summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* mock-module-ep: Properly override C_GetFunctionListDaiki Ueno2018-04-061-1/+1
|
* modules: Add option to control module visibility from proxyDaiki Ueno2018-04-066-10/+118
| | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value.
* trust: add unit test for the "edk2-cacerts" extractorLaszlo Ersek2018-03-303-0/+214
| | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: implement the "edk2-cacerts" extractorLaszlo Ersek2018-03-301-1/+168
| | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: introduce the "edk2-cacerts" extractor skeletonLaszlo Ersek2018-03-304-1/+51
| | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* modules: Fix memleak in re-initialization caseDaiki Ueno2018-03-291-0/+1
|
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctlyJustin King-Lacroix2018-03-291-1/+6
| | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK.
* travis: Disallow failure on mingwDaiki Ueno2018-03-291-4/+0
|
* test: Add missing seven.module in Windows fixturesDaiki Ueno2018-03-291-0/+4
|
* travis: Use LOG_COMPILER to run tests under wineDaiki Ueno2018-03-291-3/+3
|
* build: Enable make check with wineDaiki Ueno2018-03-292-1/+14
|
* common: Fix compilation of runtime.c under mingwDaiki Ueno2018-03-292-10/+33
|
* test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZEDDaiki Ueno2018-03-294-1/+115
|
* test: Add test for error messagesDaiki Ueno2018-03-293-1/+113
|
* test: Use _exit() in child process to immediately close open FDsDaiki Ueno2018-03-291-1/+1
|
* test: Rewrite test-server.sh in TAP styleDaiki Ueno2018-03-291-11/+27
|
* test: Take advantage of TAP test driverDaiki Ueno2018-03-293-0/+6
|
* common: Add assert_skip() and assert_todo()Daiki Ueno2018-03-292-15/+126
|
* test-server.sh: Fix bashismAndreas Metzler2018-02-281-4/+4
|
* Release 0.23.10Daiki Ueno2018-02-272-1/+13
|
* maint: Point to the new URLsDaiki Ueno2018-02-272-5/+5
|
* test-server: Add test for detecting addressDaiki Ueno2018-02-271-1/+29
|
* test-server: Fix compilation error on FreeBSDDaiki Ueno2018-02-271-0/+1
|
* common, client: Move runtime directory detection to libp11-commonDaiki Ueno2018-02-275-65/+292
|
* common: Make p11_test_directory_delete() work recursivelyDaiki Ueno2018-02-271-1/+11
|
* test: Improve temporary directory handlingDaiki Ueno2018-02-272-2/+6
|
* p11_kit_remote_serve_tokens: Read "write-protected" setting from URIDaiki Ueno2018-02-272-0/+42
|
* filter: Respect CKF_WRITE_PROTECTED setting when allowing a tokenDaiki Ueno2018-02-272-16/+134
|
* test: Add test for client-server interactionDaiki Ueno2018-02-274-3/+213
| | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module.
* server: Print envvars even when running in foregroundDaiki Ueno2018-02-271-22/+39
|
* test-transport: Make sure to initialize addrlen given to acceptDaiki Ueno2018-02-271-0/+1
|
* client: Fix memleaks in the moduleDaiki Ueno2018-02-271-3/+9
|
* test: Fix unconditional jump in test-proxy.cDaiki Ueno2018-02-271-0/+1
|
* doc: Replace links to freedesktop.org to github pagesDaiki Ueno2018-02-264-10/+10
|
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-057-15/+101
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
* po: Update translations from transifexDaiki Ueno2018-01-3138-447/+1139
|
* build: Add more files to .gitignoreDaiki Ueno2018-01-311-19/+7
|
* travis: Exclude generated files from coverageDaiki Ueno2018-01-311-1/+1
|
* build: Split out generated code from p11-kit/virtual.cDaiki Ueno2018-01-316-199/+51
|
* trust: Filter out duplicate extensionsDaiki Ueno2018-01-315-5/+120
| | | | | | | | | | | | The trust policy module keeps all the objects in the database, while PKIX doesn't allow multiple extensions identified by the same OID can be attached to a certificate. Add a check to C_FindObjects to exclude any duplicates and only return the first matching object. It would be better if the module rejects such duplicates when loading, but it would make startup slower. https://bugzilla.redhat.com/show_bug.cgi?id=1141241
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-304-16/+29
|
* proxy: Remove dead codeDaiki Ueno2018-01-301-708/+0
| | | | | Since the libffi became optional (commit 9f632bed), the fallback code path in proxy.c has never taken.
* proxy: Reuse the existing slot ID mapping after forkDaiki Ueno2018-01-295-4/+122
| | | | | | | While the proxy module reassigns slot IDs in C_Initialize(), some applications assume that valid slot IDs should never change across multiple calls to C_Initialize(). This patch mitigates this by preserving the slot IDs, if they are known to the proxy module.
* server: Avoid null-dereference of timespec value on timeoutDaiki Ueno2018-01-171-1/+2
| | | | Spotted by clang-analyzer.
* Added p11-kit remoting page in manualNikos Mavrogiannopoulos2018-01-053-0/+255
|
* build: Add README.md to display build statusDaiki Ueno2017-12-211-0/+10
|
* travis: Exclude test programs from coverallsDaiki Ueno2017-12-211-1/+1
|
* travis: Supply necessary envvars to container for coverallsDaiki Ueno2017-11-271-1/+1
|
* travis: Use in-tree build for coverageDaiki Ueno2017-11-151-14/+16
| | | | | | The coverage tools (gcov, cpp-coveralls, etc) cannot detect source files if the project is built out-of-tree. Use the same directory for $srcdir and $builddir for the build with --enable-coverage.
* test: Improve code coverage of filter.cDaiki Ueno2017-11-151-0/+67
|