subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Simpson, Andrew R CIV NSWC Crane, JXSNL" <>
Subject RE: [Non-DoD Source] Re: using pkcs11 (CAC cards) with svn 1.8 and newer
Date Thu, 10 Dec 2015 15:42:12 GMT
Hi Mark,

so to be clear, unless we re-roll the latest subversion clients with pakchois and neon, we're
going to be unable to use pkcs11?  That is a major issue for linux development in the DoD.
 I will also need to contact RedHat to see what their plans are, but RHEL 6 is still stuck
at 1.6.

I can still use svn 1.6 and 1.7 with the newer subversion server.  However, we have been seeing
timeout issues when checking out of repositories and other quirks.  Otherwise, yes, it does
work with PKCS 11.  the subversion provider has updated to 1.8 or 1.9 (can't remember).  Since
then, we have been experiencing issues with these timeouts every 5-12 minutes of a checkout.

From: Mark Phippard []
Sent: Thursday, December 10, 2015 10:18 AM
To: Simpson, Andrew R CIV NSWC Crane, JXSNL
Subject: [Non-DoD Source] Re: using pkcs11 (CAC cards) with svn 1.8 and newer

On Thu, Dec 10, 2015 at 9:34 AM, Simpson, Andrew R CIV NSWC Crane, JXSNL <<>>
I have been using svn 1.6 and 1.7 with PKCS11 Smart Cards for many years.  with the removal
of NEON from svn 1.8 and newer, I have been unable to use svn with pkcs11 certs/cards at all
using RHEL 6.X.  is there some configuration option that I'm missing?

I do not believe Serf has any support for this.  Even with Neon on Linux I believe it required
a custom build involving the pakchois library.  On Windows, the pkcs11 support still works
for Serf, but that is because it is provided via OpenSSL compile options that leverage the
Windows support for smart cards.  There is nothing similar on Linux.

does anyone know if it even works?  It's a huge issue considering that our subversion server
provider has updated to svn 1.9x and now the older clients don't play nice.

I would like to hear more details on this as it should not be true.  Any SVN client version
should work properly with a SVN 1.9 server.  You should still be able to use 1.6 and 1.7 clients
without any problems at all. There were no features added in SVN 1.9 that require a 1.9 client
AND server:


Mark Phippard

View raw message