[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion and smartcards

From: Mark Phippard <markphip_at_gmail.com>
Date: Tue, 19 Jul 2011 12:07:37 -0400

On Tue, Jul 19, 2011 at 12:04 PM, Echlin, Jamie <
jamie.echlin_at_credit-suisse.com> wrote:

> > It would be best to ask on the TortoiseSVN list so that they could
> tell you definitively
> > I know that the TSVN devs have made some custom patches to OpenSSL to
> resolve this issue of the constant prompting
>
> Thanks Mark. Looks like you are right in that tsvn will support this in
> an upcoming release:
> http://svn.haxx.se/tsvnusers/archive-2011-06/0108.shtml
>
> > Of course when you are using the command line, there is no long lived
> session as there is for a web browser. So each command is a completely
> new session to your server and the prompts will all be repeated
>
> Well yes, but that's also true for basic auth, which is why svn caches
> the credential in encrypted form. Ideally it would also cache the
> certificate selection and PIN (maybe using platform-specific crypto
> storage). Obviously I appreciate that the cert dialog and pin prompt are
> not coming from the svn code and svn has no way of intercepting that. In
> fact I don't even know what the technical challenges are, but it's
> pretty much unusable from the command line client as it is. (At least,
> our users will consider it to be unusable).
>

Ideally the TortoiseSVN team would push their patches and need upstream to
OpenSSL so that it was possible to tell it the cert to use (not sure how the
PIN would be handled). Once that was done, then the Subversion source code
could potentially be modified to use this API as TortoiseSVN did in its
code.

With the current state of the OpenSSL code, it is not possible to tell it
the cert to use when you configure it to use MSCAPI.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
Received on 2011-07-19 18:08:13 CEST

This is an archived mail posted to the Subversion Users mailing list.