| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
This option was not completed in time, and as implemented suffers
from limitations that the module is not really completely isolated
as it still runs under the same user id as the calling process.
|
|
|
|
|
|
| |
Needed to fix MinGW builds.
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
| |
|
|
|
|
|
|
|
| |
The term 'stapled extensions' is confusing because it overloads
terminology used with OSCP stapling.
Suggested by Daniel Kahn Gillmor.
|
|
|
|
|
|
|
| |
Move our internal stuff to pkcs11i.h, and install the pkcs11x.h
header containing extensions.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
|
|
|
| |
CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that
rather than defining our own.
* Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com>
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
|
|
| |
This allows us to have old/new names for a given constant.
https://bugs.freedesktop.org/show_bug.cgi?id=83495
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
|
|
|
|
| |
Check for pthread_create() in pthread library instaed of
pthread_mutexattr_init(). This fixes a linking error on FreeBSD.
https://bugs.freedesktop.org/show_bug.cgi?id=75674
|
|
|
|
| |
Pushed the wrong version
|
|
|
|
|
|
|
| |
The p11-kit-proxy.so module would not respect the critical = no setting
in module configuration, and fail if any module failed to initialize.
https://bugs.freedesktop.org/show_bug.cgi?id=83651
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building without debug build fails with:
CCLD p11-kit/p11-kit
./.libs/libp11-kit.so: undefined reference to `P11_RPC_CHECK_CALLS'
cc: error: linker command failed with exit code 1 (use -v to see
invocation)
gmake[2]: *** [p11-kit/p11-kit] Error 1
This happens because P11_RPC_CHECK_CALLS is not defined when
debugging is enabled, so provide a noop macro for that case.
|
|
|
|
|
| |
Since the public-key-info is an important part of the way we
represent trust, show it in 'trust list' if --details is present.
|
| |
|
|
|
|
|
|
| |
Previously we would output a line like this:
p11-kit: 'node != NULL' not true at lookup_extension
|
|
|
|
| |
Still use recursive for documentation and translation.
|
|
|
|
|
|
| |
The last commit caused dirfd() to become undefined.
https://bugs.freedesktop.org/show_bug.cgi?id=82617
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older pthreads implementations like glibc NPTL prior to version 2.12, and
uClibc linuxthreads (both), need _XOPEN_SOURCE to expose
pthread_mutexattr_settype() and THREAD_MUTEX_DEFAULT. The value 600 (SuSv3,
POSIX.1-2001) is equivalent to _POSIX_C_SOURCE 200112L.
Fixes the following build error:
CC compat.lo
compat.c: In function 'p11_mutex_init':
compat.c:164:2: warning: implicit declaration of function 'pthread_mutexattr_settype' [-Wimplicit-function-declaration]
compat.c:164:2: warning: nested extern declaration of 'pthread_mutexattr_settype' [-Wnested-externs]
compat.c:164:36: error: 'PTHREAD_MUTEX_DEFAULT' undeclared (first use in this function)
https://bugs.freedesktop.org/show_bug.cgi?id=82617
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=82328
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=82328
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Quieten down the clang scanner by telling it to expect
that our test assertions fail
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the
additional CertAux (ie: trust fields) information. It simply leaves
that block out. This happens with a command like:
$ openssl x509 -in my-cert.pem -out output -trustout
|
|
|
|
|
|
| |
This modifies our common unit test code so we can specify full
test paths on the command line, and restrict the run tests to
the ones specified. Order is not respected at this time.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Some mallocs (notably on Windows) have really poor behavior when
called repeatedly with a linearly growing buffer.
https://bugzilla.redhat.com/show_bug.cgi?id=985419
|
|
|
|
|
| |
When we hadn't forked, but were just not initialized, still return
CKR_CRYPTOKI_NOT_INITIALIZED from managed modules.
|
|
|
|
|
|
| |
When C_Finalize is called in the wrong process, it's often because
of a caller unaware of forking. This is a painful area of PKCS#11,
but at least for C_Finalize, lets not complain loudly about it.
|
|
|
|
|
|
|
| |
This sets 'remote' appropriately to run the module in a separate
process.
https://bugs.freedesktop.org/show_bug.cgi?id=80472
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=54105
|
|
|
|
|
| |
This adds a new tool to the p11-kit command called 'remote'. This
is the server side of remoting a PKCS#11 module.
|