Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 36638117E1 for ; Fri, 6 Jun 2014 12:51:39 +0000 (UTC) Received: (qmail 29102 invoked by uid 500); 6 Jun 2014 12:51:38 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 29066 invoked by uid 500); 6 Jun 2014 12:51:38 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 29059 invoked by uid 99); 6 Jun 2014 12:51:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2014 12:51:38 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of number.cruncher@ntlworld.com designates 80.0.253.75 as permitted sender) Received: from [80.0.253.75] (HELO know-smtprelay-omc-11.server.virginmedia.net) (80.0.253.75) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Jun 2014 12:51:34 +0000 Received: from [192.168.10.118] ([90.152.37.212]) by know-smtprelay-11-imp with bizsmtp id B0rC1o0034adw0S010rCse; Fri, 06 Jun 2014 13:51:12 +0100 X-Originating-IP: [90.152.37.212] X-Spam: 0 X-Authority: v=2.1 cv=R7aNGLhX c=1 sm=1 tr=0 a=RgvXtXB4rrN4o3lV87e0Wg==:117 a=RgvXtXB4rrN4o3lV87e0Wg==:17 a=io3-7u_1PykA:10 a=mL46T-6dxaUA:10 a=uObrxnre4hsA:10 a=8nJEP1OIZ-IA:10 a=NLZqzBF-AAAA:8 a=83eZBYsUAAAA:8 a=51AbSZzxDAes9WMngBMA:9 a=AZeWnO19cjWJlL-S:21 a=IHbqPbpqZfjJ0d4U:21 a=wPNLvfGTeEIA:10 a=_dQi-Dcv4p4A:10 Message-ID: <5391B93F.1030101@ntlworld.com> Date: Fri, 06 Jun 2014 13:51:11 +0100 From: Number Cruncher User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 MIME-Version: 1.0 To: users@subversion.apache.org Subject: Re: Unable to save client certificate password in any password store References: <539063BC.4070807@ntlworld.com> <8738fiuwky.fsf@ntlworld.com> In-Reply-To: <8738fiuwky.fsf@ntlworld.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org On 06/06/14 12:05, Philip Martin wrote: > Number Cruncher writes: > >> I'm running a Subversion 1.8.9 build for Fedora 20 and have been >> struggling for a day to get Subversion to save my PKCS12 certificate >> file password in any store. I've not had any problems with earlier >> Subversion (e.g. running 1.6.18 on F16 with kwallet). >> I've tried setting breakpoints on svn_auth_save_credentials but it >> never seems to be called. > This is a regression introduced in 1.8. In 1.7 libsvn_ra_neon handled > the certificate decryption and would save a working passphrase. In 1.8 > libsvn_ra_serf no longer handles the certificate decryption directly, it > now happens in serf, and there is no code for Subversion to save the > passphrase. > > I've raised http://subversion.tigris.org/issues/show_bug.cgi?id=4509 > Thanks; I thought I was going mad. Is building against neon still supported? Given what you told me, I was able to find a workaround and manual create the password store: 1) .subversion/config: [auth] section set to "password-stores = kwallet" 2) Run "kwalletmanager", open kwallet via "system tray" 3) Open default wallet and create new top-level "Subversion" folder (alongside Form Data, Passwords) 4) Select "Passwords" within Subversion folder and create new one with key "@" + path_to_p12, e.g. "@/home/nc/nc.p12" 5) Type in password into kwallet for this key Watch where svn is trying to retrieve the data from "strace -e trace=lstat svn ls http://...." e.g. reveals /home/nc/.subversion/auth/svn.ssl.client-passphrase/345983d745d98273c095e872a09" Populate this "345983d745d98273c095e872a09" file with e.g.: K 15 svn:realmstring V 45 /home/nc/nc.p12 END This might help someone in the meantime. Note that my username is derived from the certificate common name, otherwise I think you need "Username@" as the password key. Simon