[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client certificates - JavaHL not prompting for file/password?

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2005-08-01 19:46:16 CEST

Ben Collins-Sussman <sussman@collab.net> wrote on 08/01/2005 01:32:33 PM:

> On Jul 21, 2005, at 10:46 AM, Mark Phippard wrote:
>
> > Brian Clarke <brian_p_clarke@yahoo.com> wrote on 07/21/2005
> > 11:42:03 AM:
> >
> >> [It'd be fine to configure the client cert file
> >> location and have Subclipse prompt the user for the
> >> password (say once per Eclipse dev "session").]
> >>
> >
> > I asked Brian to post this. I think it is a JavaHL bug. We have
> > registered a prompting interface with JavaHL so that we can provide
> > a GUI
> > to prompt the user when needed. This works for normal username and
> > password, as well as accepting server certificate. I think that
> > JavaHL
> > just needs to be enhanced to use this interface in this scenario as
> > well.
>
> Your analysis sounds correct to me. If you think of javahl as an
> 'application' using the libsvn_client API, it seems that you've not
> fully utilized the svn_auth.h API here, the way 'svn' or tortoisesvn
> has done. I think you need to register another prompting callback
> somewhere. I can help if you have questions.
>
> I wouldn't call this a 'bug', so much as an 'incomplete client'.
> You're welcome to file it as an enhancement. Perhaps Mark Phippard
> or Patrick Mayweg will volunteer to fix this in javahl? (Who's
> maintaining javahl these days?)

The Java side of JavaHL has a prompting interface in place to handle this.
 The C++ side that interacts with Subversion probably just needs to be
coded to use the interface for this situation. I am cc:ing Patrick Mayweg
on this, as this has traditionally been his area of expertise. Patrick
are you around these days? Do you have any time to look into these two
issues?

I mainly know how to "use" JavaHL (as I am a Java programmer). I could
not fix this myself. For the second problem, about the accepting a
certificate temporary, I did submit a patch test case that demonstrates
the problem. See:
http://subversion.tigris.org/servlets/ReadMsg?list=dev&msgNo=101991

Brian, would it be possible for you to make a test server available if
needed that uses client certs? It might facilitate testing the feature as
I imagine there is some difficulty in setting this up. If you are, you do
not have to post any details. We could contact you privately for the
details such as the server URL and the client cert to use. Also, if this
is going to be much work for you, you should probably wait until someone
steps up and says they can look into this.

Thanks

Mark

_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Aug 1 19:47:02 2005

This is an archived mail posted to the Subversion Dev mailing list.