[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and smartcards

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 19 Jul 2011 10:26:59 -0400

On Tue, Jul 19, 2011 at 10:22 AM, Echlin, Jamie
<jamie.echlin_at_credit-suisse.com> wrote:

> I am trying to get subversion to work with a smartcard (gemalto
> cryptoflex.net), on Windows. The server-side bit of the setup is correct
> afaik. At least it works in my browser, I am prompted for a certificate
> and then pin.
>
> I am using svn 1.6.15. It looks like I should just specify the pkcs#11
> provider dll, eg:
>
> ssl-pkcs11-provider=gtop11dotnet.dll
>
> I have tried with the full path, and as above (the dll is on the path),
> and without the extension. In all cases I get:
>
> svn: Invalid config: unable to load PKCS#11 provider 'gtop11dotnet.dll'
>
> or similar.
>
> As far as I know the provider is valid, it works as expected with
> Firefox. Is there something else I need to do on Windows? Or do I need a
> customised build of svn where I make it aware of this provider? Or is
> there a MSCAPI provider available, if so what name do I use?
>
> I have searched long and hard on the internet, but nearly all the
> (scarce) information available is related to linux and pakchois.

What are you using for your client binaries? Where did you get them?

You need binaries that are compiled with the proper support for this
from OpenSSL.

The command line client that is provided by CollabNet supports this.
I believe TortoiseSVN supports it (but you might have to set a
registry entry first).

BTW, the OpenSSL approach uses MSCAPI so you get the same GUI prompt
that you get from web browser, and you do not configure anything in
Subversion config files.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2011-07-19 16:27:32 CEST

This is an archived mail posted to the Subversion Users mailing list.