Re: svn client & smartcard certificates
From: Joe Orton <jorton_at_redhat.com>
Date: Fri, 28 Mar 2008 09:26:59 +0000
Per Karl's mail, following up to users@.
On Thu, Mar 27, 2008 at 04:10:21PM -0400, Van Deman, Quint CTR US USJFCOM J7 wrote:
...and also yes, the code for using smartcards is present in the
Notably: if you have multiple tokens made available by the PKCS#11
Getting it working requires some effort; you need all of:
1) pakchois from http://www.manyfish.co.uk/pakchois/, set up to find the
So, for example, if you have the CoolKey PKCS#11 provider installed at
1) Build pakchois:
./configure --enable-module-path=/usr/lib/pkcs11 --prefix=/usr/local/pkcs11
*** very important that pakchois is configured to look in the right
2) Build GnuTLS 2.x:
./configure --prefix=/usr/local/pkcs11
3) Build neon 0.28.2:
./configure --prefix=/usr/local/pkcs11 --enable-shared \
*** check for this line in the configure output: ***
configure: using pakchois for PKCS11 support
*** if not present, neon will not have PKCS#11 support ***
make && make install
4) Build Subversion 1.5.0 alpha2:
./configure --with-neon=/usr/local/pkcs11
This should result in a Subversion build with working PKCS#11 support.
To configure use of the CoolKey provider, you'd then need to add:
ssl-pkcs11-provider = coolkey
at the appropriate place in ~/.subversion/servers. You could add it in
[groups]
[cac]
That should be it. When you try to use an SSL server which requests a
I'd be very interested in hearing about whether this works for the CAC
Regards,
joe
---------------------------------------------------------------------
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.