[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Client certificates - JavaHL not prompting for file/password?

From: Patrick Mayweg <mayweg_at_qint.de>
Date: 2005-08-16 11:29:11 CEST

Hi Brian,
thanks, my move went quiet well. But I am still living in between a
number of cardboard boxes.

I have found a problem with the trust callback, which call the callback
only once. I will check in a fix for that soon.
I see what I have to do, to remember the answer for the next operation,
but that takes more time. I have to work out which pool to use where.
For the missing prompt for the client cert file and password, I see no
reason why the callback is not called. But I am missing a server which
requieres client cert's with a matching cert. Can someone give me access
to such a server?
Regards,
Patrick

Brian Clarke wrote:

>Hi Patrick-
>Hope your move went well...Just wanted to follow up and see if you'd
>had a chance to take a look at this issue - JavaHL not exercising the
>prompting callback for the client certificate password.
>
>Mark: I'm working on the test server idea...
>-Brian
>
>
>On 8/2/05, Patrick Mayweg <mayweg@qint.de> wrote:
>
>
>>Hi Ben.
>>
>>Ben Collins-Sussman wrote:
>>
>>
>>
>>>On Jul 21, 2005, at 10:46 AM, Mark Phippard wrote:
>>>
>>>
>>>
>>>>Brian Clarke <brian_p_clarke@yahoo.com> wrote on 07/21/2005 11:42:03
>>>>AM:
>>>>
>>>>
>>>>
>>>>
>>>>>[It'd be fine to configure the client cert file
>>>>>location and have Subclipse prompt the user for the
>>>>>password (say once per Eclipse dev "session").]
>>>>>
>>>>>
>>>>>
>>>>I asked Brian to post this. I think it is a JavaHL bug. We have
>>>>registered a prompting interface with JavaHL so that we can provide
>>>>a GUI
>>>>to prompt the user when needed. This works for normal username and
>>>>password, as well as accepting server certificate. I think that JavaHL
>>>>just needs to be enhanced to use this interface in this scenario as
>>>>well.
>>>>
>>>>
>>>Your analysis sounds correct to me. If you think of javahl as an
>>>'application' using the libsvn_client API, it seems that you've not
>>>fully utilized the svn_auth.h API here, the way 'svn' or tortoisesvn
>>>has done. I think you need to register another prompting callback
>>>somewhere. I can help if you have questions.
>>>
>>>
>>If you known which callback, that would help me.
>>
>>
>>
>>>I wouldn't call this a 'bug', so much as an 'incomplete client'.
>>>You're welcome to file it as an enhancement. Perhaps Mark Phippard
>>>or Patrick Mayweg will volunteer to fix this in javahl? (Who's
>>>maintaining javahl these days?)
>>>
>>>
>>I think I am still maintain it. Unfortunately I am moving to a new
>>aparment the upcomimg weekend. That why I did not have time to do
>>anything for javahl in the last weeks. I hope I will be able to work on
>>the open issues one weekend later.
>>
>>
>>
>>>
>>>
>>>>There is also another bug I have posted to this list where if we use
>>>>the
>>>>Accept Temporary option on a server certificate it doesn't really work
>>>>correctly. The initial request succeeds, but all subsequent requests
>>>>fail.
>>>>
>>>>
>>>That's suspicious -- sounds like the svn_auth.h API is being used
>>>incorrectly somewhere.
>>>
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
>>>For additional commands, e-mail: dev-help@subversion.tigris.org
>>>
>>>
>>>
>>Patrick Mayweg
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
>>For additional commands, e-mail: dev-help@subversion.tigris.org
>>
>>
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Aug 16 11:30:45 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.