[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TortoiseSVN 1.5.4)

From: Joel Jirak <joel.jirak_at_gmail.com>
Date: Tue, 28 Oct 2008 11:25:50 -0700 (PDT)

Thanks for the quick response! Two questions:

1. What will the behavior be with the cengapi enabled but the cert
store dialog disabled? Will no UI pop up at all?
2. Is there a possible workaround by me using an older openssl DLL
from TortoiseSVN 1.5.3 with the newer TortoiseSVN?

Thanks for your help.

Joel Jirak

On Oct 28, 1:45 pm, Stefan Küng <tortoise..._at_gmail.com> wrote:
> Joel Jirak wrote:
> > At BigCo, Inc., we use a smart card for authentication in certain
> > cases, but not all.
>
> > We access repositories that require a certificate, and a certificate
> > file was specified in our servers file (with ssl-client-cert-file
> > option).   This worked as expected with TortoiseSVN 1.5.3.
>
> > After upgrading to TortoiseSVN 1.5.4, we began to be prompted by the
> > smart card software to pick a certificate (from MS Certificate store,
> > presumably) and to enter our PIN for the smart card.  This is
> > incredibly inconvenient because we have to do it for almost every
> > Subversion operation.  Canceling out of the prompt works because, I
> > presume, it falls back to the servers file settings.  However, having
> > to hit ESC 20 times for every Subversion operation makes TortoiseSVN
> > 1.5.4 unusable.
>
> > The change log for TortoiseSVN 1.5.4 says:  CHG: OpenSSL 0.9.8i with
> > capieng enabled
>
> > I assume this enabling of the CryptoAPI within OpenSSL is the source
> > of our problem.  (Correct me if I'm wrong.)  Is there any way to
> > disable this functionality in the UI or in a config file?  We would
> > like an option to make TortoiseSVN to behave as if there were no smart
> > cards that hook into the CryptoAPI despite the presence of such
> > cards.  (I am speculating about the underlying mechanism here.  I am
> > not quite sure of the details.)
>
> Unfortunately, there's no config option to disable this.
> I've changed the compile time options of our OpenSSL build now to still
> include capieng, but disabled the certificate store selection dialog.
>
> Next release will have this included.
>
> Stefan
>
> --
>        ___
>   oo  // \\      "De Chelonian Mobile"
>  (_,\/ \_/ \     TortoiseSVN
>    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
>    /_/   \_\    http://tortoisesvn.net
>
>  signature.asc
> < 1KViewDownload

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_tortoisesvn.tigris.org
For additional commands, e-mail: users-help_at_tortoisesvn.tigris.org
Received on 2008-10-28 19:28:04 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.