Hi,
I am attaching a patch along with this email which adds support for caching ssl
client certificate passphrases in the subverison config auth area (just like
how we cache our passwords).
Already there is an option (ssl-client-cert-password) to specify the passphrase
in the servers file (which could be deprecated with this). But yet it will be
better if we can cache this passphrase instead of specifying it in the servers
file, which will help us in extending this to use the features of wincrypt,
keyring, etc in future.
This may be related to issue #2489
(http://subversion.tigris.org/issues/show_bug.cgi?id=2489)
[[[
Cache ssl client certificate passphrase in disk auth cache.
* subversion/libsvn_ra/ra_loader.c
(svn_ra_open3): Load config options for storing passphrase from servers
config file.
* subversion/include/svn_config.h
(SVN_CONFIG_OPTION_STORE_SSL_CLIENT_CERT_PP): New option to cache ssl
client certificate passphrase in auth area.
(SVN_CONFIG_DEFAULT_OPTION_STORE_PASSPHRASE): New default option value
to store passphrase.
* subversion/include/svn_auth.h
(SVN_AUTH_PARAM_STORE_SSL_CLIENT_CERT_PP): New runtime authentication
parameter to store ssl client certificate passphrase.
* subversion/libsvn_subr/config_file.c
(ensure_auth_dirs): Create new auth dir to store ssl client cert passphrase.
(svn_config_ensure): Add doc for the new option in the servers file string.
* subversion/libsvn_subr/ssl_client_cert_pw_providers.c
(SVN_AUTH__AUTHFILE_PASSPHRASE_KEY): New key to store passphrase on disk.
(ssl_client_cert_pw_file_first_credentials): Search the auth/ area if we
have cached the ssl client cert passphrase previously.
(ssl_client_cert_pw_file_save_credentials): New function to save client cert
passphrase.
(ssl_client_cert_pw_file_provider): Add the save function.
* subversion/libsvn_ra_neon/session.c
(client_ssl_decrypt_cert): Call svn_auth_save_credentials to save the ssl
client certificate passphrase.
Patch by: stylesen
]]]
Thank You.
--
Senthil Kumaran S
http://www.stylesen.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-08 10:37:53 CEST