On 04/13/17 06:17, Ryan Dingman wrote: > Its strange that this thread is coming up now because I’ve been working on a > patch to implement #4 for the past couple of weeks. My motivation for doing > so was to have integration with the macOS Keychain and gain the ability to > pull client certificates from it rather than having to load them from a PEM > file on disk.
I'm all for idiomatic approaches. That said: - Will it work without a gui (i.e. when you log in via ssh, will you be able to access the private key from the keystore without entering your password on a desktop prompt)? - Compatibility with "use PEM file on disk" needs to be retained on Mac. I have scripted build systems which run on NetBSD, macOS and Linux which clone repositories using client certificates. These scripts quickly become a pain to maintain when there are too many differences between the platforms. [---] > I need to do a bit more testing, but if there is community interest, I’d be > happy to accelerate my plans and submit a patch to Dr. Hipp soon. There's definitely interest. In the original client certificate support for fossil, there was one extra level of indirection; instead of pointing out a file, one used a symbolic name (which would point to a file in the "PEM in disk" case), but the idea was that this could be used to point to other locations, such as an entry in a keychain. I'm curious to see how your solution works with regards to client certificates/keys. -- Kind regards, Jan Danielsson _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
