SSL client certificate from Windows certificate store
From: Thomas Åkesson <thomas_at_akesson.cc>
Date: Tue, 8 Nov 2016 12:48:07 +0100
Hello,
Since a few years it is possible to import a client certificate into the Windows / IE certificate store called “Personal”. In most cases TortoiseSVN and the bundled command line tools will correctly find a suitable client certificate if found in the Windows certificate store. I am confident that the decision is made using the hints that the https server provides during the handshake (what openssl displays as “Acceptable client certificate CA names”).
I am investigating an issue where, in rare cases, the correct certificate is not presented to the server despite being available in the Windows Personal certificate store. The same certificate works on other servers which leads me to believe it is related to the order or exact content of “Acceptable client certificate CA names”.
I will continue investigation until it is fully isolated. What I need help with is a pointer to which code interacts with Windows Personal certificate store and makes the decision to present a certificate?
- I have looked at the TSVN code base without finding anything. Have I missed it?
To be clear, I am fully aware of the ability to configure client cert in servers file. We used that historically (cumbersome with non-techie uses).
Thanks in advance,
------------------------------------------------------
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
|
This is an archived mail posted to the TortoiseSVN Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.