subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Number Cruncher <number.crunc...@ntlworld.com>
Subject Re: Unable to save client certificate password in any password store
Date Fri, 06 Jun 2014 12:51:11 GMT
On 06/06/14 12:05, Philip Martin wrote:
> Number Cruncher <number.cruncher@ntlworld.com> writes:
>
>> I'm running a Subversion 1.8.9 build for Fedora 20 and have been
>> struggling for a day to get Subversion to save my PKCS12 certificate
>> file password in any store. I've not had any problems with earlier
>> Subversion (e.g. running 1.6.18 on F16 with kwallet).
>> I've tried setting breakpoints on svn_auth_save_credentials but it
>> never seems to be called.
> This is a regression introduced in 1.8.  In 1.7 libsvn_ra_neon handled
> the certificate decryption and would save a working passphrase.  In 1.8
> libsvn_ra_serf no longer handles the certificate decryption directly, it
> now happens in serf, and there is no code for Subversion to save the
> passphrase.
>
> I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4509
>
Thanks; I thought I was going mad. Is building against neon still supported?

Given what you told me, I was able to find a workaround and manual 
create the password store:
1) .subversion/config: [auth] section set to "password-stores = kwallet"
2) Run "kwalletmanager", open kwallet via "system tray"
3) Open default wallet and create new top-level "Subversion" folder 
(alongside Form Data, Passwords)
4) Select "Passwords" within Subversion folder and create new one with 
key "@" + path_to_p12, e.g. "@/home/nc/nc.p12"
5) Type in password into kwallet for this key

Watch where svn is trying to retrieve the data from "strace -e 
trace=lstat svn ls http://...." e.g. reveals 
/home/nc/.subversion/auth/svn.ssl.client-passphrase/345983d745d98273c095e872a09"

Populate this "345983d745d98273c095e872a09" file with e.g.:
K 15
svn:realmstring
V 45
/home/nc/nc.p12
END

This might help someone in the meantime. Note that my username is 
derived from the certificate common name, otherwise I think you need 
"Username@" as the password key.

Simon





Mime
View raw message