Re: Review requested on issue #2410 (SSL client certs option)

"Mark Phippard" <markphip_at_gmail.com> writes:
> So in the end, in terms of implementation, what is Joe suggesting? It
> sounds like he'd expect anyone using client certs to configure them in
> the servers file? And we should just not prompt for a certificate and
> instead error out if one is required but not configured?

I think Joe is proposing a new boolean client-side config option in the
'servers' file:

   # Prompt for path to client cert file when server requires a client
   # cert but none could be found in the default location(s). Off by
   # default.
   # ssl-client-cert-prompt = no

I presume we'd list it in the [global] section, and it would also be
valid in a server-specific section, where it would behave in the usual
way (i.e., override the global).

> I am not sure if that is better or worse. What I do think is
> important is that Senthil's patch to allow the passphrase for the
> client certificate to be cached like we cache passwords. We have a
> customer that is eager to get this feature.

Which patch is that? (It's not in issue #2410, AFAICT.)

I think it's not necessarily related to what Joe is talking about,
because finding a client cert and caching the password for it (if any)
are two different things. But there could be some interaction I'm not
understanding here.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-06-30 02:48:51 CEST