| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Fix some global variables not declared as extern
https://bugs.freedesktop.org/show_bug.cgi?id=66015
|
| |
|
|
|
|
|
|
| |
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
|
|
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Create directory before trying to write files to it
* Handle write failures appropriately
Refactor how we build and store objects in the index to handle
the above cases properly.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
As a courtesy for callers.
|
| |
|
|
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
|
|
|
|
|
|
|
|
|
| |
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
|
| |
|
|
|
|
| |
Some helpers for commonly used ASN.1 related stuff.
|
|
|
|
|
| |
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Cleans up a filename with readable characters.
|
|
|
|
|
|
| |
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
|
|
|
|
|
| |
Checks if a wellformed path is identical to or a prefix
of another path.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
|\ |
|
| | |
|
| |
| |
| |
| | |
Also sorta covers --help and -h usage
|
| |
| |
| |
| |
| | |
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
|
| |
| |
| |
| |
| |
| | |
Although we don't actually write anything out yet, make the
various PKCS#11 functions behave properly when faced with
requests to write to token objects
|
| |
| |
| |
| |
| | |
Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths
which we will be able to write to.
|
| |
| |
| |
| |
| | |
Gets the parent element of the path, removing the last component.
Handles trailing and duplicate path separators correctly.
|
| | |
|
| | |
|
|\ \
| |/ |
|
| | |
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Track number of C_Initialize calls, and require similar number
of C_Finalize calls to finalize.
This fixes leaks/disappearing sessions in the trust module.
https://bugs.freedesktop.org/show_bug.cgi?id=65401
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| | |
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| |
| |
| |
| |
| |
| |
| | |
Darwin and libtool seem confused about what shared library
extension they actually use.
https://bugs.freedesktop.org/show_bug.cgi?id=57714
|
| | |
|