> -----Original Message-----
> From: cmpilato_at_apache.org [mailto:cmpilato_at_apache.org]
> Sent: vrijdag 7 september 2012 15:53
> To: commits_at_subversion.apache.org
> Subject: svn commit: r1382028 - in /subversion/trunk/subversion:
> include/svn_config.h libsvn_subr/cmdline.c libsvn_subr/config_file.c
>
> Author: cmpilato
> Date: Fri Sep 7 13:53:05 2012
> New Revision: 1382028
>
> URL: http://svn.apache.org/viewvc?rev=1382028&view=rev
> Log:
> Finish issue #2410 ("Allow client to avoid SSL certificate prompts").
> This adds a runtime configuration knob for explicitly enabling and
> disabling the client certificate path prompt provider.
>
> * subversion/include/svn_config.h
> (SVN_CONFIG_OPTION_SSL_CLIENT_CERT_FILE_PROMPT): New #define.
>
> * subversion/libsvn_subr/config_file.c
> (svn_config_ensure): Add configuration templatry for the new
> 'ssl-client-cert-file-prompt' option.
>
> * subversion/libsvn_subr/cmdline.c
> (svn_cmdline_create_auth_baton): Check the runtime configuration to
> see if we're allowed to prompt for client certificate paths, and
> add the provider which does so only if that is, in fact, allowed.
>
> NOTE: I don't know if "templatry" (used above) is a real word or not,
> but I rather like it. -- cmpilato
>
> Patch by: kfogel
> (Tweaked by me.)
Nice patch.
Can you add a note to the release notes to tell that this changes the default behavior?
We always used the prompt before this patch, while the new default behavior is not to prompt.
The new default is (to me) a much better default. You don't want to provide a filename every time.
Are you also looking into steveking's request to allow returning in-memory certificates without using a tempfile?
Bert
Received on 2012-09-07 15:59:43 CEST