[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)

From: Stefan Kng <tortoisesvn_at_gmail.com>
Date: Tue, 28 Oct 2008 18:45:54 +0100

Joel Jirak wrote:
> At BigCo, Inc., we use a smart card for authentication in certain
> cases, but not all.
>
> We access repositories that require a certificate, and a certificate
> file was specified in our servers file (with ssl-client-cert-file
> option). This worked as expected with TortoiseSVN 1.5.3.
>
> After upgrading to TortoiseSVN 1.5.4, we began to be prompted by the
> smart card software to pick a certificate (from MS Certificate store,
> presumably) and to enter our PIN for the smart card. This is
> incredibly inconvenient because we have to do it for almost every
> Subversion operation. Canceling out of the prompt works because, I
> presume, it falls back to the servers file settings. However, having
> to hit ESC 20 times for every Subversion operation makes TortoiseSVN
> 1.5.4 unusable.
>
> The change log for TortoiseSVN 1.5.4 says: CHG: OpenSSL 0.9.8i with
> capieng enabled
>
> I assume this enabling of the CryptoAPI within OpenSSL is the source
> of our problem. (Correct me if I'm wrong.) Is there any way to
> disable this functionality in the UI or in a config file? We would
> like an option to make TortoiseSVN to behave as if there were no smart
> cards that hook into the CryptoAPI despite the presence of such
> cards. (I am speculating about the underlying mechanism here. I am
> not quite sure of the details.)

Unfortunately, there's no config option to disable this.
I've changed the compile time options of our OpenSSL build now to still
include capieng, but disabled the certificate store selection dialog.

Next release will have this included.

Stefan

-- 
       ___
  oo  // \\      "De Chelonian Mobile"
 (_,\/ \_/ \     TortoiseSVN
   \ \_/_\_/>    The coolest Interface to (Sub)Version Control
   /_/   \_\     http://tortoisesvn.net

Received on 2008-10-28 18:46:22 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.