[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SSL client certificate from Windows certificate store

From: Thomas Åkesson <thomas_at_akesson.cc>
Date: Tue, 8 Nov 2016 18:23:08 +0100

Hello again,

Found that OpenSSL does read the Windows “MY” / Personal store.
 - ./ext/openssl/engines/e_capi.c
 - There is also e_capi.patch.
 - Hash of the complete acceptable CA list is stored in the registry key “HKEY_CURRENT_USER\Software\TortoiseSVN\CAPIAuthz”.
 - Found code that compares the certificate with STACK_OF(X509_NAME) which is likely the CA hint from the server.

The code looks good, unable to find anything obvious.

I have servers on both Apache 2.2 and 2.4. I also have certificates issued from the same CA but with different intermediates, different depth actually (2 vs 3).

The only combination that does not work is the certificate with depth 3 against Apache 2.4 when the certificate is in the Windows certificate store. Using the same p12 file configured in servers file works fine against Apache 2.4.

Kind of odd.

/Thomas Å.

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3193130

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-11-08 18:23:20 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.