SSL certificate check failing

Create issue
Issue #1439 closed
Roland Haas created an issue

The check for SSL certificates in line 535:

# check for svn SSL problems
if ( $rec{"TYPE"} eq "svn" && defined $rec{"AUTH_URL"} ) {
    my $base = $rec{"AUTH_URL"};
    $base =~ s/(https\:\/\/[\w\.]+)\/(.*)$/$1/i;
    unless ( defined $svn_servers{$base} ) {
        my $ret = `$svn --non-interactive info $rec{AUTH_URL} 2>&1`;
        if ( $ret =~ /Server certificate verification failed/ ) {
            $svn_servers{$base} = 0;
        }
        else {
            $svn_servers{$base} = 1;
        }
    }
}

is incorrect since eg for the ET manifest where

AUTH_URL=https://svn.einsteintoolkit.org/$1/trunk

the executed svn command is:

svn --non-interactive info https://svn.einsteintoolkit.org/$1/trunk 2>&1

which actually returns and error:

 svn: E175002: Unable to connect to a repository at URL 'https://svn.einsteintoolkit.org/trunk'
svn: E175002: The OPTIONS request returned invalid XML in the response: XML parse error at line 1: Extra content at the end of the document
 (https://svn.einsteintoolkit.org/trunk)

but the code does not test for svn failures at all at this point.

The simplest fix would be to move the check further down where $1 has been replaced by an actual value, eg into the loop:

# we are splitting each group of components into individuals
# to check for existence. they will now be passed individually to
# the checkout/update subroutines. this will take up more memory,
# but it should make it easier if the user decides to add another
# component from the same repository later
my @checkouts = split( /\s+/m, $rec{"CHECKOUT"} );
foreach my $checkout (@checkouts) {

in line 565 which however causes the test to run for every single CHECKOUT item.

Keyword:

Comments (6)

  1. Frank Löffler
    • removed comment

    How much of a problem would it be to have this running on each item? I suppose it needs a bit of extra time.

  2. Roland Haas reporter
    • removed comment

    It does not run on each item since the whole test is inside of an unless statement that checks if the server (rather than the item) has been tested before.

    See the proposed fix for #1801.

  3. Log in to comment