
> die "SVN connection to $repo: $!\n" unless defined $s;
> $self->{'svn'} = $s;
> @@ -125,6 +130,45 @@
> return $name;
> }
>
> +sub _trust_callback {
> + my ($cred,$realm,$ifailed,$server_cert_info,$may_save) = @_;
> + #$cred->accepted_failures($SVN::Auth::SSL::UNKNOWNCA);
> + print "SSL certificate is not trusted: $ifailed \n";
> + print "Fingerprint: " . $server_cert_info->fingerprint . "\n";
> + print "Hostname: ". $server_cert_info->hostname ;
> + print " (MISMATCH)" if ( $ifailed & $SVN::Auth::SSL::CNMISMATCH);
> + print "\n";
> +
> + print "Valid from: ". $server_cert_info->valid_from;
> + print " (NOT YET)" if ( $ifailed & $SVN::Auth::SSL::NOTYETVALID);
> + print "\n";
> +
> + print "Valid until: ". $server_cert_info->valid_until;
> + print " (EXPIRED)" if ( $ifailed & $SVN::Auth::SSL::EXPIRED);
> + print "\n";
> +
> + print "Issuer: ". $server_cert_info->issuer_dname;
> + print " (UNKNOWN)" if ( $ifailed & $SVN::Auth::SSL::UNKNOWNCA);
> + print "\n\n";
> +
> + print "Do you still want to accept that certificate? [y/N] ";
> + my $accept = <STDIN>;
> + chomp($accept);
> + print "\n";
> + if (($accept eq "y") or ($accept eq "Y" )) {
> + $cred->accepted_failures($ifailed);
> + # print "Save cert, so that it is accepted in future calls? [y/N] ";
> + # my $mmsave = <STDIN>;
> + # chomp($mmsave);
> + # if (($mmsave eq "y") or ($mmsave eq "Y" )) {
> + # $may_save = 1;
> + # }
> + print "\n";
> + }
> +
> +}
> +
> +
> package main;
> use URI;
>
--
Eric Wong
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html