On Thu, May 24, 2012, CASTELLUCCI, BEN CIV DFAS wrote: > Greetings. > > Applications that make use of OpenSSL and deal with smart cards prompt > the user to select a client certificate to use via a modal popup dialog > window when there is more than one client certificate in the store that > would satisfy the request. There does not seem to be a way to 'cache' > the choice. Since the choice is not 'remembered' the user is continually > prompted during back-to-back operations that require the client > certificate. A pkcs11-enabled version control client (Subversion) is a > good example. A simple commit may produce a half-dozen or more prompts. > > Is there currently a way to 'remember' the decision? > > Let me know any thoughts. >
I'd assume this is a reference to the OpenSSL CryptoAPI ENGINE which can throw a modal dialog box to select certificates if compiled with certain options. If it is the same instance of the same application then this shouldn't happen as the server should cache the session and not require signing for resumed sessions. If you do get them it points to problems with session caching on the server. If the application is restarted several times without session resumption then OpenSSL has no way of knowing what the appropriate choice is as they all look independent as far as the OpenSSL back end is concerned. A kind of memory may be possible in future but it isn't currently supported. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
