| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Accept 'slot-id' path attribute defined in RFC 7512.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
|
|
|
|
|
|
|
| |
Accept 'slot-description' and 'slot-manifacturer' path attributes
defined in RFC 7512.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
|
|
|
|
|
|
|
|
|
|
|
| |
For every path/query component, p11_kit_uri_parse() allocates a small
buffer to strip whitespace out. This patch removes any whitespace in
the URI at the entry of the function to simplify the code.
Note that RFC 7512 actually suggests to ignore whitespace at the
extracting phase rather than the parsing phase.
https://bugs.freedesktop.org/show_bug.cgi?id=97245
|
|
|
|
|
|
|
| |
The test case added for bug 90289 (commit c73edd00) revealed that some
of the C_Initialize() implementations do not consider the case where it
is called from the parent process and then from the child process,
without calling C_Finalize() in between.
|
|
|
|
| |
There is the same line a few lines below.
|
| |
|
|
|
|
| |
Pointed out by David Woodhouse
|
|
|
|
|
| |
Previously these were expanded based on the home directory of the
one building the documentation (me).
|
|
|
|
|
|
|
|
| |
p11_kit_module_load() hands on the module_path argument to
load_module_from_file_inlock() which accepts relative paths, prepending
P11_MODULE_PATH. Update API documentation accordingly.
https://lists.freedesktop.org/archives/p11-glue/2016-February/000587.html
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=93587
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fd_set and friends, according to POSIX.1-2001, needs sys/select.h, so
include it otherwise the build fails for uClibc:
p11-kit/rpc-transport.c: In function ‘rpc_socket_read’:
p11-kit/rpc-transport.c:350:2: error: unknown type name ‘fd_set’
p11-kit/rpc-transport.c:416:4: warning: implicit declaration of function
‘FD_ZERO’ [-Wimplicit-function-declaration]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
https://bugs.freedesktop.org/show_bug.cgi?id=93211
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92807
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92842
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92843
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92864
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92532
|
| |
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92551
|
|
|
|
| |
We no longer use timegm()
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92443
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92445
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92520
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=92434
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
record was found
Hello, it looks like under some conditions, command trust segfaults in
expand_homedir() due to no matching password record was found:
Signed-off-by: Robert Milasan <rmilasan@suse.com>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Updated path so message is printed and errno is not overwritten
https://bugs.freedesktop.org/show_bug.cgi?id=91506
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=89081
|
|
|
|
|
|
|
|
|
|
|
| |
That function allows to obtain the filename used by the PKCS #11
module. That is the filename used by dlopen().
Note that we don't provide p11_kit_module_for_filename() because
it would have to deal with filename equivalences.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Fixed up whitespace
|
|
|
|
|
|
|
|
|
|
|
|
| |
This corrects a deadlock on the forked process. The deadlock
happened because the proxy called C_Finalize prior to a C_Initialize
which is wrong according to PKCS #11 (2.40). This patch eliminates
the C_Finalize call in that case.
This resolves #90289
https://bugs.freedesktop.org/show_bug.cgi?id=90289
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
| |
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
|
|
|
|
| |
Libffi uses shared memory to store them, and a deallocation
in a child will cause issues for the parent or vice versa.
Signed-off-by: Stef Walter <stefw@redhat.com>
* Use #if to comment out code, avoid compiler warnings
|
|
|
|
| |
Reviewed-by: Stef Walter <stefw@redhat.com>
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=90827
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We continue to accept both the older style 'object-type' field
in addition to the new 'type' field. However we start generating
URIs in the new form.
In other words we have backwards compatibility, but not forwards
compatibility. Given the fact that PKCS#11 URIs are now standardizing
this is an acceptable compromise.
https://bugs.freedesktop.org/show_bug.cgi?id=86474
|
|
|
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=87582
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added test for bad encoded pin-value in uri
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=87582
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows extraction of a directory of standard PEM files
with the OpenSSL hash symlinks; this is a format used by
some popular platforms (Debian's /etc/ssl/certs is in this
form, and OpenSUSE provides it for compatibility).
Initially by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Stef Walter <stefw@redhat.com>
* Added header, fixed compiler warnings
|
|
|
|
| |
This was a later change to the PKCS#11 specification drafts
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PKCS#11 spec states that the CKA_ID should match the
SubjectKeyIdentifier if such an extension is present.
We delay the filling of CKA_ID until the builder phase of populating
attributes which allows us to have more control over how this works.
Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached*
extensions. The CKA_ID isn't supposed to change after object creation.
Making it dependent on attached extensions would be making promises
we cannot keep, since attached extensions can be added/removed at any
time.
This also means the CKA_ID of attached extensions and certificates
won't necessarily match up, but that was never promised, and not how
attached extensions should be matched to their certificate anyway.
Based on a patch and research done by David Woodhouse.
https://bugs.freedesktop.org/show_bug.cgi?id=84761
|
|
|
|
|
|
|
| |
These PEM blocks contribute a CKA_PUBLIC_KEY_INFO to the object
being read/written.
https://bugs.freedesktop.org/show_bug.cgi?id=83799
|
|
|
|
| |
Add a number of missing LIBTASN1_CFLAGS where it's required
|
| |
|