[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Undocumented: ssl-pkcs11-provider - What is a «Security Provider»?

From: Lieven Govaerts <svnlgo_at_mobsol.be>
Date: Mon, 27 Aug 2012 08:27:40 +0200

On Sat, Aug 25, 2012 at 6:35 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
> += dev@, please drop users@ from replies
> Marc Wäckerlin wrote on Wed, Aug 22, 2012 at 09:27:14 +0200:
>> Hi
>> I got a proprietary PKCS#11 library (for Post SuisseID smartcard) in
>> /usr/lib/libcvP11.so.
>> There is a configuration option «ssl-pkcs11-provider» in ~/.subversion/servers.
>> But it is absolutely undocumented what this option is, even google doesn't find
>> anything useful. The only documentation is: «Name of PKCS#11 provider to use».
>> How is the «Name of PKCS#11 provider» defined? It is *not* the name of the
>> PKCS#11 library, so what is it?
> If you build svn against neon 0.28 or greater, the value of that option
> is passed is passed to ne_ssl_pkcs11_provider_init():
> https://svn.apache.org/repos/asf/subversion/branches/1.7.x/subversion/libsvn_ra_neon/session.c
> However, current trunk no longer uses the ssl-pkcs11-provider option,
> but still generates a config file that documents it. (The option was
> originally added in r869495(r29421) by jorton for libsvn_ra_neon.
> (Marc: libsvn_ra_neon is no longer supported in trunk/1.8-to-be; only
> libsvn_ra_serf will be available for http/https access.))
> We should at least update the config file that trunk generates. We
> might want to teach libsvn_ra_serf to support that config option (for
> compatibility reasons).

This feature is currently missing from serf:

I have this on my todo list somewhere, but currently working on other
serf-ssl related stuff.


Received on 2012-08-27 08:28:46 CEST

This is an archived mail posted to the Subversion Dev mailing list.