[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Undocumented: ssl-pkcs11-provider - What is a «Security Provider»?

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 25 Aug 2012 17:35:50 +0100

+= dev@, please drop users@ from replies

Marc Wäckerlin wrote on Wed, Aug 22, 2012 at 09:27:14 +0200:
> Hi
>
> I got a proprietary PKCS#11 library (for Post SuisseID smartcard) in
> /usr/lib/libcvP11.so.
>
> There is a configuration option «ssl-pkcs11-provider» in ~/.subversion/servers.
>
> But it is absolutely undocumented what this option is, even google doesn't find
> anything useful. The only documentation is: «Name of PKCS#11 provider to use».
>
> How is the «Name of PKCS#11 provider» defined? It is *not* the name of the
> PKCS#11 library, so what is it?
>

If you build svn against neon 0.28 or greater, the value of that option
is passed is passed to ne_ssl_pkcs11_provider_init():
https://svn.apache.org/repos/asf/subversion/branches/1.7.x/subversion/libsvn_ra_neon/session.c

However, current trunk no longer uses the ssl-pkcs11-provider option,
but still generates a config file that documents it. (The option was
originally added in r869495(r29421) by jorton for libsvn_ra_neon.
(Marc: libsvn_ra_neon is no longer supported in trunk/1.8-to-be; only
libsvn_ra_serf will be available for http/https access.))

We should at least update the config file that trunk generates. We
might want to teach libsvn_ra_serf to support that config option (for
compatibility reasons).

> Everytthing I tried results in «unable to load PKCS#11 provider», e.g.:
>
> user_at_host:~/svn/project$ LANG= svn up
> svn: Invalid config: unable to load PKCS#11 provider '/usr/lib/libcvP11.so'
> user_at_host:~/svn/project$ ls -l /usr/lib/libcvP11.so
> -rwxr-xr-x 1 root root 5279688 Jul 6 14:30 /usr/lib/libcvP11.so
>
> So:
> - What is the missing link?
> - How to get a PKCS#11 /usr/lib/libcvP11.so library into svn?
> - Could you please add some understandable documentation?
>
>
> Thank you
> Regards
> Marc
Received on 2012-08-25 18:36:29 CEST

This is an archived mail posted to the Subversion Dev mailing list.