# FreeBSD as WebDav client over HTTPS with TLS client certificate authentication.



## ekingston (Jun 6, 2017)

*The short story:*

Can someone point me at the right tools for FreeBSD (10.3 or 11) to act as a webdav client where the webdav server only provides connectivity over HTTPS and requires TLS (SSL) client certificate authentication?

*The long story:*

A few month ago, I got the extremely cheap VPN service from liteserver.nl (256MB RAM, +256MB Swap, 1 core, 200GB disk space) for 7.5 euros per quarter (with a 15% lifetime discount and paid yearly). Darn sweet deal for an extremely low-end system to mess with a hobby. Unfortunately, I figured out that although that is sufficient RAM to run the OS and a lightweight web server, it isn't quite enough to include the server side script (PHP) I am messing with.

So, I have a VPS with 200GB of storage space doing nothing. My solution, make it my own personal cloud storage server with very minimal capabilities. Enter Webdav: the lightweight web server (lighttpd) I'm using supports webdav and reduced RAM usage by dropping PHP allows for the webdav module with room to spare.

Obviously, I don't want this to run over HTTP. I want my files kept away from random sniffing.

I also don't like the idea of relying on password authentication (basic auth) alone as that could be brute forced. So, certificate based authentication is my obvious choice. Hence, TLS client certificates since I'm already using HTTPS, it's just more configuration.

The VPS is running Debian (because the VPS provider offered it out-of-the-box).

The problem I'm hitting is the only Webdav client interface for FreeBSD I can find appears to be abandoned. The only one that seams to be currently supported is a fuse module (Fusefs-wdfs) in the ports tree but the project page (http://noedler.de/projekte/wdfs/) says it is no longer supported. _So, is there any webdav filesystem client for FreeBSD that is actively being maintained?_

_Are there any instructions on setting things up so that FreeBSD can act as a client and use client TLS certificate authentication to mount Webdav?_

Ideally, I would like to get this working for my Windows 10 desktop, Windows 7 laptop, and iMac (macOS Sierra) but one mess at a time.

FreeBSD is first on my list because it is what I run on my home server. I've got scripts to sync DropBox and Google Drive data to my FreeBSD system and I'm looking into OneDrive as well.


----------



## obsigna (Jun 6, 2017)

sysutils/fusefs-wdfs does not offer HTTPS with TLS client certificate authentication, besides that it does work quite well. I use it with TLS and Digest Authentication. If the server uses ciphers providing perfect forward secrecy and if you use a good password, then brute forcing the MD5 digests of a running HTTPS session is still nowadays impossible, because the digests are changing and the digest authentication protocol provides measures against replay attacks.

I would go with sysutils/fusefs-wdfs, since it is the best option in the moment.

Since version 0.3, www/neon provides a facility for TLS client certificate authentication. sysutils/fusefs-wdfs utilizes the neon library for the WebDAV implementation, therefore, it shouldn't be too hard to get this working. If you desperately need this, then you might want to find someone, who can implement this for some bucks for you.


----------



## hobbitus (Apr 10, 2021)

Did you find any WebDav client or Fuse option to mount WebDav from remote server?
Have you tried fusefs-webdavfs?


----------



## drhowarddrfine (Apr 10, 2021)

hobbitus You are asking in a 5-year old thread someone who hasn't been here in two months.


----------



## hobbitus (Apr 10, 2021)

You are right, though I assume that the user may use the default email notification and therefore could receive email with my enquire.


----------



## SirDice (Apr 10, 2021)

drhowarddrfine said:


> who hasn't been here in two months


It's a little over a year actually,  14 months to be precise. It's 2021 now. Yes, time does fly


----------

