[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Cache ssl client certificate passphrases

From: Branko Čibej <brane_at_xbc.nu>
Date: Sat, 10 May 2008 02:24:05 +0200

Greg Hudson wrote:
> On Thu, 2008-05-08 at 15:27 -0400, Karl Fogel wrote:
>
>> If I understand him correctly, Joe is pointing out that the only purpose
>> of this passphrase is to decrypt the cert -- so instead of storing the
>> passphrase unencrypted, we might as well dispense with the passphrase
>> entirely and just store the unencrypted cert itself.
>>
>
> Do Keychain etc. have the ability to store certs? That seems more
> straightforward than storing a cert decryption password in Keychain and
> then an encrypted cert, but only if that's part of the architecture of
> Keychain-type frameworks.
>

Mac keychain does store certs. Windows has a user-specific cert store,
too -- though it doesn't have a non-obscure UI for adding stuff to it.
Only note that our Windows crypted-password store takes shortcuts and
uses just the cryption parts of the API, not the secure store part.

-- Brane

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-10 02:24:33 CEST

This is an archived mail posted to the Subversion Dev mailing list.