[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Support for CryptoAPI

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Tue, 30 Sep 2008 19:02:21 +0200

marcus wrote:
> Hi.
>
> I posted this to the users group bu perhaps this is a better place for
> this discussion:
>
> I work for a company called Logica and we sponsored the development
> work of adding CryptoAPI-support to OpenSSL. This is a cool feature
> since this enables applications like for example TortoiseSVN to make
> use of hard/soft certificates (smartcards etc) to authenticate on a
> Subversion server.
>
> However, this is not enabled by default in the OpenSSL library. To
> enable it you specify 'enable-capieng' at compile time. From what I
> understand TortoiseSVN comes statically linked with OpenSSL. It would
> be a really nice feature if you would consider enabling the CryptoAPI
> engine for your upcomming release of TortoiseSVN.
>
> You won't need to do any other changes to your application. If
> TortoiseSVN tries to access a SVN repository (https) requiring a
> specific certificate you will be prompted by a dialog asking you what
> certificate to use from the Microsoft Certificate Store. This is all
> taken care of by the underlaying OpenSSL library.
>
> You can have OpenSSL to automatically pick the server requested
> certificate from the store and only prompt you if you have several
> certificates matching the server request. To do this you just add
>
> -DOPENSSL_SSL_CLIENT_ENGINE_AUTO=capi
>
> at compile time.
>
> Please consider this carefully since this is a killer feature among
> versioncontrol system. I can't think of another versioning system
> offering 2-phase-logins using hard certificates. It won't affect the
> current functionality and you don't have to add any application
> specific preferences.
>
> This feature is bundled in the latest release of OpenSSL (stable)
> 0.9.8i. Below is a snippet from OpenSSL change log:
>
> <snip>
> *) Expand ENGINE to support engine supplied SSL client certificate
> functions.
> This work was sponsored by Logica.
> [Steve Henson]
>
> *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in
> Windows
> keystores. Support for SSL/TLS client authentication too.
> Not compiled unless enable-capieng specified to Configure.
> This work was sponsored by Logica.
> [Steve Henson]
> </snip>

Changed the build in r14151.

Stefan

-- 
       ___
  oo  // \\      "De Chelonian Mobile"
 (_,\/ \_/ \     TortoiseSVN
   \ \_/_\_/>    The coolest Interface to (Sub)Version Control
   /_/   \_\     http://tortoisesvn.net

Received on 2008-09-30 19:02:46 CEST

This is an archived mail posted to the TortoiseSVN Dev mailing list.