Don't know exactly what will be the problem if using such a
configuration.
I mean, if I have more than one certificate from a matching CA in my
keystore or my smartcard, it needs to popup to select the right
certificate, how sould I select the right certificate otherwise?
And how I understand it, if only one matching certificate is on the
card or in the keystore, it selects automatically the right one.
And if the Apache on the server doesn't request a client certificate,
there will be no popup for a certificate, am I right?
Do I miss something, because I don't know what will be the wrong or
maybe a better behaviour than in this presentated solution?
Greets
Christoph
On 29 Mrz., 19:44, Stefan Küng <tortoise..._at_gmail.com> wrote:
> On 29.03.2010 13:21, Markus Oberlassnig wrote:
>
>
>
>
>
> >> I'm not sure, if you have understood me correct.
> >> It does not matter how many certificate the user has in his CA store.
> >> It only pops up, if the user has more than one private certificate
> >> matching to the CA certificate of the server in his private
> >> certificate store.
>
> >> So, what are the requirement, that it pops up:
> >> 1) Server requests a client certificate (for CA xy)
> >> 2) There is more than one matching certificate in my private keystore
> >> (matching means: the private key is issued by the CA xy)
>
> > ***Correction of my previous entry***
> > So, what happens if i don't have such a private certificate in my
> > keysore.
> > Then it pops up for the certificate file.
>
> > If CAPI is not enabled it pops up for the certificate file and there
> > is no possibility to read the certificate from the smartcard (if my
> > organisation has planned to put the certificate on a smart card and it
> > is not allowed to export from there).
>
> I know that it doesn't work if you use smartcards. But that's always
> been that way and won't break the compatibility. However, having a
> dialog suddenly pop up every time a repo is accessed is a major
> incompatibility.
>
> I'm not sure though why someone would have two or more private
> certificates matching the CA certificate on the server. Would that be a
> buggy configuration? Or is it sometimes necessary to have more than one?
>
> Stefan
>
> --
> ___
> oo // \\ "De Chelonian Mobile"
> (_,\/ \_/ \ TortoiseSVN
> \ \_/_\_/> The coolest Interface to (Sub)Version Control
> /_/ \_\ http://tortoisesvn.net
>
> ------------------------------------------------------http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessa...
>
> To unsubscribe from this discussion, e-mail: [dev-unsubscr..._at_tortoisesvn.tigris.org].- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=757&dsMessageId=2467025
To unsubscribe from this discussion, e-mail: [dev-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2010-03-30 09:39:27 CEST