summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* extract: Combine trust policy when extractingStef Walter2013-03-155-43/+313
| | | | | | | | | | * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497
* extract: --comment option adds comments to PEM bundlesStef Walter2013-03-157-3/+103
| | | | | | | | * Placed before the certificate, simple one liner * No need to put comments in PEM files extracted into directories, as the file names are already descriptive. https://bugs.freedesktop.org/show_bug.cgi?id=62029
* extract: Allow p11_save_write() to automatically calculate lengthStef Walter2013-03-155-4/+62
| | | | | | | | | Also if automatically calculating length, then ignore input that is NULL, as something that shouldn't be written out. This allows easier chaining of optional output, such as comments. https://bugs.freedesktop.org/show_bug.cgi?id=62029
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-1515-54/+136
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* trust: Make each configured path its own tokenStef Walter2013-03-157-136/+460
| | | | | | | | | | | | | | | | | | | * Each source directory or file configured into the module or passed in as an initialization argument becomes its own token. Previously there was one token that contained certificates from all the configured paths. * These tokens are clearly labeled in the token info as to the directory or file that they represent. * Update PKCS#11 module logic to deal with multiple tokens, validate the slot ids and so on. * The order in which the paths are configured will become the order of trust priority. This is the same order in which they are listed through 'p11-kit list-modules' and C_GetSlotList. * Update the frob-token internal tool to only play with one path * Adjust tests where necessary to reflect the new state of things and add tests for modified trust module code https://bugs.freedesktop.org/show_bug.cgi?id=61499
* dict: Allow removal of current item in a p11_dict iterationStef Walter2013-03-152-0/+62
| | | | | | | * This was already possible to do safely before * Document and test this behavior https://bugs.freedesktop.org/show_bug.cgi?id=61499
* trust: Rework input path treatmentStef Walter2013-03-1520-140/+318
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* pem: Fix a bug decoding some PEM filesStef Walter2013-03-154-11/+246
| | | | | When bringing over the BSD base64 code, there was a regression. In addition add some tests for the base64 stuff.
* Don't overwrite the build directory when uploading documentationStef Walter2013-03-141-1/+1
|
* Fix up the system anchors/certificates configure argumentsStef Walter2013-03-141-15/+20
| | | | | | Double check various combinations, and make sure we don't fail needlessly when --disable-trust-module. Also check that actual paths are passed into the arguments.
* doc: Move manual into doc/manual subdirectoryStef Walter2013-03-1218-156/+159
|
* Release version 0.16.4Stef Walter2013-03-122-1/+5
|
* tools: Display per-command help appropriatelyStef Walter2013-03-111-7/+12
| | | | | | | | * Fixes a regression * In addition allows --help to be specified before the command. If a command is present, command help will be shown https://bugs.freedesktop.org/show_bug.cgi?id=62153
* tools: Initialize local debug code correctlyStef Walter2013-03-111-0/+3
| | | | | | | Unless initialized according to the environment all debug output is printed. https://bugs.freedesktop.org/show_bug.cgi?id=62152
* Release version 0.16.3Stef Walter2013-03-082-1/+7
|
* iter: Don't skip tokens that don't have CKF_TOKEN_INITIALIZEDStef Walter2013-03-082-37/+0
| | | | | This flag is not required to be set unless C_InitToken has been called. Many modules, like libnssckbi.so, do not set this flag.
* trust: add a simple frob-nss-token tool to dump distrustStef Walter2013-03-082-0/+109
| | | | | Add a simple tool to dump NSS style distrust attributes from a module.
* trust: Use the new NSS PKCS#11 extension codesStef Walter2013-03-086-94/+95
| | | | | NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
* Hard code distrust temporarily.Stef Walter2013-03-081-1/+149
| | | | | This is because we have no way to load this data into the trust module. Working on a real solution.
* tools: Parse global options appropriately, even if after commandStef Walter2013-03-081-13/+18
|
* trust: Refactor how we load builtin objectsStef Walter2013-03-081-11/+13
|
* Don't shove messages into debug output if they're already displayedStef Walter2013-03-081-2/+2
|
* Release 0.16.2Stef Walter2013-03-082-1/+6
|
* extract: Use bool instead of int where appropriateStef Walter2013-03-081-15/+15
|
* tools: Add a bit of debugging to the PEM extract handlerStef Walter2013-03-082-0/+4
|
* extract: Fix regression in --purpose optionStef Walter2013-03-082-2/+61
| | | | | | | | The --purpose option would only match certificates that had no purposes marked on them. Fix it so that it correctly matches certificates with the given purpose. https://bugs.freedesktop.org/show_bug.cgi?id=62009
* Document and put code coverage onlineStef Walter2013-03-082-4/+34
| | | | | * Document our testing practices * Put lcov code coverage output online
* Properly detect the stdbool.h headerStef Walter2013-03-081-0/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=62001
* Release version 0.16.1Stef Walter2013-03-072-1/+6
|
* doc: Fix external URLs in documentationStef Walter2013-03-071-6/+6
|
* doc: Add P11_KIT_STRICT=yes debugging tipStef Walter2013-03-071-0/+11
|
* x509: Don't break when cA field of BasicConstraints is missingStef Walter2013-03-071-2/+9
| | | | | | | The field defaults to FALSE. It sucks that libtasn1 doesn't fill this in for us. https://bugs.freedesktop.org/show_bug.cgi?id=61975
* tools: Remove extra debugging statement when running external commandsStef Walter2013-03-071-1/+0
|
* extract-trust: Turn into a placeholder script that does nothingStef Walter2013-03-071-21/+15
| | | | | If the 'p11-kit extract-trust' command is to be used by distributions, make them customize it appropriately.
* doc: Don't wrap the options in the pkcs11.conf manual pageStef Walter2013-03-071-6/+6
|
* Release version 0.16.0Stef Walter2013-03-042-1/+9
|
* Build with the libtasn1 CFLAGS properlyStef Walter2013-03-045-2/+14
| | | | | | Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=61739
* Redo mock.h header in order to relicenseStef Walter2013-03-041-667/+686
| | | | | Rewrite the mock.h header to relicense it. It is based on the BSD licensed mock.c file, so this isn't a big issue.
* Remove duplicate typedefStef Walter2013-03-041-2/+2
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60894
* Fix missing bracket in trust module checkRoman Bogorodskiy2013-03-041-1/+1
| | | | | | This fixes building --without-libtasn1 https://bugs.freedesktop.org/show_bug.cgi?id=61740
* Initialize modules correctly in testsStef Walter2013-03-039-1/+14
| | | | This fixes hangs when running tests on windows
* Windows doesn't support symlinks, chmod, or atomic renamesStef Walter2013-03-037-6/+101
| | | | | | | * Don't create symlinks on windows * No atomic renames, so delete and then rename * Make sure to close files before unlinking on windows * No chmod permissions on windows
* Use mingw compatible coverage flagsStef Walter2013-03-031-2/+2
| | | | | | The way that coverage is built and linked is different with mingw so just use the --coverage flag to represent the correct behavior when cross compiling.
* Don't use wchar_t for storing unicode charactersStef Walter2013-03-031-35/+36
| | | | | On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion functions.
* Fix syntax errors in OS_WIN32 ifdefsStef Walter2013-03-036-10/+14
|
* Open files in binary mode on windowsStef Walter2013-03-034-8/+11
| | | | So that the Windows' C library doesn't munge line endings
* Add compat gmtime_r() and timegm() functionsStef Walter2013-03-033-0/+76
| | | | Not available on Win32 or ancient unixes
* Add compat mkstemp() and mkdtemp() functionsStef Walter2013-03-032-0/+156
| | | | Not available on Win32 or ancient unixes
* Add compat vasprintf() and asprintf() functionsStef Walter2013-03-033-0/+84
| | | | These are not available on Win32 and ancient unixes
* Add compat strndup() functionStef Walter2013-03-033-0/+30
| | | | Not available on Win32 and ancient unixes