[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: AW: CommitMonitor: Problem with client certificate authentication

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: Fri, 19 Feb 2016 15:22:09 +0100

On 19.02.2016 09:36, Stahn Roland wrote:
> Hi Stefan,
>
> thanks for the reply.
>
> Actually I have only a single client certificate installed. When it is present,
> CM will throw the mentioned error message while TSVN works fine.
> Using SysInternals Process Monitor I can see, that CM indeed is accessing
> the Windows storage only. On the other hand, if I remove that certificate
> from the Windows storage, CM is loading the certificate from disc storage
> as configured in the "servers" file. For some reason in this case the
> SSL connecting is successfully established. Are there any differences
> between a certificate loaded directly from a .p12 file and the very same
> certificate imported into the Windows storage?

I'm guessing that the certificate in the windows storage is not
*exactly* the same as the .p12 one you specify in the servers config
file, otherwise it would work.

Also: the certificate in the windows storage always takes precedence
over the one specified in the servers file: the windows storage one is
used by openssl directly, before the svn lib even gets a chance to do
the authentication.

You can disable the use of the windows storage certificate using the
registry key:

HKCU\Software\TortoiseSVN\OpenSSLCAPI

create this DWORD value and then set it to 0.

> Is there a way to force CM to ignore the windows storage?
> Unfortunately the certificate needs to be there in order to access some
> other (non-SVN) HTTP based services using a web browser.

The same registry key is also used by CM.

Stefan

-- 
        ___
   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest interface to (Sub)version control
    /_/   \_\     http://tortoisesvn.net
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3161711
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-02-19 15:22:03 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.