[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: SSL client certificate from Windows certificate store

From: David Balažic <David.Balazic_at_comtrade.com>
Date: Tue, 8 Nov 2016 18:50:08 +0100

Does it work when using IE to access the server?
What is the exact error?

Note that apache requires have the root (topmost) signing CA in its trusted CA list.
Also check the SSLVerifyDepth setting of apache/mod_ssl.

David Balažic
Software Engineer
www.comtrade.com

> -----Original Message-----
> From: Thomas Åkesson [mailto:thomas_at_akesson.cc]
> Sent: 8. November 2016 18:23
> To: users_at_tortoisesvn.tigris.org
> Subject: Re: SSL client certificate from Windows certificate store
>
> Hello again,
>
> Found that OpenSSL does read the Windows “MY” / Personal store.
> - ./ext/openssl/engines/e_capi.c
> - There is also e_capi.patch.
> - Hash of the complete acceptable CA list is stored in the registry key
> “HKEY_CURRENT_USER\Software\TortoiseSVN\CAPIAuthz”.
> - Found code that compares the certificate with STACK_OF(X509_NAME) which
> is likely the CA hint from the server.
>
>
> The code looks good, unable to find anything obvious.
>
> I have servers on both Apache 2.2 and 2.4. I also have certificates issued from
> the same CA but with different intermediates, different depth actually (2 vs 3).
>
> The only combination that does not work is the certificate with depth 3 against
> Apache 2.4 when the certificate is in the Windows certificate store. Using the
> same p12 file configured in servers file works fine against Apache 2.4.
>
> Kind of odd.
>
> /Thomas Å.
>
> ------------------------------------------------------
> http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageI
> d=3193130
>
> To unsubscribe from this discussion, e-mail: [users-
> unsubscribe_at_tortoisesvn.tigris.org].

------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=3193135

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2016-11-08 18:51:01 CET

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.