Date: Mon, 19 Jan 2015 12:44:54 +0000 From: Mohit Hasija <MH00122988@TechMahindra.com> To: Baptiste Daroussin <bapt@freebsd.org>, "pkg@freebsd.org" <pkg@freebsd.org> Subject: RE: Please help regarding usage of client certifcates with pkg command used on freeBSD Message-ID: <005efbaf6e8a4d6fa6800a5e25383d26@NODEXCHMBX003.TechMahindra.com> In-Reply-To: <9ad51442a3c72408e067ef1d1af8ee6e@mail.etoilebsd.net> References: <afee7e679b57440a9006c1d5ba6892c1@NODEXCHMBX001.TechMahindra.com>, <9ad51442a3c72408e067ef1d1af8ee6e@mail.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Baptiste, we have found from the pkg source code that the environment variables SSL_CLIENT_CERT_FILE and SSL_CLIENT_KEY_FILE are required to be set before using client certificates with pkg. In order to automate the setting of environment variables, before pkg begins https authentication with a remote repository server, we decided to use plugins feature of pkg.We decided to write a callback function that would be called at appropriate time and set the environment variables. However, after much R&D, we could not find any HOOK that could be used to register a callback function, which could be called before https authentication takes place. Hence, we have decided to use pkg_plugin_init() function for setting the environment variables.This function is called every time a pkg command is executed and hence we can set the environment variables.In pkg_plugin_shutdown() function, we can remove the environment variables. Please suggest any better method to set the environment variables or provide your feedback on our approach. regards Mohit Hasija Mobile No.: +91-9958302266 ________________________________________ From: Baptiste Daroussin <baptiste.daroussin@gmail.com> on behalf of Baptiste Daroussin <bapt@freebsd.org> Sent: Monday, January 19, 2015 4:37 PM To: Mohit Hasija; portmgr@FreeBSD.org Cc: pkg@freebsd.org Subject: Re: Please help regarding usage of client certifcates with pkg command used on freeBSD January 1 2015 8:09 AM, "Mohit Hasija" <mh00122988@techmahindra.com> wrote: > Dear Pkg port Manager, > > We intend to use client certificates for https authentication during retreival of a package from a > custom repository built at remote location. > > We want to know the following: > > 1.Is there inbuilt support for usage of client certifcates with "pkg" comamnd on freeBSD 10.1 > release? > > In case Yes, how can we use the client certifcates with pkg on freeBSD? > > In case No, how can we add support to pkg with minimal effrts for using client certifcates? > > Awaiting an early reply... > > regards > > Mohit Hasija > Mobile No.: +91-9958302266 pkg(8) is using libfetch to handle http(s) and I'm not sure libfetch does support such feature. Adding such feature to libfetch would be great but that would also means it will not find its way to FreeBSD 10.1 as FreeBSD 10.1 is already released. FYI: I added pkg@FreeBSD.org to CC as it is the right list to discuss such things. Best regards, Bapt ============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?005efbaf6e8a4d6fa6800a5e25383d26>