summaryrefslogtreecommitdiff
path: root/trust
diff options
context:
space:
mode:
Diffstat (limited to 'trust')
-rw-r--r--trust/enumerate.c28
-rw-r--r--trust/enumerate.h1
-rw-r--r--trust/list.c1
-rw-r--r--trust/test-bundle.c1
-rw-r--r--trust/test-cer.c1
-rw-r--r--trust/test-enumerate.c16
-rw-r--r--trust/test-openssl.c1
7 files changed, 30 insertions, 19 deletions
diff --git a/trust/enumerate.c b/trust/enumerate.c
index 750bba3..ad0565f 100644
--- a/trust/enumerate.c
+++ b/trust/enumerate.c
@@ -308,24 +308,26 @@ extract_info (p11_enumerate *ex)
return false;
/* If a certificate then */
- if (ex->klass != CKO_CERTIFICATE) {
- p11_message ("skipping non-certificate object");
- return false;
- }
+ if (ex->flags & P11_ENUMERATE_CORRELATE) {
+ if (ex->klass != CKO_CERTIFICATE) {
+ p11_message ("skipping non-certificate object");
+ return false;
+ }
- if (!extract_certificate (ex))
- return false;
+ if (!extract_certificate (ex))
+ return false;
+
+ attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
+ if (attr) {
+ ex->attached = load_attached_extensions (ex, attr);
+ if (!ex->attached)
+ return false;
+ }
- attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
- if (attr) {
- ex->attached = load_attached_extensions (ex, attr);
- if (!ex->attached)
+ if (!extract_purposes (ex))
return false;
}
- if (!extract_purposes (ex))
- return false;
-
return true;
}
diff --git a/trust/enumerate.h b/trust/enumerate.h
index 411820a..41cea09 100644
--- a/trust/enumerate.h
+++ b/trust/enumerate.h
@@ -49,6 +49,7 @@ enum {
P11_ENUMERATE_ANCHORS = 1 << 21,
P11_ENUMERATE_BLACKLIST = 1 << 22,
P11_ENUMERATE_COLLAPSE = 1 << 23,
+ P11_ENUMERATE_CORRELATE = 1 << 24,
};
typedef struct {
diff --git a/trust/list.c b/trust/list.c
index 12120e5..9e31aba 100644
--- a/trust/list.c
+++ b/trust/list.c
@@ -253,6 +253,7 @@ p11_trust_list (int argc,
if (!p11_enumerate_ready (&ex, "trust-policy"))
exit (1);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ret = list_iterate (&ex, details) ? 0 : 1;
p11_enumerate_cleanup (&ex);
diff --git a/trust/test-bundle.c b/trust/test-bundle.c
index 3af7277..3f4bcad 100644
--- a/trust/test-bundle.c
+++ b/trust/test-bundle.c
@@ -74,6 +74,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}
diff --git a/trust/test-cer.c b/trust/test-cer.c
index 422b528..a412eff 100644
--- a/trust/test-cer.c
+++ b/trust/test-cer.c
@@ -74,6 +74,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}
diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c
index 424437e..3e188b2 100644
--- a/trust/test-enumerate.c
+++ b/trust/test-enumerate.c
@@ -62,6 +62,7 @@ test_file_name_for_label (void)
char *name;
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
@@ -79,6 +80,7 @@ test_file_name_for_class (void)
char *name;
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.klass = CKO_CERTIFICATE;
@@ -104,7 +106,7 @@ test_comment_for_label (void)
p11_enumerate_init (&ex);
- ex.flags = P11_EXTRACT_COMMENT;
+ ex.flags = P11_EXTRACT_COMMENT | P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
comment = p11_enumerate_comment (&ex, true);
@@ -127,6 +129,7 @@ test_comment_not_enabled (void)
p11_enumerate_init (&ex);
+ ex.flags |= P11_ENUMERATE_CORRELATE;
ex.attrs = p11_attrs_build (NULL, &label, NULL);
comment = p11_enumerate_comment (&ex, true);
@@ -156,6 +159,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
/* Prefill the modules */
test.modules[0] = &test.module;
@@ -406,7 +410,7 @@ test_duplicate_distrusted (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- test.ex.flags = P11_ENUMERATE_COLLAPSE;
+ test.ex.flags = P11_ENUMERATE_COLLAPSE | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -432,7 +436,7 @@ test_trusted_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_ANCHORS;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -450,7 +454,7 @@ test_distrust_match (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -475,7 +479,7 @@ test_override_by_issuer_serial (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
@@ -498,7 +502,7 @@ test_override_by_public_key (void)
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key);
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
+ test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_CORRELATE;
p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
p11_enumerate_ready (&test.ex, NULL);
diff --git a/trust/test-openssl.c b/trust/test-openssl.c
index 3cba1ed..b1276df 100644
--- a/trust/test-openssl.c
+++ b/trust/test-openssl.c
@@ -77,6 +77,7 @@ setup (void *unused)
assert_num_eq (CKR_OK, rv);
p11_enumerate_init (&test.ex);
+ test.ex.flags |= P11_ENUMERATE_CORRELATE;
test.directory = p11_test_directory ("test-extract");
}