Re: dav module and client ssl certificates

[Alexander Larsson <alexl redhat com>]

On Thu, 2006-03-30 at 10:43 -0500, Phillip Susi wrote:
> It seems that the gnome-vfs dav module does not support using client ssl 
> certificates to authenticate with the server.  Instead it only supports 
> server certificates and basic http name/password authentication.
> 
> If this is indeed the case, then I would like to start some discussion 
> on implementing support for client certificates.  It seems that what is 
> needed is something like they keyring or ssh-agent where gnome-vfs can 
> request a certificate from to connect to the server, and the daemon 
> would prompt the user for their certificate password to decrypt it if 
> this has not been done recently, then supply it to gnome-vfs.
> 
> Is this existing keyring service capable of handling a x.509 certificate 
> instead of name/password plain text pairs?  If so, then would it be 
> somewhat easy to patch gnome-vfs to ask it for a client certificate and 
> pass it to neon ( it does use neon right? )?

You are correct. We don't handle any of this, and we should. However,
none of our infrastructure handles this either. Evolution uses mozilla
NSS for this i think, but with its own directory for certificates. We
really should have a desktop-wide way of handling certificates that
shares certificates between apps and works in multiple apps at the same
time without locking problems. 

I don't know if anyone is working on this atm, although i know i have
heard mumblings inside redhat about making NSS do this.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a suicidal native American cowboy from the 'hood. She's a cynical 
hypochondriac opera singer who can talk to animals. They fight crime!