[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[Patch] Autmatically trust valid certificates on windows via CryptoApi

From: Bert Huijben <BHuijben_at_COMPETENCE.BIZ>
Date: 2007-03-09 14:23:54 CET

        Hi,

Since Windows NT 4.0, Windows contains a standard infrastructure for
handling certificates, which allows central-rollout of
ssl-root-certificates. Subversion however uses its own infrastructure
which requires us to roll-out the certificate twice for our subversion
users (and build system).

For my own .net 2.0 binding of the subversion api (Available on
google-code), I developed a check to verify if a certificate which
subversion does not trust yet, is trusted by Windows (to allow automatic
acceptance if windows accepts the certificate and all its properties).

I just reworked the implementation to an implementation which can be
included in subversion itself (see the attached patch). The code should
work on Windows 2000+ and probably on older versions of Windows if a
recent version of Internet Explorer is installed. If the CryptoApi is
not available and/or the certificate is not 100% trusted by the
CryptoApi (e.g. Invalid date, etc.) the certificate is not accepted and
the behavior is the same as when the certificate is not checked at all.

        Bert

The patch is created against svn-trunk; it has not enough context to
work against the 1.4.X branch on which I developed it. (TortoiseSvn did
not allow me to add more context).
The Google code repositories are a nice testcase, as these have a global
valid certificate

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Sun Mar 11 00:17:20 2007

This is an archived mail posted to the Subversion Dev mailing list.