[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Compiling with capieng enabled for smart card authentication

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Thu, 16 Apr 2009 21:56:17 +0200

webpost_at_tigris.org wrote:
>> Can you describe what exactly is different between those versions?
> Are you referring to the TortoiseSVN version or the OpenSSL version?

I'm referring to the behavior you see. In 1.5.5, I guess you'll get a
dialog? What happens in 1.6? No dialog? A dialog but smartcard doesn't
work? ?

> And the answer to both questions from me is "I don't know". That is what I am trying to figure out so that I can successfully compile a version that works with CAC authentication. I was hoping that it would be as simple as setting the three config arguments:
> <arg value="enable-capieng" />
> <arg value="-DOPENSSL_SSL​_CLIENT_ENGINE_AUTO=​capi" />
> <arg value="-DOPENSSL_CAP​IENG_DIALOG" />
> in the OpenSSL.build file, but it doesn't look like I am that lucky. I know that in TortoiseSVN a lot has changed between version 1.5.5 and version 1.6.0. I was hoping someone could easily tell me that, "Oh, that functionality no longer exists in version 1.6.0 and we are never going back" In which case, I would tell my customers that they have to install version 1.5.5 and they never get to update to a newer version of TortoiseSVN. Or, tell me that I am just missing a crucial configuration option that will display the "OpenSSL Application SSL Client Certificate" dialog. I was really hoping that I could easily modify some configuration files to get CAC authentication working for any future release of TortoiseSVN, that way I can take advantage of new features and bug fixes of not only TortoiseSVN, but also of OpenSSL.
>> Also, the reason I had to deactivate this is that it's not really
>> implemented in Subversion and therefor the default handling of OpenSSL
>> doesn't work as you might expect...
> Does this mean that there is more than just a configuration option for making CAC authentication happen in new releases of TortosieSVN? If so, is it something that can easily be added back into the code base so that a configuration option can be set to compile this functionality? I would be willing to help with this if someone could help me in the right direction. It obviously worked in version 1.5.5, but I do not have any knowledge of the TortoiseSVN software and do not want to waste a lot of time searching for a needle in the haystack.

Well, the whole capi stuff if used right should be implemented in svn
(serf and/or neon to be exact). The option OPENSSL_CAP​IENG_DIALOG is
merely a workaround for apps that don't implement capi themselves. For
example, svn would show its own dialogs instead of the default ones
built in openssl and allow the user to 'save' the selected certificate
so the dialog doesn't pop up for every connection.

But other than that, it should work the same in 1.6 as it did in 1.5.5 -
there were no changes in TSVN and/or svn which would change that (at
least not that I'm aware of).


  oo  // \\      "De Chelonian Mobile"
 (_,\/ \_/ \     TortoiseSVN
   \ \_/_\_/>    The coolest Interface to (Sub)Version Control
   /_/   \_\     http://tortoisesvn.net
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].

Received on 2009-04-16 21:56:38 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.