Re: Client certificates - JavaHL not prompting for file/password?

[Brian Clarke <br...@yahoo.com>]

I'm reposting this thread because Mark and I didn't
get any responses - I'd definitely appreciate any help
related to my original issue or Mark's additional
notes (please see below).  Thanks,
-Brian


> --- Brian Clarke <br...@yahoo.com> wrote:
> 
> > For background, I posted the following to the
> > Subclipse users list and was redirected here after
> > discussion - I'd appreciate any help:
> > 
> > From what I gathered on the Subclipse list, it
> > appears
> > that JavaHL isn't using the prompting mechanisms
> for
> > client certificates and passwords when used with
> > Subclipse. 
> > 
> > If I add both the ssl-client-cert-file and the
> > ssl-client-cert-password (plaintext) to the
> > Subversion
> > 'servers' file, both the 'svn' command-line client
> > and
> > Subclipse succeed in connecting to the repository.
> 
> > Unfortunately, having the plaintext password on
> disk
> > is likely to be unacceptable.
> > 
> > If I leave the ssl-client-cert-password out: a)
> the
> > svn command-line client prompts for the password
> and
> > then succeeds in connecting to the repository,
> while
> > b) Subclipse (Eclipse SVN Repository
> > Perspective->New
> > Repository Location...) doesn't prompt for a
> > password
> > and fails.
> > 
> > In addition, if I leave both
> > ssl-client-cert-{file,password} out of the servers
> > config, the svn client prompts for both the
> > certificate filename and the password, and
> succeeds.
> > 
> > Subclipse doesn't prompt for either, and fails.
> > 
> > Can anyone provide some input to resolve this
> > situation?  Is this a JavaHL issue?
> > 
> > [It'd be fine to configure the client cert file
> > location and have Subclipse prompt the user for
> the
> > password (say once per Eclipse dev "session").]
> > 
> > Thanks,
> > -Brian
> 
> I asked Brian to post this.  I think it is a JavaHL
> bug.  We have 
> registered a prompting interface with JavaHL so that
> we can provide a 
> GUI 
> to prompt the user when needed.  This works for
> normal
> username and 
> password, as well as accepting server certificate. 
> I
> think that JavaHL 
> just needs to be enhanced to use this interface in
> this scenario as 
> well.
> 
> There is also another bug I have posted to this list
> where if we use 
> the 
> Accept Temporary option on a server certificate it
> doesn't really work 
> correctly.  The initial request succeeds, but all
> subsequent requests 
> fail.  Ideally the "accept temporary" would be
> cached
> somewhere, at 
> worst 
> the user would be continually prompted.  Neither
> happens currently.
> 
> Mark




		
____________________________________________________
Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org