Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix syntax errors in OS_WIN32 ifdefs | Stef Walter | 2013-03-03 | 6 | -10/+14 |
| | |||||
* | Open files in binary mode on windows | Stef Walter | 2013-03-03 | 4 | -8/+11 |
| | | | | So that the Windows' C library doesn't munge line endings | ||||
* | Add compat gmtime_r() and timegm() functions | Stef Walter | 2013-03-03 | 3 | -0/+76 |
| | | | | Not available on Win32 or ancient unixes | ||||
* | Add compat mkstemp() and mkdtemp() functions | Stef Walter | 2013-03-03 | 2 | -0/+156 |
| | | | | Not available on Win32 or ancient unixes | ||||
* | Add compat vasprintf() and asprintf() functions | Stef Walter | 2013-03-03 | 3 | -0/+84 |
| | | | | These are not available on Win32 and ancient unixes | ||||
* | Add compat strndup() function | Stef Walter | 2013-03-03 | 3 | -0/+30 |
| | | | | Not available on Win32 and ancient unixes | ||||
* | Abstract mmap() into a compat API | Stef Walter | 2013-03-03 | 5 | -79/+160 |
| | | | | | The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions. | ||||
* | Use putenv() instead of setenv() | Stef Walter | 2013-03-03 | 16 | -16/+16 |
| | | | | Since older operating systems don't support setenv() | ||||
* | Add compat implementation of basename() | Stef Walter | 2013-03-03 | 3 | -2/+71 |
| | | | | For Win32 and older unixes | ||||
* | tools: Update comments for cacerts jks format | Stef Walter | 2013-03-03 | 1 | -4/+4 |
| | |||||
* | Rename p11_module_xxx() compat functions to p11_dl_xxx() | Stef Walter | 2013-03-03 | 3 | -24/+29 |
| | | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string | ||||
* | Update the pkcs11.h header for missing mechanisms | Stef Walter | 2013-02-20 | 2 | -1/+26 |
| | |||||
* | Only do shared object and DLL initialization in libraries | Stef Walter | 2013-02-20 | 4 | -49/+122 |
| | | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future. | ||||
* | Move pkcs11.conf and module documentation to a manual page | Stef Walter | 2013-02-20 | 6 | -162/+239 |
| | |||||
* | Pull translations from transifex | Stef Walter | 2013-02-13 | 40 | -21/+11845 |
| | | | | | | * Build a script to help with this https://bugs.freedesktop.org/show_bug.cgi?id=60792 | ||||
* | Relicense the buffer code appropriate for inclusion in p11-kit | Stef Walter | 2013-02-12 | 2 | -46/+68 |
| | | | | | * All original lines in this file upon arrival in the p11-kit project were written by me, and copyright held by me. | ||||
* | Release version 0.15.2 | Stef Walter | 2013-02-12 | 2 | -1/+7 |
| | | | | * This is an unstable release | ||||
* | Add finish translation | Timo Jyrinki | 2013-02-12 | 2 | -0/+344 |
| | |||||
* | Add and enable German gettext translation | Andreas Metzler | 2013-02-12 | 4 | -0/+361 |
| | | | | | Enable installation of gettext translations and add German translation by Chris Leick. | ||||
* | Respect destdir when creating package module config directory | Andreas Metzler | 2013-02-12 | 1 | -1/+1 |
| | |||||
* | Fix dereference of varargs in p11_attrs_build() | Stef Walter | 2013-02-11 | 1 | -1/+1 |
| | | | | https://bugs.freedesktop.org/show_bug.cgi?id=60473 | ||||
* | Remove unnecessary code to be more compatible with various libtasn1 versions | Stef Walter | 2013-02-11 | 1 | -4/+1 |
| | | | | https://bugs.freedesktop.org/show_bug.cgi?id=60434 | ||||
* | Don't require explictly disabling trust module if --without-libtasn1 | Andreas Metzler | 2013-02-07 | 1 | -12/+16 |
| | | | | | | | And provide more intelligent error messages about why to build with libtasn1 Tweaked by Stef Walter | ||||
* | Fix various clang analyzer warnings | Stef Walter | 2013-02-06 | 8 | -8/+29 |
| | | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain | ||||
* | Our minimum version of libtasn1 is 2.14 | Stef Walter | 2013-02-05 | 1 | -1/+1 |
| | |||||
* | Release version 0.15.1 | Stef Walter | 2013-02-05 | 2 | -1/+15 |
| | | | | * This is an unstable release | ||||
* | Add a placeholder external 'extract-trust' command | Stef Walter | 2013-02-05 | 6 | -0/+75 |
| | |||||
* | Implement support for java JKS keystore format | Stef Walter | 2013-02-05 | 4 | -2/+339 |
| | | | | | * All aliases must be lower case in order to work with the default keystore implementation. | ||||
* | Use the CN, OU or O of certificates to generate a label | Stef Walter | 2013-02-05 | 14 | -101/+318 |
| | | | | | * This is in cases where the certificate information does not already have a friendly name or alias. | ||||
* | Add support for exporting OpenSSL's TRUSTED CERTIFICATE format | Stef Walter | 2013-02-05 | 18 | -0/+2378 |
| | |||||
* | Add support for extracting to pem-bundle and pem-directory formats | Stef Walter | 2013-02-05 | 9 | -0/+541 |
| | |||||
* | Implement code for writing PEM | Stef Walter | 2013-02-05 | 5 | -4/+237 |
| | | | | | | | * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects | ||||
* | Implement basic extract support | Stef Walter | 2013-02-05 | 15 | -2/+1796 |
| | | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract | ||||
* | Support for sane writing to files extracted | Stef Walter | 2013-02-05 | 10 | -0/+1504 |
| | | | | | | * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way | ||||
* | Add public iterator API to p11-kit | Stef Walter | 2013-02-05 | 13 | -10/+2308 |
| | |||||
* | Allow internal use of token and module info matching | Stef Walter | 2013-02-05 | 2 | -20/+41 |
| | |||||
* | Move the X.509 extension parsing code in common/ | Stef Walter | 2013-02-05 | 5 | -133/+335 |
| | | | | * So it can be used by other code, in addition to the trust stuff | ||||
* | Add p11_array_clear() function | Stef Walter | 2013-02-05 | 3 | -7/+43 |
| | | | | * Clears an array without freeing the array itself | ||||
* | Implement trust assertion PKCS#11 objects | Stef Walter | 2013-02-05 | 11 | -53/+804 |
| | | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates | ||||
* | Refactor how parsing of ASN.1 data and certificate extensions work | Stef Walter | 2013-02-05 | 14 | -667/+1193 |
| | |||||
* | Fill in certificate authority and trust data correctly | Stef Walter | 2013-02-05 | 8 | -168/+552 |
| | | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such. | ||||
* | Implement stapled certificate extensions internally | Stef Walter | 2013-02-05 | 17 | -387/+1450 |
| | | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser | ||||
* | Better debugging and checks for attribute values | Stef Walter | 2013-02-05 | 4 | -86/+124 |
| | |||||
* | Add tool for testing how fast the token loads | Stef Walter | 2013-02-05 | 2 | -0/+65 |
| | |||||
* | Some debug info about which files are being loaded | Stef Walter | 2013-02-05 | 1 | -2/+15 |
| | |||||
* | Test a TRUSTED CERTIFICATE without any trust OIDs | Stef Walter | 2013-02-05 | 4 | -0/+40 |
| | |||||
* | Add the builtin roots NSS specific object | Stef Walter | 2013-02-05 | 4 | -5/+61 |
| | | | | This tells NSS that this is a source of anchors. | ||||
* | Add support for openssl TRUSTED CERTIFICATE PEM files | Stef Walter | 2013-02-05 | 8 | -40/+368 |
| | |||||
* | Add support for parsing PEM files | Stef Walter | 2013-02-05 | 12 | -6/+910 |
| | |||||
* | Add basic trust module | Stef Walter | 2013-02-05 | 60 | -47/+6580 |
| | | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects. |