+= dev@, please drop users@ from replies Marc Wäckerlin wrote on Wed, Aug 22, 2012 at 09:27:14 +0200: > Hi > > I got a proprietary PKCS#11 library (for Post SuisseID smartcard) in > /usr/lib/libcvP11.so. > > There is a configuration option «ssl-pkcs11-provider» in > ~/.subversion/servers. > > But it is absolutely undocumented what this option is, even google doesn't > find > anything useful. The only documentation is: «Name of PKCS#11 provider to use». > > How is the «Name of PKCS#11 provider» defined? It is *not* the name of the > PKCS#11 library, so what is it? >
If you build svn against neon 0.28 or greater, the value of that option is passed is passed to ne_ssl_pkcs11_provider_init(): https://svn.apache.org/repos/asf/subversion/branches/1.7.x/subversion/libsvn_ra_neon/session.c However, current trunk no longer uses the ssl-pkcs11-provider option, but still generates a config file that documents it. (The option was originally added in r869495(r29421) by jorton for libsvn_ra_neon. (Marc: libsvn_ra_neon is no longer supported in trunk/1.8-to-be; only libsvn_ra_serf will be available for http/https access.)) We should at least update the config file that trunk generates. We might want to teach libsvn_ra_serf to support that config option (for compatibility reasons). > Everytthing I tried results in «unable to load PKCS#11 provider», e.g.: > > user@host:~/svn/project$ LANG= svn up > svn: Invalid config: unable to load PKCS#11 provider '/usr/lib/libcvP11.so' > user@host:~/svn/project$ ls -l /usr/lib/libcvP11.so > -rwxr-xr-x 1 root root 5279688 Jul 6 14:30 /usr/lib/libcvP11.so > > So: > - What is the missing link? > - How to get a PKCS#11 /usr/lib/libcvP11.so library into svn? > - Could you please add some understandable documentation? > > > Thank you > Regards > Marc
