summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Add compat gmtime_r() and timegm() functionsStef Walter2013-03-033-0/+76
| | | | Not available on Win32 or ancient unixes
* Add compat mkstemp() and mkdtemp() functionsStef Walter2013-03-032-0/+156
| | | | Not available on Win32 or ancient unixes
* Add compat vasprintf() and asprintf() functionsStef Walter2013-03-033-0/+84
| | | | These are not available on Win32 and ancient unixes
* Add compat strndup() functionStef Walter2013-03-033-0/+30
| | | | Not available on Win32 and ancient unixes
* Abstract mmap() into a compat APIStef Walter2013-03-035-79/+160
| | | | | The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions.
* Use putenv() instead of setenv()Stef Walter2013-03-0316-16/+16
| | | | Since older operating systems don't support setenv()
* Add compat implementation of basename()Stef Walter2013-03-033-2/+71
| | | | For Win32 and older unixes
* tools: Update comments for cacerts jks formatStef Walter2013-03-031-4/+4
|
* Rename p11_module_xxx() compat functions to p11_dl_xxx()Stef Walter2013-03-033-24/+29
| | | | | | | For clarity. In addition, make p11_dl_close() able to be used as a destroyer callback. Also make p11_dl_error() return an allocated string
* Update the pkcs11.h header for missing mechanismsStef Walter2013-02-202-1/+26
|
* Only do shared object and DLL initialization in librariesStef Walter2013-02-204-49/+122
| | | | | | Don't do library initialization on shared object load when not running in a library. We'll want to plug into this and do different things per library in the future.
* Move pkcs11.conf and module documentation to a manual pageStef Walter2013-02-206-162/+239
|
* Pull translations from transifexStef Walter2013-02-1340-21/+11845
| | | | | | * Build a script to help with this https://bugs.freedesktop.org/show_bug.cgi?id=60792
* Relicense the buffer code appropriate for inclusion in p11-kitStef Walter2013-02-122-46/+68
| | | | | * All original lines in this file upon arrival in the p11-kit project were written by me, and copyright held by me.
* Release version 0.15.2Stef Walter2013-02-122-1/+7
| | | | * This is an unstable release
* Add finish translationTimo Jyrinki2013-02-122-0/+344
|
* Add and enable German gettext translationAndreas Metzler2013-02-124-0/+361
| | | | | Enable installation of gettext translations and add German translation by Chris Leick.
* Respect destdir when creating package module config directoryAndreas Metzler2013-02-121-1/+1
|
* Fix dereference of varargs in p11_attrs_build()Stef Walter2013-02-111-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60473
* Remove unnecessary code to be more compatible with various libtasn1 versionsStef Walter2013-02-111-4/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=60434
* Don't require explictly disabling trust module if --without-libtasn1Andreas Metzler2013-02-071-12/+16
| | | | | | | And provide more intelligent error messages about why to build with libtasn1 Tweaked by Stef Walter
* Fix various clang analyzer warningsStef Walter2013-02-068-8/+29
| | | | | * Add annotations to our precondition functions so that they don't make the analyzer complain
* Our minimum version of libtasn1 is 2.14Stef Walter2013-02-051-1/+1
|
* Release version 0.15.1Stef Walter2013-02-052-1/+15
| | | | * This is an unstable release
* Add a placeholder external 'extract-trust' commandStef Walter2013-02-056-0/+75
|
* Implement support for java JKS keystore formatStef Walter2013-02-054-2/+339
| | | | | * All aliases must be lower case in order to work with the default keystore implementation.
* Use the CN, OU or O of certificates to generate a labelStef Walter2013-02-0514-101/+318
| | | | | * This is in cases where the certificate information does not already have a friendly name or alias.
* Add support for exporting OpenSSL's TRUSTED CERTIFICATE formatStef Walter2013-02-0518-0/+2378
|
* Add support for extracting to pem-bundle and pem-directory formatsStef Walter2013-02-059-0/+541
|
* Implement code for writing PEMStef Walter2013-02-055-4/+237
| | | | | | | * Based on the gcr code * Bring in base64 output code from BSD * Make sure to output base64 lines of 64 character length since this is what OpenSSL expects
* Implement basic extract supportStef Walter2013-02-0515-2/+1796
| | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract
* Support for sane writing to files extractedStef Walter2013-02-0510-0/+1504
| | | | | | * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way
* Add public iterator API to p11-kitStef Walter2013-02-0513-10/+2308
|
* Allow internal use of token and module info matchingStef Walter2013-02-052-20/+41
|
* Move the X.509 extension parsing code in common/Stef Walter2013-02-055-133/+335
| | | | * So it can be used by other code, in addition to the trust stuff
* Add p11_array_clear() functionStef Walter2013-02-053-7/+43
| | | | * Clears an array without freeing the array itself
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-0511-53/+804
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-0514-667/+1193
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-058-168/+552
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-0517-387/+1450
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Better debugging and checks for attribute valuesStef Walter2013-02-054-86/+124
|
* Add tool for testing how fast the token loadsStef Walter2013-02-052-0/+65
|
* Some debug info about which files are being loadedStef Walter2013-02-051-2/+15
|
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-054-0/+40
|
* Add the builtin roots NSS specific objectStef Walter2013-02-054-5/+61
| | | | This tells NSS that this is a source of anchors.
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-058-40/+368
|
* Add support for parsing PEM filesStef Walter2013-02-0512-6/+910
|
* Add basic trust moduleStef Walter2013-02-0560-47/+6580
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Add basic checksum algorithmsStef Walter2013-02-056-2/+766
| | | | | | The SHA-1 and MD5 digests here are used for checksums in legacy protocols. We don't use them in cryptographic contexts at all. These particular algorithms would be poor choices for that.
* Remove the unused err() function and friendsStef Walter2013-02-052-187/+0
| | | | | We want to use p11_message in our commands anyway, since that allows us control with --verbose and --quiet.