Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | trust: Avoid array overflow | Daiki Ueno | 2018-05-07 | 2 | -3/+3 |
| | |||||
* | trust: Don't null terminate PKCS #11 string fields | Daiki Ueno | 2018-05-07 | 1 | -6/+6 |
| | |||||
* | proxy: Don't null terminate PKCS #11 string fields | Daiki Ueno | 2018-05-07 | 1 | -2/+2 |
| | |||||
* | test: Avoid exceeding maximum pathname length of Unix socket | Daiki Ueno | 2018-05-04 | 1 | -2/+7 |
| | |||||
* | library: Use dedicated locale object for printing error | Daiki Ueno | 2018-05-01 | 5 | -15/+43 |
| | |||||
* | Revert "build: Check strerror_l() and uselocale() seperately" | Daiki Ueno | 2018-05-01 | 3 | -15/+5 |
| | | | | | | | | | This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. We should rather use newlocale() when per-thread locale is not set. Otherwise uselocale() could return LC_GLOBAL_LOCALE on some platforms (e.g. musl-libc) and calling strerror_l() with it leads to an undefined behavior. | ||||
* | build: Check strerror_l() and uselocale() seperately | Daiki Ueno | 2018-04-19 | 3 | -5/+15 |
| | | | | | | NetBSD deliberately doesn't support per-thread locale and our thread-safe replacement of strerror() using strerror_l() cannot be used. Fallback to strerror_r() in that case. | ||||
* | travis: Optimize dnf install invocation | Daiki Ueno | 2018-04-10 | 1 | -11/+7 |
| | |||||
* | test: Add installcheck script to test trust module | Daiki Ueno | 2018-04-10 | 2 | -1/+24 |
| | | | | | Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module. | ||||
* | trust: Prevent trust module being loaded by proxy module | Daiki Ueno | 2018-04-10 | 1 | -0/+3 |
| | | | | | Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance. | ||||
* | travis: Run "make installcheck" | Daiki Ueno | 2018-04-10 | 1 | -8/+16 |
| | |||||
* | trust: Fix memleak in p11_enumerate_opt_filter | Daiki Ueno | 2018-04-10 | 1 | -0/+1 |
| | | | | | p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer. | ||||
* | test: Factor out common harness from test-extract.in | Daiki Ueno | 2018-04-10 | 5 | -95/+114 |
| | |||||
* | test: Add test for JKS extractor | Daiki Ueno | 2018-04-06 | 4 | -1/+224 |
| | | | | | Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor. | ||||
* | test: Add test for p11_attrs_purge() | Daiki Ueno | 2018-04-06 | 1 | -0/+29 |
| | |||||
* | mock-module-ep: Properly override C_GetFunctionList | Daiki Ueno | 2018-04-06 | 1 | -1/+1 |
| | |||||
* | modules: Add option to control module visibility from proxy | Daiki Ueno | 2018-04-06 | 6 | -10/+118 |
| | | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value. | ||||
* | trust: add unit test for the "edk2-cacerts" extractor | Laszlo Ersek | 2018-03-30 | 3 | -0/+214 |
| | | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | trust: implement the "edk2-cacerts" extractor | Laszlo Ersek | 2018-03-30 | 1 | -1/+168 |
| | | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | trust: introduce the "edk2-cacerts" extractor skeleton | Laszlo Ersek | 2018-03-30 | 4 | -1/+51 |
| | | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | modules: Fix memleak in re-initialization case | Daiki Ueno | 2018-03-29 | 1 | -0/+1 |
| | |||||
* | Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly | Justin King-Lacroix | 2018-03-29 | 1 | -1/+6 |
| | | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK. | ||||
* | travis: Disallow failure on mingw | Daiki Ueno | 2018-03-29 | 1 | -4/+0 |
| | |||||
* | test: Add missing seven.module in Windows fixtures | Daiki Ueno | 2018-03-29 | 1 | -0/+4 |
| | |||||
* | travis: Use LOG_COMPILER to run tests under wine | Daiki Ueno | 2018-03-29 | 1 | -3/+3 |
| | |||||
* | build: Enable make check with wine | Daiki Ueno | 2018-03-29 | 2 | -1/+14 |
| | |||||
* | common: Fix compilation of runtime.c under mingw | Daiki Ueno | 2018-03-29 | 2 | -10/+33 |
| | |||||
* | test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED | Daiki Ueno | 2018-03-29 | 4 | -1/+115 |
| | |||||
* | test: Add test for error messages | Daiki Ueno | 2018-03-29 | 3 | -1/+113 |
| | |||||
* | test: Use _exit() in child process to immediately close open FDs | Daiki Ueno | 2018-03-29 | 1 | -1/+1 |
| | |||||
* | test: Rewrite test-server.sh in TAP style | Daiki Ueno | 2018-03-29 | 1 | -11/+27 |
| | |||||
* | test: Take advantage of TAP test driver | Daiki Ueno | 2018-03-29 | 3 | -0/+6 |
| | |||||
* | common: Add assert_skip() and assert_todo() | Daiki Ueno | 2018-03-29 | 2 | -15/+126 |
| | |||||
* | test-server.sh: Fix bashism | Andreas Metzler | 2018-02-28 | 1 | -4/+4 |
| | |||||
* | Release 0.23.10 | Daiki Ueno | 2018-02-27 | 2 | -1/+13 |
| | |||||
* | maint: Point to the new URLs | Daiki Ueno | 2018-02-27 | 2 | -5/+5 |
| | |||||
* | test-server: Add test for detecting address | Daiki Ueno | 2018-02-27 | 1 | -1/+29 |
| | |||||
* | test-server: Fix compilation error on FreeBSD | Daiki Ueno | 2018-02-27 | 1 | -0/+1 |
| | |||||
* | common, client: Move runtime directory detection to libp11-common | Daiki Ueno | 2018-02-27 | 5 | -65/+292 |
| | |||||
* | common: Make p11_test_directory_delete() work recursively | Daiki Ueno | 2018-02-27 | 1 | -1/+11 |
| | |||||
* | test: Improve temporary directory handling | Daiki Ueno | 2018-02-27 | 2 | -2/+6 |
| | |||||
* | p11_kit_remote_serve_tokens: Read "write-protected" setting from URI | Daiki Ueno | 2018-02-27 | 2 | -0/+42 |
| | |||||
* | filter: Respect CKF_WRITE_PROTECTED setting when allowing a token | Daiki Ueno | 2018-02-27 | 2 | -16/+134 |
| | |||||
* | test: Add test for client-server interaction | Daiki Ueno | 2018-02-27 | 4 | -3/+213 |
| | | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module. | ||||
* | server: Print envvars even when running in foreground | Daiki Ueno | 2018-02-27 | 1 | -22/+39 |
| | |||||
* | test-transport: Make sure to initialize addrlen given to accept | Daiki Ueno | 2018-02-27 | 1 | -0/+1 |
| | |||||
* | client: Fix memleaks in the module | Daiki Ueno | 2018-02-27 | 1 | -3/+9 |
| | |||||
* | test: Fix unconditional jump in test-proxy.c | Daiki Ueno | 2018-02-27 | 1 | -0/+1 |
| | |||||
* | doc: Replace links to freedesktop.org to github pages | Daiki Ueno | 2018-02-26 | 4 | -10/+10 |
| | |||||
* | trust: Forcibly mark "Default Trust" read-only | Daiki Ueno | 2018-02-05 | 7 | -15/+101 |
| | | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630 |