[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Windows Certificate Store / OpenSSL CAPI

From: Gero Kuehn <tigrisorg.filter_at_gkware.com>
Date: Fri, 14 Oct 2011 16:03:12 -0700 (PDT)

Hello Stefan !
> For reasons I do not intend to discuss here, I do
> not want to change this in TSVN.

There is no reason to be offended. I only wanted to avoid the usual flamewars.

My list of reasons includes:
- the windows certificate store does not backup very well (=at all) using our current system
- Internet explorer should not have access to the same certificates as my SVN client
- it is a standard target for trojans/virus software (stealing keys)
- I do not trust the Windows Cryptography APIs at all (you asked for it)
- I need to change certificates frequently (to ones with less privileges) to test per-directory access controls before releasing these new certificates to the intended recipient(s)

Especially the last one is the real issue for me because automatic certificate selections and the GUIs require significantly more time to change/reconfigure than the previous file solution.

> edit the servers file in %APPDATA%\Subversion and configure your p12
file there.

Thanks for the hint.... seriously.

But due to your friendly response, let me make one thing clear for you: I appreciate what you do, but before posting here, I have spent quite some time searching for any kind of information about this issue. Finding out that this is an openssl "feature" and not something caused by TSVN directly was by far the hardest part. The documentation I saw did NOT point me into that direction.

1.7 is only a few days old and I doubt that I am the only one having issues with that supposedly perfect design change. Unless these users find this topic... enjoy the "feedback" wave rolling into your direction.



To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-10-15 01:03:18 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.