[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

How to use SVN and PKCS#11? [Re: Undocumented: ssl-pkcs11-provider - What is a «Security Provider»?]

From: Marc Wäckerlin <marc_at_waeckerlin.org>
Date: Sat, 25 Aug 2012 23:21:15 +0200

Am Samstag, 25. August 2012, 17.35:50 schrieben Sie:
> += dev@, please drop users@ from replies

It's not a developper question, it's a usage question.
I am asking this as a user.

Sorry, but I don't understand your answer.

I build nothing, I install the packages from the ubuntu repository.

> If you build svn against neon 0.28 or greater, the value of that option
> is passed is passed to ne_ssl_pkcs11_provider_init():
> https://svn.apache.org/repos/asf/subversion/branches/1.7.x/subversion/libsvn
> _ra_neon/session.c

I absolutely do not understand.

You have to specify what at compile time? That's absurd; how should the
package builder know what the users will need? And PKCS#11 libraries are
commonly loaded at runtime using dlopen, so there must surely be a way to
specify a library at runtime?!?

> However, current trunk no longer uses the ssl-pkcs11-provider option,
> but still generates a config file that documents it. (The option was
> originally added in r869495(r29421) by jorton for libsvn_ra_neon.
> (Marc: libsvn_ra_neon is no longer supported in trunk/1.8-to-be; only
> libsvn_ra_serf will be available for http/https access.))

So how is PKCS#11 specified now?

> We should at least update the config file that trunk generates. We
> might want to teach libsvn_ra_serf to support that config option (for
> compatibility reasons).

Again, the question is: How to specify /usr/lib/libcvP11.so (or any other
arbitray library) as PKCS#11 provider?

Does SVN work with PKCS#11 token?
If yes: How? (I mean at runtime.)

Thank you
Regards
Received on 2012-08-25 23:22:01 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.