[ET Trac] [Einstein Toolkit] #1439: SSL certificate check failing

Einstein Toolkit trac-noreply at einsteintoolkit.org
Mon Sep 16 13:21:05 CDT 2013 

#1439: SSL certificate check failing
--------------------+-------------------------------------------------------
 Reporter:  rhaas   |       Owner:                     
     Type:  defect  |      Status:  new                
 Priority:  major   |   Milestone:                     
Component:  Other   |     Version:  development version
 Keywords:          |  
--------------------+-------------------------------------------------------
 The check for SSL certificates in line 535:
 {{{#perl
 # check for svn SSL problems
 if ( $rec{"TYPE"} eq "svn" && defined $rec{"AUTH_URL"} ) {
     my $base = $rec{"AUTH_URL"};
     $base =~ s/(https\:\/\/[\w\.]+)\/(.*)$/$1/i;
     unless ( defined $svn_servers{$base} ) {
         my $ret = `$svn --non-interactive info $rec{AUTH_URL} 2>&1`;
         if ( $ret =~ /Server certificate verification failed/ ) {
             $svn_servers{$base} = 0;
         }
         else {
             $svn_servers{$base} = 1;
         }
     }
 }
 }}}
 is incorrect since eg for the ET manifest where
 {{{
 AUTH_URL=https://svn.einsteintoolkit.org/$1/trunk
 }}}
 the executed svn command is:
 {{{
 svn --non-interactive info https://svn.einsteintoolkit.org/$1/trunk 2>&1
 }}}
 which actually returns and error:
 {{{
  svn: E175002: Unable to connect to a repository at URL
 'https://svn.einsteintoolkit.org/trunk'
 svn: E175002: The OPTIONS request returned invalid XML in the response:
 XML parse error at line 1: Extra content at the end of the document
  (https://svn.einsteintoolkit.org/trunk)
 }}}
 but the code does not test for svn failures at all at this point.

 The simplest fix would be to move the check further down where {{{$1}}}
 has been replaced by an actual value, eg into the loop:
 {{{
 # we are splitting each group of components into individuals
 # to check for existence. they will now be passed individually to
 # the checkout/update subroutines. this will take up more memory,
 # but it should make it easier if the user decides to add another
 # component from the same repository later
 my @checkouts = split( /\s+/m, $rec{"CHECKOUT"} );
 foreach my $checkout (@checkouts) {
 }}}
 in line 565 which however causes the test to run for every single CHECKOUT
 item.

-- 
Ticket URL: <https://trac.einsteintoolkit.org/ticket/1439>
Einstein Toolkit <http://einsteintoolkit.org>
The Einstein Toolkit

More information about the Trac mailing list