summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* travis: Exclude test programs from coverallsDaiki Ueno2017-12-211-1/+1
|
* travis: Supply necessary envvars to container for coverallsDaiki Ueno2017-11-271-1/+1
|
* travis: Use in-tree build for coverageDaiki Ueno2017-11-151-14/+16
| | | | | | The coverage tools (gcov, cpp-coveralls, etc) cannot detect source files if the project is built out-of-tree. Use the same directory for $srcdir and $builddir for the build with --enable-coverage.
* test: Improve code coverage of filter.cDaiki Ueno2017-11-151-0/+67
|
* travis: Use coveralls for measuring coverageDaiki Ueno2017-11-151-1/+5
|
* p11_kit_override_system_files: introduced new functionNikos Mavrogiannopoulos2017-11-013-5/+59
| | | | | | | That allows overriding the default module and configuration locations, for use in test suites, etc. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* p11_kit_modules_load*: enhanced documentation on flagsNikos Mavrogiannopoulos2017-10-311-0/+6
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* build: Take advantage of parallel-testsDaiki Ueno2017-10-063-2/+6
|
* server: Better shell integrationDaiki Ueno2017-10-064-20/+152
| | | | | | This adds -k, -c, and -s options to the "p11-kit server" command, which allows you to terminate the server process, select which C-shell or Bourne shell command line is printed on startup, respectively.
* server: Make it possible to eval envvar settingsDaiki Ueno2017-10-051-9/+11
| | | | | Previously, calling "eval $(p11-kit server)" from shell hung because the program didn't properly close stdout before forking.
* Release 0.23.9Daiki Ueno2017-10-022-1/+6
|
* trust: Respect anyExtendedKeyUsage in CA certificatesDaiki Ueno2017-10-023-0/+45
|
* rpc: Fix crash when retrieving attribute lengthDaiki Ueno2017-09-272-4/+34
| | | | | | It is possible that NULL is given to the serializers, when C_GetAttributeValue() just wants to know the size of an attribute. Previously, this resulted in giving NULL to memcpy().
* server: Make it work only when token URI is providedDaiki Ueno2017-09-271-47/+41
| | | | | | Previously, when "p11-kit server" started only with a token URI, it couldn't properly find and initialize the module which provides the token. This was because of the wrong order of cleanup of the modules.
* common: Re-add placeholder definition of p11_debugDaiki Ueno2017-08-181-0/+4
| | | | | This was mistakenly removed in commit efe6dc56c. Pointed by Lars Wendler in issue #97.
* build: Include <stdint.h> for SIZE_MAXDaiki Ueno2017-08-161-0/+1
| | | | Fixes issue #95.
* Release 0.23.8Daiki Ueno2017-08-152-1/+8
|
* build: Include <stdint.h> for SIZE_MAXDaiki Ueno2017-08-151-0/+1
|
* client: Fix order of cleanupDaiki Ueno2017-08-111-1/+1
| | | | | | In C_GetFunctionList, state->virt is wrapped with a destroyer function free(). Thus p11_rpc_transport_free must be called before p11_virtual_unwrap.
* test: Add checks for duplicate vendor attributesDaiki Ueno2017-08-081-0/+10
|
* uri: Make vendor query attribute handling reliableDaiki Ueno2017-08-081-24/+80
| | | | | | | | | | | | Previously we used p11_dict to keep track of vendor query attributes. This had a couple of limitations: duplicate attributes are not allowed while they are actually allowed in RFC 7512, and the order of attributes is unpredictable. This patch switches to using an array instead of p11_dict and ensures that the attributes are sorted in alphabetical order. Fixes #88.
* common: New p11_array_insert functionDaiki Ueno2017-08-082-0/+20
|
* common: Use reallocarray instead of realloc as appropriateDaiki Ueno2017-08-085-4/+36
| | | | | | reallocarray is a new POSIX function added in glibc 2.26, with built-in overflow checks. Take advantage of that function for internal array allocation.
* pkcs11.h: updated informationNikos Mavrogiannopoulos2017-08-031-3/+3
| | | | | The scute project no longer exists, and the PKCS#11 standard is from OASIS group.
* pkcs11.h: added OTP-related mechanismsNikos Mavrogiannopoulos2017-08-031-0/+97
|
* pkcs11.h: added definitions of GOST CKA attributesNikos Mavrogiannopoulos2017-08-011-0/+3
|
* pkcs11.h: added definitions of GOST mechanismsNikos Mavrogiannopoulos2017-08-011-0/+12
| | | | | This follows the definitions in PKCS#11 v2.40: http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html
* test: Fix failure on 32-bit big endian platformDaiki Ueno2017-07-141-14/+15
| | | | | | | | | | The value given to p11_rpc_buffer_add_ulong_value() must be a pointer of CK_ULONG. Similarly, the value returned from p11_rpc_buffer_get_ulong_value() must be converted to CK_ULONG before comparison. Reported by Andreas Metzler in: https://lists.freedesktop.org/archives/p11-glue/2017-July/000665.html
* trust: Fix build error with -Werror=return-typeDaiki Ueno2017-07-141-1/+1
|
* conf: Introduce P11_KIT_NO_USER_CONFIGColin Walters2017-07-101-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | Currently `ca-certificates.spec` in Fedora ends up doing in `%post`: ``` /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt ``` etc. And due to this bit of code in p11-kit, we end up looking for the home directory for configuration. In this case, `/root`. It's categorically wrong to do this; the root user is distinct from "the system". This issue is equivalent to one I fixed in Pango: https://git.gnome.org/browse/pango/commit/?id=aecbe27c1b08f517c0e05f03308d3ac55cef490c Fast forward to today, and the reason I'm making this change is I'm working on `rpm-ostree ex container`, which builds containers as *non-root* (like gnome-continuous does, but now with RPMs), keeping the invoking uid. And this bug causes the `ca-certificates` `%post` to fail because it's trying to look for my uid 1000 which doesn't exist in the target rootfs' password database. Again, there's no reason to be looking for a home directory for system triggers, regadless of UID, so once this patch lands, I'll update `ca-certificates` to use it, and traditional RPM `%post` will stop looking in `/root` too.
* common: always use p11_dl_close wrapperFabian Groffen2017-06-272-10/+13
| | | | | | | | | Solaris doesn't like it when dlclose is referenced using a define, resulting in a linker error looking for a symbol version. Simply calling the function in a normal way (instead of storing its address) solves this linking error. The error message seen by GNU ld is: dlclose: invalid version 7 (max 0)
* p11_get_upeer_id: implement case using ucred.hFabian Groffen2017-06-272-1/+21
| | | | Solaris can retrieve this information via getpeerucred().
* configure: pull in -lnsl -lsocket for socket functionsFabian Groffen2017-06-271-0/+7
| | | | Solaris has socket() etc. in these two libs.
* Be silent by default and do not print messages on stderrNikos Mavrogiannopoulos2017-06-261-1/+1
| | | | | | | | | As p11-kit is a library there are cases where it is not desirable to log on stderr by default. See for example this report https://bugzilla.redhat.com/show_bug.cgi?id=1464490 where wget prints an error due to an unconfigured pkcs11 module. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* doc: Use correct PKCS#11 URI syntaxDaiki Ueno2017-06-131-1/+1
|
* build: Allow use of _GNU_SOURCEDaiki Ueno2017-06-123-9/+3
| | | | | | This reverts commit 6b457ffc, which forbids the use of GNU extension for the incompatibility of strerror_r. However, now that strerror_l is used instead on glibc systems, it has no point to do that.
* debug: Add p11_debug_err to prevent use of strerrorDaiki Ueno2017-06-123-3/+49
|
* compat: Prefer strerror_l to strerror_rDaiki Ueno2017-06-122-3/+16
| | | | | strerror_r is being obsolete in the next POSIX specification: http://austingroupbugs.net/view.php?id=655
* Release 0.23.7Daiki Ueno2017-05-312-1/+5
|
* trust: Suppress dead-assignment warnings from clang-analyzerDaiki Ueno2017-05-292-1/+1
|
* rpc: Avoid use-after-free when creating socket base directoryDaiki Ueno2017-05-291-1/+0
| | | | Spotted by clang-analyzer.
* rpc: Avoid calling memcmp() on NULL bufferDaiki Ueno2017-05-291-1/+3
| | | | Spotted by clang-analyzer.
* proxy: Don't call realloc() with size 0Daiki Ueno2017-05-291-9/+11
| | | | Spotted by clang-analyzer.
* build: Delay building test programs until "make check"Daiki Ueno2017-05-294-8/+7
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* travis: Enable clang-analyzerDaiki Ueno2017-05-291-1/+3
|
* server: Avoid use-after-freeDaiki Ueno2017-05-291-1/+0
| | | | | Reported by Mantas Mikulėnas in: https://bugs.freedesktop.org/show_bug.cgi?id=101212
* Release 0.23.6Daiki Ueno2017-05-262-1/+7
|
* test: Check the size of unsigned longDaiki Ueno2017-05-262-9/+11
|
* rpc: Load advapi32.dll on the flyDaiki Ueno2017-05-262-7/+91
|
* remote: Remove unnecessary declarationDaiki Ueno2017-05-261-4/+0
|