summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* trust: Avoid array overflowDaiki Ueno2018-05-072-3/+3
|
* trust: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-6/+6
|
* proxy: Don't null terminate PKCS #11 string fieldsDaiki Ueno2018-05-071-2/+2
|
* test: Avoid exceeding maximum pathname length of Unix socketDaiki Ueno2018-05-041-2/+7
|
* library: Use dedicated locale object for printing errorDaiki Ueno2018-05-015-15/+43
|
* Revert "build: Check strerror_l() and uselocale() seperately"Daiki Ueno2018-05-013-15/+5
| | | | | | | | | This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. We should rather use newlocale() when per-thread locale is not set. Otherwise uselocale() could return LC_GLOBAL_LOCALE on some platforms (e.g. musl-libc) and calling strerror_l() with it leads to an undefined behavior.
* build: Check strerror_l() and uselocale() seperatelyDaiki Ueno2018-04-193-5/+15
| | | | | | NetBSD deliberately doesn't support per-thread locale and our thread-safe replacement of strerror() using strerror_l() cannot be used. Fallback to strerror_r() in that case.
* travis: Optimize dnf install invocationDaiki Ueno2018-04-101-11/+7
|
* test: Add installcheck script to test trust moduleDaiki Ueno2018-04-102-1/+24
| | | | | Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module.
* trust: Prevent trust module being loaded by proxy moduleDaiki Ueno2018-04-101-0/+3
| | | | | Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance.
* travis: Run "make installcheck"Daiki Ueno2018-04-101-8/+16
|
* trust: Fix memleak in p11_enumerate_opt_filterDaiki Ueno2018-04-101-0/+1
| | | | | p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer.
* test: Factor out common harness from test-extract.inDaiki Ueno2018-04-105-95/+114
|
* test: Add test for JKS extractorDaiki Ueno2018-04-064-1/+224
| | | | | Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor.
* test: Add test for p11_attrs_purge()Daiki Ueno2018-04-061-0/+29
|
* mock-module-ep: Properly override C_GetFunctionListDaiki Ueno2018-04-061-1/+1
|
* modules: Add option to control module visibility from proxyDaiki Ueno2018-04-066-10/+118
| | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value.
* trust: add unit test for the "edk2-cacerts" extractorLaszlo Ersek2018-03-303-0/+214
| | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: implement the "edk2-cacerts" extractorLaszlo Ersek2018-03-301-1/+168
| | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: introduce the "edk2-cacerts" extractor skeletonLaszlo Ersek2018-03-304-1/+51
| | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* modules: Fix memleak in re-initialization caseDaiki Ueno2018-03-291-0/+1
|
* Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctlyJustin King-Lacroix2018-03-291-1/+6
| | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK.
* travis: Disallow failure on mingwDaiki Ueno2018-03-291-4/+0
|
* test: Add missing seven.module in Windows fixturesDaiki Ueno2018-03-291-0/+4
|
* travis: Use LOG_COMPILER to run tests under wineDaiki Ueno2018-03-291-3/+3
|
* build: Enable make check with wineDaiki Ueno2018-03-292-1/+14
|
* common: Fix compilation of runtime.c under mingwDaiki Ueno2018-03-292-10/+33
|
* test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZEDDaiki Ueno2018-03-294-1/+115
|
* test: Add test for error messagesDaiki Ueno2018-03-293-1/+113
|
* test: Use _exit() in child process to immediately close open FDsDaiki Ueno2018-03-291-1/+1
|
* test: Rewrite test-server.sh in TAP styleDaiki Ueno2018-03-291-11/+27
|
* test: Take advantage of TAP test driverDaiki Ueno2018-03-293-0/+6
|
* common: Add assert_skip() and assert_todo()Daiki Ueno2018-03-292-15/+126
|
* test-server.sh: Fix bashismAndreas Metzler2018-02-281-4/+4
|
* Release 0.23.10Daiki Ueno2018-02-272-1/+13
|
* maint: Point to the new URLsDaiki Ueno2018-02-272-5/+5
|
* test-server: Add test for detecting addressDaiki Ueno2018-02-271-1/+29
|
* test-server: Fix compilation error on FreeBSDDaiki Ueno2018-02-271-0/+1
|
* common, client: Move runtime directory detection to libp11-commonDaiki Ueno2018-02-275-65/+292
|
* common: Make p11_test_directory_delete() work recursivelyDaiki Ueno2018-02-271-1/+11
|
* test: Improve temporary directory handlingDaiki Ueno2018-02-272-2/+6
|
* p11_kit_remote_serve_tokens: Read "write-protected" setting from URIDaiki Ueno2018-02-272-0/+42
|
* filter: Respect CKF_WRITE_PROTECTED setting when allowing a tokenDaiki Ueno2018-02-272-16/+134
|
* test: Add test for client-server interactionDaiki Ueno2018-02-274-3/+213
| | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module.
* server: Print envvars even when running in foregroundDaiki Ueno2018-02-271-22/+39
|
* test-transport: Make sure to initialize addrlen given to acceptDaiki Ueno2018-02-271-0/+1
|
* client: Fix memleaks in the moduleDaiki Ueno2018-02-271-3/+9
|
* test: Fix unconditional jump in test-proxy.cDaiki Ueno2018-02-271-0/+1
|
* doc: Replace links to freedesktop.org to github pagesDaiki Ueno2018-02-264-10/+10
|
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-057-15/+101
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630