[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: client ssl certificate authentication

From: David Waite <mass_at_akuma.org>
Date: 2003-02-12 20:30:21 CET

Karl Fogel wrote:

>Just FYI, David,
>
<snip>

>>Does this seem alright with people? Does it seem correct to have
>>~/.subversion/servers point to the location of the needed key files?
>>Where (and should) the passphrase be stored?
>>
>>
>
>Are these key files shared by other applications, or are they specific
>to Subversion, or does that depend on the circumstances? When
>specific to Subversion, then ~/.subversion/auth/ seems like the way to
>go (can we do an equivalent in the Windows Registry, or does Windows
>have another way of dealing with keys?).
>
Windows has a certificate store, exposed through the CryptoAPI.On the
windows platform, the crypto api usually handles the private key, both
for security reasons and to abstract hardware encryption devices.
OpenSSL unfortunately doesn't seem to interface with this. (I have at
least pondered looking into an OpenSSL engine for schannel (the
low-level SSL stuff) and cryptoAPI, which would for the most part
provide a wrapper for a common SSL interface. Nothing exists today, though.

So for Windows, I think this will need some storage dir for the keys.

-David Waite

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Feb 12 20:31:22 2003

This is an archived mail posted to the Subversion Dev mailing list.