AW: CommitMonitor: Problem with client certificate authentication

From: Stahn Roland <RStahn_at_de.pepperl-fuchs.com>
Date: Fri, 19 Feb 2016 15:03:14 +0000

Hi Stefan,

thank you for pointing me to this registry key.
With this workaround CM can access the SVN server again, while the client
certificate is still present within Windows for the web browser. Great!

I can confirm though, that the client certificate is *exactly* the same - at
least from an user's point of view. I used the very same file, that CM is now
loading via the 'servers' settings to import the certificate into windows.
Of course I have no idea, what kind of magic is applied to the certificate
during this import process. And as stated before, there is no other client
certificate present, that would explain why TSVN can access the server and
CM cant.

Anyways, I am happy with the workaround for now.
I am willing to assist in tracking down the root cause though, if you are curious.
Just give me instructions on how to generate more debugging data.

On the long run I plan to switch to TSVN project monitor anyway, as soon as
it regains CMs ability to manage the 'unread' status of commit messages
individually. But that’s another story and had been discussed on this list before:
http://svn.haxx.se/tsvnusers/archive-2015-10/0052.shtml
Can I vote for this feature somewhere?

Kind regards,

Roland

Pepperl+Fuchs GmbH, Mannheim
Geschaeftsfuehrer/Managing Directors: Dr.-Ing. Gunther Kegel (Vors./CEO), Dr.-Ing. Peter Adolphs, Werner Guthier, Mehmet Hatiboglu
Vorsitzender des Aufsichtsrats/Chairman of the supervisory board: Claus Michael
Registergericht/Register Court: AG Mannheim HRB 4713
-----Ursprüngliche Nachricht-----
Von: Stefan Küng [mailto:tortoisesvn_at_gmail.com]
Gesendet: Freitag, 19. Februar 2016 15:22
An: users_at_tortoisesvn.tigris.org
Betreff: Re: AW: CommitMonitor: Problem with client certificate authentication

On 19.02.2016 09:36, Stahn Roland wrote:
> Hi Stefan,
>
> thanks for the reply.
>
> Actually I have only a single client certificate installed. When it is present,
> CM will throw the mentioned error message while TSVN works fine.
> Using SysInternals Process Monitor I can see, that CM indeed is accessing
> the Windows storage only. On the other hand, if I remove that certificate
> from the Windows storage, CM is loading the certificate from disc storage
> as configured in the "servers" file. For some reason in this case the
> SSL connecting is successfully established. Are there any differences
> between a certificate loaded directly from a .p12 file and the very same
> certificate imported into the Windows storage?

I'm guessing that the certificate in the windows storage is not
*exactly* the same as the .p12 one you specify in the servers config
file, otherwise it would work.

Also: the certificate in the windows storage always takes precedence
over the one specified in the servers file: the windows storage one is
used by openssl directly, before the svn lib even gets a chance to do
the authentication.

You can disable the use of the windows storage certificate using the
registry key:

HKCU\Software\TortoiseSVN\OpenSSLCAPI

create this DWORD value and then set it to 0.

> Is there a way to force CM to ignore the windows storage?
> Unfortunately the certificate needs to be there in order to access some
> other (non-SVN) HTTP based services using a web browser.

The same registry key is also used by CM.

Stefan

--
___
oo // \\ "De Chelonian Mobile"
(_,\/ \_/ \ TortoiseSVN
\ \_/_\_/> The coolest interface to (Sub)version control
/_/ \_\ http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3161711
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Wichtiger Hinweis:
Diese E-Mail einschliesslich ihrer Anhaenge enthaelt vertrauliche und
rechtlich geschuetzte Informationen, die nur fuer den Adressaten bestimmt sind.
Sollten Sie nicht der bezeichnete Adressat sein, so teilen Sie dies bitte dem
Absender umgehend mit und loeschen Sie diese Nachricht und ihre Anhaenge. Die
unbefugte Weitergabe, das Anfertigen von Kopien und jede Veraenderung der E-Mail
ist untersagt. Der Absender haftet nicht fuer Inhalte von veraenderten
E-Mails.
Important Information:
This e-mail message including its attachments contains confidential and legally protected information solely intended for the addressee. If you are not the intended addressee of this message, please contact the addresser immediately and delete this message including its attachments. The unauthorized dissemination, copying and change of this e-mail are strictly forbidden. The addresser shall not be liable for the content of such changed e-mails.
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3161716
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2016-02-19 16:03:41 CET

This message: [ Message body ]
Next message: Stefan Küng: "Re: AW: CommitMonitor: Problem with client certificate authentication"
Previous message: Stefan Küng: "Re: AW: CommitMonitor: Problem with client certificate authentication"
In reply to: Stahn Roland: "CommitMonitor: Problem with client certificate authentication"
Next in thread: Stefan Küng: "Re: AW: CommitMonitor: Problem with client certificate authentication"
Reply: Stefan Küng: "Re: AW: CommitMonitor: Problem with client certificate authentication"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]