apache
Add support for OpenSSL3+ URIs (via serf)
-
Adds the config option ssl-client-cert-uri to specify the URI of a certificate store.
-
OpenSSL URIs point at files, or pkcs11 smartcards, or TPMs, or native platform certificate stores.
-
Maintains existing ssl-client-cert-file as fallback.
-
Depends on https://github.com/apache/serf/pull/8
-
Example configuration:
[apachegroup] ssl-trust-default-ca = yes ssl-client-cert-uri = /home/minfrin/.my-cert.p12 ssl-client-cert-password = supersecret
- Smartcard example:
[apachegroup] ssl-trust-default-ca = yes ssl-client-cert-uri = pkcs11:token=Venus%20%28Smartcard%20PIN%29; ssl-client-cert-password-prompt = yes
Please note that the build failures are somewhat expected since the code depends on features from https://github.com/apache/serf/pull/8/. Let's work with Serf to get it merged, it is on my todolist for the weekend to review.
Anyway, we need to protect the code above with #ifdefs if Subversion isn't built with a compatible Serf.
Please note that the build failures are somewhat expected since the code depends on features from apache/serf#8. Let's work with Serf to get it merged, it is on my todolist for the weekend to review.
Anyway, we need to protect the code above with #ifdefs if Subversion isn't built with a compatible Serf.
I think I figured out the magic autoconf and magic cmake to detect the symbol, the builds are both good. The failed builds are all what appear to be unrelated test failures.
https://github.com/apache/serf/pull/8 has landed in serf, this patch should work against trunk.