From owner-freebsd-pkg@FreeBSD.ORG Mon Jan 19 12:58:18 2015 Return-Path: Delivered-To: pkg@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 343D5A10; Mon, 19 Jan 2015 12:58:18 +0000 (UTC) Received: from MXMEG6.TechMahindra.com (mxmeg10.techmahindra.com [203.143.186.188]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.TechMahindra.com", Issuer "DigiCert High Assurance CA-3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id F1DCA907; Mon, 19 Jan 2015 12:58:14 +0000 (UTC) Received: from NODEXCHMBX001.TechMahindra.com (unknown [10.13.0.153]) by MXMEG6.TechMahindra.com with smtp (TLS: TLSv1/SSLv3,256bits,AES256-SHA) id 4311_bccc_aa11608c_d396_41cc_9fa9_b1d1aa8e2d5c; Mon, 19 Jan 2015 18:14:14 +0530 Received: from NODEXCHMBX003.TechMahindra.com (10.13.0.156) by NODEXCHMBX001.TechMahindra.com (10.13.0.153) with Microsoft SMTP Server (TLS) id 15.0.847.32; Mon, 19 Jan 2015 18:14:55 +0530 Received: from NODEXCHMBX003.TechMahindra.com ([fe80::f159:b7fa:6569:c930]) by NODEXCHMBX003.TechMahindra.com ([fe80::f159:b7fa:6569:c930%15]) with mapi id 15.00.0847.030; Mon, 19 Jan 2015 18:14:55 +0530 From: Mohit Hasija To: Baptiste Daroussin , "pkg@freebsd.org" Subject: RE: Please help regarding usage of client certifcates with pkg command used on freeBSD Thread-Topic: Please help regarding usage of client certifcates with pkg command used on freeBSD Thread-Index: AQHQJZDkv5fvscECTkOWDEmZvyynhZzHCO0AgAB1S00= Date: Mon, 19 Jan 2015 12:44:54 +0000 Message-ID: <005efbaf6e8a4d6fa6800a5e25383d26@NODEXCHMBX003.TechMahindra.com> References: , <9ad51442a3c72408e067ef1d1af8ee6e@mail.etoilebsd.net> In-Reply-To: <9ad51442a3c72408e067ef1d1af8ee6e@mail.etoilebsd.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.13.163.10] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-NAIMIME-Disclaimer: 1 X-NAIMIME-Modified: 1 X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2015 12:58:18 -0000 Dear Baptiste, we have found from the pkg source code that the environment variables SSL= _CLIENT_CERT_FILE and SSL_CLIENT_KEY_FILE are required to be set before u= sing client certificates with pkg. In order to automate the setting of environment variables, before pkg beg= ins https authentication with a remote repository server, we decided to u= se plugins feature of pkg.We decided to write a callback function that wo= uld be called at appropriate time and set the environment variables. However, after much R&D, we could not find any HOOK that could be used to= register a callback function, which could be called before https authent= ication takes place. Hence, we have decided to use pkg_plugin_init() function for setting the = environment variables.This function is called every time a pkg command is= executed and hence we can set the environment variables.In pkg_plugin_sh= utdown() function, we can remove the environment variables. Please suggest any better method to set the environment variables or prov= ide your feedback on our approach. regards Mohit Hasija Mobile No.: +91-9958302266 ________________________________________ From: Baptiste Daroussin on behalf of Bapt= iste Daroussin Sent: Monday, January 19, 2015 4:37 PM To: Mohit Hasija; portmgr@FreeBSD.org Cc: pkg@freebsd.org Subject: Re: Please help regarding usage of client certifcates with pkg c= ommand used on freeBSD January 1 2015 8:09 AM, "Mohit Hasija" wrot= e: > Dear Pkg port Manager, > > We intend to use client certificates for https authentication during re= treival of a package from a > custom repository built at remote location. > > We want to know the following: > > 1.Is there inbuilt support for usage of client certifcates with "pkg" c= omamnd on freeBSD 10.1 > release? > > In case Yes, how can we use the client certifcates with pkg on freeBSD? > > In case No, how can we add support to pkg with minimal effrts for using= client certifcates? > > Awaiting an early reply... > > regards > > Mohit Hasija > Mobile No.: +91-9958302266 pkg(8) is using libfetch to handle http(s) and I'm not sure libfetch does= support such feature. Adding such feature to libfetch would be great but that would also means = it will not find its way to FreeBSD 10.1 as FreeBSD 10.1 is already relea= sed. FYI: I added pkg@FreeBSD.org to CC as it is the right list to discuss suc= h things. Best regards, Bapt =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D Disclaimer: This message and the information contained herein is proprie= tary and confidential and subject to the Tech Mahindra policy statement, = you may review the policy at http://www.techmahindra.com/Disclaimer.html = externally http://tim.techmahindra.com/tim/disclaimer.html internally wit= hin TechMahindra.=0D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0D