p11-kit.git/trust/tests/files, branch p11p Clone of https://github.com/p11-glue/p11-kit Move to non-recursive Makefile for building bins and libs 2014-08-15T08:43:04+00:00 Stef Walter stef@thewalter.net 2014-08-15T06:41:43+00:00 677dee1a04058aefe8c7689f88da52afe3b4b4bb Still use recursive for documentation and translation. 
Still use recursive for documentation and translation.
trust: Parse TRUSTED CERTIFICATE openssl format even without CertAux 2014-08-08T07:27:10+00:00 Stef Walter stef@thewalter.net 2014-08-08T07:24:47+00:00 c22e37091278ffb339c692f5c994c3393b12a254 openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout 
openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the
additional CertAux (ie: trust fields) information. It simply leaves
that block out. This happens with a command like:

$ openssl x509 -in my-cert.pem -out output -trustout
trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec 2013-07-04T13:48:38+00:00 Stef Walter stef@thewalter.net 2013-07-04T13:48:38+00:00 7d4941715b5afc2ef8ea18716990d28965737c70 * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above. 
 * Use the concepts and PKCS#11 objects described in the
   recently updated (still work in progress) storing trust spec.
 * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
   the CKA_PUBLIC_KEY_INFO isn't defined yet.
 * Most notably, the association between certificates and stapled
   extensions is by public key.
 * Rework some of the tests to take into account the above.
Reorganize various components 2013-06-25T11:27:01+00:00 Stef Walter stef@thewalter.net 2013-06-24T11:34:30+00:00 069c52a10cc4c4c06de8a4d83ddb3755e40be7a4 * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory 
 * p11-kit library and tool in the p11-kit/ subdirectory
 * trust module and new trust tool in trust/ subdirectory
 * No more tools/ subdirectory
 * Lots less in the common/ subdirectory
hash: Add the murmur2 hash and start using it 2013-03-20T09:54:00+00:00 Stef Walter stefw@gnome.org 2013-03-20T08:33:04+00:00 f45942a4fc3e1c5219e9b5201b82203337ee7280 Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug. 
Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.

Also remove p11_oid_hash() which wasn't being used.

In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.
trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default 2013-03-15T17:00:10+00:00 Stef Walter stefw@gnome.org 2013-03-15T15:24:27+00:00 29af2c1eeca2fb0257e1172753b129d638472f0f This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329 
This is what's recommended by the spec, and allows stapled extensions
to hang off a predictable CKA_ID.

https://bugs.freedesktop.org/show_bug.cgi?id=62329
trust: Rework input path treatment 2013-03-15T16:19:01+00:00 Stef Walter stefw@gnome.org 2013-03-14T09:05:17+00:00 86e60637394340ef2fa3b3db6b451dac1d73052b * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327 
 * Accept a single --with-trust-paths argument to ./configure
   which cotnains all the input paths.
 * The --with-system-anchors and --with-system-certificates
   ./configure arguments are no longer supported. Since they were
   only present briefly, no provision is made for backwards
   compatibility.
 * Each input file is treated as containing anchors by default
   unless an input certificate contains detailed trust information.
 * The files in each input directory are not automatically treated
   as anchors unless a certificate contains detailed trust information.
 * The files in anchors/ subdirectory of each input directory are
   automatically marked as anchors.
 * The files in the blacklist/ subdirectory of each input directory
   are automatically marked as blacklisted.
 * Update tests and move around test certificates so we can
   test these changes.

https://bugs.freedesktop.org/show_bug.cgi?id=62327
pem: Fix a bug decoding some PEM files 2013-03-15T16:08:32+00:00 Stef Walter stefw@gnome.org 2013-03-15T16:07:56+00:00 bf63f009cd4a1147a3e0684d898f140f46666b0e When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff. 
When bringing over the BSD base64 code, there was a regression.
In addition add some tests for the base64 stuff.
Implement trust assertion PKCS#11 objects 2013-02-05T13:54:53+00:00 Stef Walter stefw@gnome.org 2013-01-04T12:57:28+00:00 4400d8ecc4525cfc848937dc562c542fc58a533a * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates 
 * Implement trust assertions for anchored and distrusted certs
 * Pinned certificate trust assertions are not implemented yet
 * Add an internal tool for pulling apart bits of certificates
Implement stapled certificate extensions internally 2013-02-05T13:54:53+00:00 Stef Walter stefw@gnome.org 2013-01-02T15:06:19+00:00 18bb2582c32f4373f7ed85894fb490f2733cb03b * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser 
 * Use stapled certificate extensions to represent loaded trust policy
 * Build NSS trust objects from stapled certificate extensions
 * Add further attribute debugging for NSS trust objects
 * Use a custom certificate extension for the OpenSSL reject purpose data
 * Use SubjectKeyIdentifier for OpenSSL keyid data
 * Use ExtendedKeyUsage for OpenSSL trust purpose data
 * Implement simple way to handle binary DER OIDs, using the DER TLV
   length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
 * Split out the building of NSS trust objects from the main parser