On Wed, Oct 26, 2011 at 12:53 PM, Joel Jirak <joel_at_jirak.us> wrote:
> On Tue, Oct 25, 2011 at 4:25 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
>> On 25.10.2011 21:58, Joel Jirak wrote:
>>> There's been a change of behavior that I see when upgrading from 1.6.x
>>> to 1.7.1. It looks like Tortoise is now built with access to MS
>>> CryptoAPI enabled in OpenSSL. (Not sure if this is the exact right
>>> technical description, but perhaps you know what I mean.) This is
>>> causing a a popup from my smart card software for almost any SVN
>>> operation. For example, when browsing to a repository, I have to hit
>>> cancel 4 times, until it falls back to using the cert file that I
>>> configured in my servers file. It's the same behavior I described
>>> here: http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=92849.
>>> Unfortunately, my company requires me to use the smart card software,
>>> so uninstalling it is not an option.
>>> Is there any way to work around this behavior so that TortoiseSVN uses
>>> just what's configured in the servers file and doesn't cause popups
>>> from accessing the MS certificate store? Perhaps a configuration
>>> option that would disable it? I couldn't find anything in the help or
>>> in the advanced options that seemed relevant.
>>> Thank you for considering the matter. I've been looking forward to
>>> upgrading to 1.7.x and hope I'm not forced to stay with 1.6.x.
>> You shouldn't get any dialogs if you've configured the certificate in
>> the servers file.
>> What kind of dialogs do pop up for you?
> It's a dialog reading "Please insert smart card". Unfortunately, I
> forgot my smart card at home, so I can't tell you yet what happens if
> I insert it. I'll try this tomorrow. (Almost no one here a work
> brings there smart card into the office. It's only used for remote
Got my smart card. Here's what I see. The starting point is a) my
servers file specifies the client cert and cert passphrase (no change
here) and b) I delete the my auth cache.
1. I select "Repo-browser" and pick the repository.
2. I get a pop-up saying "Please insert a smart card" from the security product.
3. I dismiss the pop-up seven times and then see the repo-browser
populated with correct data from the repository. Presumable, TSVN has
fallen back to using the settings from the servers file.
4. Any further action, like show-log, requires the pop-up to be dismissed once.
Now, if I delete my auth cache, start over and insert my smart card:
alt1. I select "Repo-browser" and pick the repository.
alt2. I get a pop-up saying "Please insert a smart card" from the
alt3. Insert smart card. The repo-browser appears, populated with
correct data from the repository.
alt4. Any further action, like show-log, occurs without any pop-up
At this point, the behavior seems to change.
alt5. I dismiss the repo-browser, then open it back up again (without
deleting the auth cache)
alt6. I don't get a pop-up about the smart card, because it's already inserted.
alt7. I get the "Select Certificate" window.
alt8. If I cancel this twice, the repo-browser is populated with data
OR if I pick the desired client cert, the same thing happens.
alt9. In either case, subsequent svn operations don't cause a pop-up.
alt10. And finally, if I take my smart card out, svn operations cause
me to be prompted to "Please insert a smart card"
My preference would be that if a certificate is specified in the
servers file for a given server, svn interactions with that server
would never result in any prompts, whether directly by TSVN or
indirectly from programs tied into MS crypto layer. Any chance for a
tweak or some setting that could implement this?
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-10-27 20:04:14 CEST