| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
|
|
|
|
|
|
|
|
|
| |
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
|
| |
|
|
|
|
| |
Some helpers for commonly used ASN.1 related stuff.
|
|
|
|
|
| |
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Cleans up a filename with readable characters.
|
|
|
|
|
|
| |
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
|
|
|
|
|
| |
Checks if a wellformed path is identical to or a prefix
of another path.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Also sorta covers --help and -h usage
|
| |
| |
| |
| |
| | |
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
|
| |
| |
| |
| |
| |
| | |
Although we don't actually write anything out yet, make the
various PKCS#11 functions behave properly when faced with
requests to write to token objects
|
| |
| |
| |
| |
| | |
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
|
| |
| |
| |
| |
| | |
Gets the parent element of the path, removing the last component.
Handles trailing and duplicate path separators correctly.
|
| | |
|
| | |
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Keep the module ownership apart from the tracking of module
function pointers, since these are only relevant for unmanaged
modules.
* Less assumptions that each module has a raw unmanaged module
function pointer.
* More clarity in the naming of dictionaries tracking the modules.
|
| |
| |
| |
| | |
So it can be used from multiple code paths
|
| |
| |
| |
| |
| | |
Because win32 code doesn't just run on windows, wine runs
with unix style paths.
|