[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Looking for config option to stop use of CryptoAPI (TSVN 1.7.1)

From: Joel Jirak <joel_at_jirak.us>
Date: Wed, 26 Oct 2011 12:53:10 -0400

On Tue, Oct 25, 2011 at 4:25 PM, Stefan Küng <tortoisesvn_at_gmail.com> wrote:
> On 25.10.2011 21:58, Joel Jirak wrote:
>> Hello,
>>
>> There's been a change of behavior that I see when upgrading from 1.6.x
>> to 1.7.1.  It looks like Tortoise is now built with access to MS
>> CryptoAPI enabled in OpenSSL.  (Not sure if this is the exact right
>> technical description, but perhaps you know what I mean.)  This is
>> causing a a popup from my smart card software for almost any SVN
>> operation.  For example, when browsing to a repository, I have to hit
>> cancel 4 times, until it falls back to using the cert file that I
>> configured in my servers file.  It's the same behavior I described
>> here:  http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=92849.
>>   Unfortunately, my company requires me to use the smart card software,
>> so uninstalling it is not an option.
>>
>> Is there any way to work around this behavior so that TortoiseSVN uses
>> just what's configured in the servers file and doesn't cause popups
>> from accessing the MS certificate store?   Perhaps a configuration
>> option that would disable it?  I couldn't find anything in the help or
>> in the advanced options that seemed relevant.
>>
>> Thank you for considering the matter.  I've been looking forward to
>> upgrading to 1.7.x and hope I'm not forced to stay with 1.6.x.
>
> You shouldn't get any dialogs if you've configured the certificate in
> the servers file.
> What kind of dialogs do pop up for you?
>

It's a dialog reading "Please insert smart card". Unfortunately, I
forgot my smart card at home, so I can't tell you yet what happens if
I insert it. I'll try this tomorrow. (Almost no one here a work
brings there smart card into the office. It's only used for remote
access.)

In the meantime, here's the most interesting stack trace of all the
active threads when this is going on:

ntkrnlpa.exe!KiUnexpectedInterrupt+0x121
ntkrnlpa.exe!ZwYieldExecution+0x1c98
ntkrnlpa.exe!ZwYieldExecution+0x257a
ntkrnlpa.exe!NtWriteFile+0x2af0
ntkrnlpa.exe!NtReadFile+0x55d
ntkrnlpa.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb74
ntdll.dll!KiFastSystemCallRet
WinSCard.dll!SCardLocateCardsW+0x60b7
WinSCard.dll!SCardLocateCardsW+0x5e47
WinSCard.dll!SCardLocateCardsW+0x198e
WinSCard.dll!SCardLocateCardsW+0x28d9
WinSCard.dll!SCardGetStatusChangeW+0xda
SCARDDLG.dll+0x2a7a
MFC42u.DLL!Ordinal2248+0x1ca
msvcrt.dll!endthreadex+0xa9
kernel32.dll!GetModuleFileNameA+0x1ba

My best guess is that Tortoise asks Windows for the list of
certificates. Then, since the smart card software has registered
itself as a provider of certificates, in the process of generating
that list, this smart card dialog pops up because the private key
associated with the cert is actually stored on the the card itself.
Just speculating here. . .

Thanks,

Joel

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2864346

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-10-26 18:53:19 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.