[PATCH] Cache ssl client certificate passphrases

From: Senthil Kumaran S <senthil_at_collab.net>
Date: Thu, 08 May 2008 14:06:48 +0530

Hi,

I am attaching a patch along with this email which adds support for caching ssl
client certificate passphrases in the subverison config auth area (just like
how we cache our passwords).

Already there is an option (ssl-client-cert-password) to specify the passphrase
in the servers file (which could be deprecated with this). But yet it will be
better if we can cache this passphrase instead of specifying it in the servers
file, which will help us in extending this to use the features of wincrypt,
keyring, etc in future.

This may be related to issue #2489
(http://subversion.tigris.org/issues/show_bug.cgi?id=2489)

[[[
Cache ssl client certificate passphrase in disk auth cache.

* subversion/libsvn_ra/ra_loader.c
(svn_ra_open3): Load config options for storing passphrase from servers
config file.

* subversion/include/svn_config.h
   (SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP): New option to cache ssl
    client certificate passphrase in auth area.
   (SVN_CONFIG_DEFAULT_OPTION_STORE_PASSPHRASE): New default option value
    to store passphrase.

* subversion/include/svn_auth.h
(SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP): New runtime authentication
parameter to store ssl client certificate passphrase.

* subversion/libsvn_subr/config_file.c
(ensure_auth_dirs): Create new auth dir to store ssl client cert passphrase.
(svn_config_ensure): Add doc for the new option in the servers file string.

* subversion/libsvn_subr/ssl_client_cert_pw_providers.c
   (SVN_AUTH__AUTHFILE_PASSPHRASE_KEY): New key to store passphrase on disk.
   (ssl_client_cert_pw_file_first_credentials): Search the auth/ area if we
    have cached the ssl client cert passphrase previously.
   (ssl_client_cert_pw_file_save_credentials): New function to save client cert
    passphrase.
   (ssl_client_cert_pw_file_provider): Add the save function.

* subversion/libsvn_ra_neon/session.c
(client_ssl_decrypt_cert): Call svn_auth_save_credentials to save the ssl
client certificate passphrase.

Patch by: stylesen
]]]

Thank You.

-- 
Senthil Kumaran S
http://www.stylesen.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

text/x-diff attachment: client_passphrase_cache.patch

Received on 2008-05-08 10:37:53 CEST

This message: [ Message body ]
Next message: Stefan Sperling: "Re: [PATCH] Cache ssl client certificate passphrases"
Previous message: David O'Shea: "Re: [PATCH] Fix merging with broken softlink as target"
Next in thread: Stefan Sperling: "Re: [PATCH] Cache ssl client certificate passphrases"
Reply: Stefan Sperling: "Re: [PATCH] Cache ssl client certificate passphrases"
Reply: Branko Čibej: "Re: [PATCH] Cache ssl client certificate passphrases"
Reply: Joe Orton: "Re: [PATCH] Cache ssl client certificate passphrases"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]