diff options
Diffstat (limited to 'trust')
-rw-r--r-- | trust/enumerate.c | 28 | ||||
-rw-r--r-- | trust/enumerate.h | 1 | ||||
-rw-r--r-- | trust/list.c | 1 | ||||
-rw-r--r-- | trust/test-bundle.c | 1 | ||||
-rw-r--r-- | trust/test-cer.c | 1 | ||||
-rw-r--r-- | trust/test-enumerate.c | 16 | ||||
-rw-r--r-- | trust/test-openssl.c | 1 |
7 files changed, 30 insertions, 19 deletions
diff --git a/trust/enumerate.c b/trust/enumerate.c index 750bba3..ad0565f 100644 --- a/trust/enumerate.c +++ b/trust/enumerate.c @@ -308,24 +308,26 @@ extract_info (p11_enumerate *ex) return false; /* If a certificate then */ - if (ex->klass != CKO_CERTIFICATE) { - p11_message ("skipping non-certificate object"); - return false; - } + if (ex->flags & P11_ENUMERATE_CORRELATE) { + if (ex->klass != CKO_CERTIFICATE) { + p11_message ("skipping non-certificate object"); + return false; + } - if (!extract_certificate (ex)) - return false; + if (!extract_certificate (ex)) + return false; + + attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); + if (attr) { + ex->attached = load_attached_extensions (ex, attr); + if (!ex->attached) + return false; + } - attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO); - if (attr) { - ex->attached = load_attached_extensions (ex, attr); - if (!ex->attached) + if (!extract_purposes (ex)) return false; } - if (!extract_purposes (ex)) - return false; - return true; } diff --git a/trust/enumerate.h b/trust/enumerate.h index 411820a..41cea09 100644 --- a/trust/enumerate.h +++ b/trust/enumerate.h @@ -49,6 +49,7 @@ enum { P11_ENUMERATE_ANCHORS = 1 << 21, P11_ENUMERATE_BLACKLIST = 1 << 22, P11_ENUMERATE_COLLAPSE = 1 << 23, + P11_ENUMERATE_CORRELATE = 1 << 24, }; typedef struct { diff --git a/trust/list.c b/trust/list.c index 12120e5..9e31aba 100644 --- a/trust/list.c +++ b/trust/list.c @@ -253,6 +253,7 @@ p11_trust_list (int argc, if (!p11_enumerate_ready (&ex, "trust-policy")) exit (1); + ex.flags |= P11_ENUMERATE_CORRELATE; ret = list_iterate (&ex, details) ? 0 : 1; p11_enumerate_cleanup (&ex); diff --git a/trust/test-bundle.c b/trust/test-bundle.c index 3af7277..3f4bcad 100644 --- a/trust/test-bundle.c +++ b/trust/test-bundle.c @@ -74,6 +74,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } diff --git a/trust/test-cer.c b/trust/test-cer.c index 422b528..a412eff 100644 --- a/trust/test-cer.c +++ b/trust/test-cer.c @@ -74,6 +74,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c index 424437e..3e188b2 100644 --- a/trust/test-enumerate.c +++ b/trust/test-enumerate.c @@ -62,6 +62,7 @@ test_file_name_for_label (void) char *name; p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); @@ -79,6 +80,7 @@ test_file_name_for_class (void) char *name; p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.klass = CKO_CERTIFICATE; @@ -104,7 +106,7 @@ test_comment_for_label (void) p11_enumerate_init (&ex); - ex.flags = P11_EXTRACT_COMMENT; + ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); comment = p11_enumerate_comment (&ex, true); @@ -127,6 +129,7 @@ test_comment_not_enabled (void) p11_enumerate_init (&ex); + ex.flags |= P11_ENUMERATE_CORRELATE; ex.attrs = p11_attrs_build (NULL, &label, NULL); comment = p11_enumerate_comment (&ex, true); @@ -156,6 +159,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; /* Prefill the modules */ test.modules[0] = &test.module; @@ -406,7 +410,7 @@ test_duplicate_distrusted (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); - test.ex.flags = P11_ENUMERATE_COLLAPSE; + test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -432,7 +436,7 @@ test_trusted_match (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_ANCHORS; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -450,7 +454,7 @@ test_distrust_match (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -475,7 +479,7 @@ test_override_by_issuer_serial (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted); - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); @@ -498,7 +502,7 @@ test_override_by_public_key (void) mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted); mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key); - test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST; + test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE; p11_kit_iter_add_filter (test.ex.iter, &certificate, 1); p11_enumerate_ready (&test.ex, NULL); diff --git a/trust/test-openssl.c b/trust/test-openssl.c index 3cba1ed..b1276df 100644 --- a/trust/test-openssl.c +++ b/trust/test-openssl.c @@ -77,6 +77,7 @@ setup (void *unused) assert_num_eq (CKR_OK, rv); p11_enumerate_init (&test.ex); + test.ex.flags |= P11_ENUMERATE_CORRELATE; test.directory = p11_test_directory ("test-extract"); } |