A summary in order to conclude this thread and clarify the ramifications. Basically, CAPI for client certificate is rapidly becoming obsolete and should perhaps be disabled by default in an upcoming release? Given that Subversion 1.14 might be an LTS, it could be a suitable time to disable CAPI starting with TSVN 1.14.
The technical background is explained in the below OpenSSL issue. Client certificates via OpenSSL CAPI does not work when the server supports TLS 1.2 or 1.3 (the server must be reverted to TLS 1.1). There are no plans to address this in the OpenSSL project. https://github.com/openssl/openssl/issues/8872 I am working on replacing CAPI with a web page that guides users through the process of storing the cert and passphrase in the Subversion auth cache. I will start a separate thread related to some challenges there. Thanks, Thomas Å. -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/7a2e393c-9cb0-4e31-bbca-53b036688731%40googlegroups.com.
