Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)

From: Joel Jirak <joel.jirak_at_gmail.com>
Date: Tue, 28 Oct 2008 11:25:50 -0700 (PDT)

Thanks for the quick response! Two questions:

1. What will the behavior be with the cengapi enabled but the cert
store dialog disabled? Will no UI pop up at all?
2. Is there a possible workaround by me using an older openssl DLL
from TortoiseSVN 1.5.3 with the newer TortoiseSVN?

Thanks for your help.

Joel Jirak

On Oct 28, 1:45 pm, Stefan Küng <tortoise..._at_gmail.com> wrote:
> Joel Jirak wrote:
> > At BigCo, Inc., we use a smart card for authentication in certain
> > cases, but not all.
>
> > We access repositories that require a certificate, and a certificate
> > file was specified in our servers file (with ssl-client-cert-file
> > option). This worked as expected with TortoiseSVN 1.5.3.
>
> > After upgrading to TortoiseSVN 1.5.4, we began to be prompted by the
> > smart card software to pick a certificate (from MS Certificate store,
> > presumably) and to enter our PIN for the smart card. This is
> > incredibly inconvenient because we have to do it for almost every
> > Subversion operation. Canceling out of the prompt works because, I
> > presume, it falls back to the servers file settings. However, having
> > to hit ESC 20 times for every Subversion operation makes TortoiseSVN
> > 1.5.4 unusable.
>
> > The change log for TortoiseSVN 1.5.4 says: CHG: OpenSSL 0.9.8i with
> > capieng enabled
>
> > I assume this enabling of the CryptoAPI within OpenSSL is the source
> > of our problem. (Correct me if I'm wrong.) Is there any way to
> > disable this functionality in the UI or in a config file? We would
> > like an option to make TortoiseSVN to behave as if there were no smart
> > cards that hook into the CryptoAPI despite the presence of such
> > cards. (I am speculating about the underlying mechanism here. I am
> > not quite sure of the details.)
>
> Unfortunately, there's no config option to disable this.
> I've changed the compile time options of our OpenSSL build now to still
> include capieng, but disabled the certificate store selection dialog.
>
> Next release will have this included.
>
> Stefan
>
> --
> ___
> oo // \\ "De Chelonian Mobile"
> (_,\/ \_/ \ TortoiseSVN
> \ \_/_\_/> The coolest Interface to (Sub)Version Control
> /_/ \_\ http://tortoisesvn.net
>
> signature.asc
> < 1KViewDownload

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-28 19:28:04 CET

This message: [ Message body ]
Next message: Stefan Küng: "Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)"
Previous message: Stefan Küng: "Re: Problems with deleting content from repository and Updates/Locks/Cleanup"
In reply to: Stefan Küng: "Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)"
Next in thread: Stefan Küng: "Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)"
Reply: Stefan Küng: "Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]