[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[PATCH] Cache ssl client certificate passphrases

From: Senthil Kumaran S <senthil_at_collab.net>
Date: Thu, 08 May 2008 14:06:48 +0530

Hi,

I am attaching a patch along with this email which adds support for caching ssl
client certificate passphrases in the subverison config auth area (just like
how we cache our passwords).

Already there is an option (ssl-client-cert-password) to specify the passphrase
  in the servers file (which could be deprecated with this). But yet it will be
better if we can cache this passphrase instead of specifying it in the servers
file, which will help us in extending this to use the features of wincrypt,
keyring, etc in future.

This may be related to issue #2489
(http://subversion.tigris.org/issues/show_bug.cgi?id=2489)

[[[
Cache ssl client certificate passphrase in disk auth cache.

* subversion/libsvn_ra/ra_loader.c
   (svn_ra_open3): Load config options for storing passphrase from servers
    config file.

* subversion/include/svn_config.h
   (SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP): New option to cache ssl
    client certificate passphrase in auth area.
   (SVN_CONFIG_DEFAULT_OPTION_STORE_PASSPHRASE): New default option value
    to store passphrase.

* subversion/include/svn_auth.h
   (SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP): New runtime authentication
    parameter to store ssl client certificate passphrase.

* subversion/libsvn_subr/config_file.c
   (ensure_auth_dirs): Create new auth dir to store ssl client cert passphrase.
   (svn_config_ensure): Add doc for the new option in the servers file string.

* subversion/libsvn_subr/ssl_client_cert_pw_providers.c
   (SVN_AUTH__AUTHFILE_PASSPHRASE_KEY): New key to store passphrase on disk.
   (ssl_client_cert_pw_file_first_credentials): Search the auth/ area if we
    have cached the ssl client cert passphrase previously.
   (ssl_client_cert_pw_file_save_credentials): New function to save client cert
    passphrase.
   (ssl_client_cert_pw_file_provider): Add the save function.

* subversion/libsvn_ra_neon/session.c
   (client_ssl_decrypt_cert): Call svn_auth_save_credentials to save the ssl
    client certificate passphrase.

Patch by: stylesen
]]]

Thank You.

-- 
Senthil Kumaran S
http://www.stylesen.org/


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

Received on 2008-05-08 10:37:53 CEST

This is an archived mail posted to the Subversion Dev mailing list.