[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Fun with certificate authentication

From: Daniel Berlin <dberlin_at_dberlin.org>
Date: 2002-08-05 15:01:46 CEST

On Mon, 5 Aug 2002, Daniel Stenberg wrote:

> On Mon, 5 Aug 2002, Daniel Berlin wrote:
>
> > The first thing that occurred when i woke up this morning was that the PEM
> > reader can't use the default private key prompt because it doesn't take a
> > context argument.
>
> Is that really so?

Yup.
they take:
(FILE *, <X509 ** or EVP_PKEY ** in the cases we call them for>, password
callback, userdata).

None of them take a CTX.

I would imagine this is becuse they are in libcrypto, and not libssl.
They don't want to require an SSL ctx just to read certificates.

However, maybe instead, neon should use the SSL_CTX_* functions that read
certificates into the SSL context, and probably use the default password
callback since they take a context.

I only just noticed them, I'm not an openssl person.
All *I* wanted to do was implement client authentication in subversion. :)

>
> SSL_CTX_set_default_passwd_cb_userdata() was added in OpenSSL 0.9.4 and what
> you set with it, gets passed in as the forth argument to the password
> callback set with SSL_CTX_set_default_passwd_cb():
>
> #if OPENSSL_VERSION_NUMBER >= 0x00904100L
> #define HAVE_USERDATA_IN_PWD_CALLBACK 1
> #else
> #undef HAVE_USERDATA_IN_PWD_CALLBACK
> #endif
>
> Or perhaps I've just misunderstood the issue, then please ignore me.
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Aug 5 15:02:50 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.