Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Improve const correctness for P11KitUri | Nathaniel McCallum | 2018-05-24 | 3 | -41/+41 |
| | | | | | | | | | This does not improve const for the getters. The reason for this is that they are usually passed into the PKCS#11 APIs directly and these APIs are not const correct. Trying to force const correctnesss here would result in pain for library consumers. This is an API and ABI compatible change. | ||||
* | README: replace by README.md | Nikos Mavrogiannopoulos | 2018-05-23 | 3 | -8/+2 |
| | | | | | | | | | That is, use README.md as primary source to generate README as README is required by the GNU guidelines. We don't try to convert to "real" plain text as markdown is readable, and to avoid introducing another dependency (e.g., pandoc). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | NEWS: mark the 0.23 series as stable | Nikos Mavrogiannopoulos | 2018-05-23 | 1 | -1/+1 |
| | | | | | | Resolves #80 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | README.md: added reference to Daiki's key | Nikos Mavrogiannopoulos | 2018-05-23 | 1 | -2/+23 |
| | | | | | | Resolves #153 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> | ||||
* | Release 0.23.11 | Daiki Ueno | 2018-05-07 | 2 | -1/+9 |
| | |||||
* | common: Pacify clang-analyzer | Daiki Ueno | 2018-05-07 | 1 | -3/+4 |
| | |||||
* | trust: Avoid array overflow | Daiki Ueno | 2018-05-07 | 2 | -3/+3 |
| | |||||
* | trust: Don't null terminate PKCS #11 string fields | Daiki Ueno | 2018-05-07 | 1 | -6/+6 |
| | |||||
* | proxy: Don't null terminate PKCS #11 string fields | Daiki Ueno | 2018-05-07 | 1 | -2/+2 |
| | |||||
* | test: Avoid exceeding maximum pathname length of Unix socket | Daiki Ueno | 2018-05-04 | 1 | -2/+7 |
| | |||||
* | library: Use dedicated locale object for printing error | Daiki Ueno | 2018-05-01 | 5 | -15/+43 |
| | |||||
* | Revert "build: Check strerror_l() and uselocale() seperately" | Daiki Ueno | 2018-05-01 | 3 | -15/+5 |
| | | | | | | | | | This reverts commit 173ad93cc54057886b2055f3d73ea64a047127d1. We should rather use newlocale() when per-thread locale is not set. Otherwise uselocale() could return LC_GLOBAL_LOCALE on some platforms (e.g. musl-libc) and calling strerror_l() with it leads to an undefined behavior. | ||||
* | build: Check strerror_l() and uselocale() seperately | Daiki Ueno | 2018-04-19 | 3 | -5/+15 |
| | | | | | | NetBSD deliberately doesn't support per-thread locale and our thread-safe replacement of strerror() using strerror_l() cannot be used. Fallback to strerror_r() in that case. | ||||
* | travis: Optimize dnf install invocation | Daiki Ueno | 2018-04-10 | 1 | -11/+7 |
| | |||||
* | test: Add installcheck script to test trust module | Daiki Ueno | 2018-04-10 | 2 | -1/+24 |
| | | | | | Currently it only checks that "disable-in: p11-kit-proxy" properly prevents the trust module being loaded by the proxy module. | ||||
* | trust: Prevent trust module being loaded by proxy module | Daiki Ueno | 2018-04-10 | 1 | -0/+3 |
| | | | | | Otherwise, when the proxy module were registerd in NSS database, the trust module would be loaded twice and degrade search performance. | ||||
* | travis: Run "make installcheck" | Daiki Ueno | 2018-04-10 | 1 | -8/+16 |
| | |||||
* | trust: Fix memleak in p11_enumerate_opt_filter | Daiki Ueno | 2018-04-10 | 1 | -0/+1 |
| | | | | | p11_kit_iter_add_filter() takes the ownership of given attributes. Spotted by address sanitizer. | ||||
* | test: Factor out common harness from test-extract.in | Daiki Ueno | 2018-04-10 | 5 | -95/+114 |
| | |||||
* | test: Add test for JKS extractor | Daiki Ueno | 2018-04-06 | 4 | -1/+224 |
| | | | | | Piggybacking commit de963b96, this adds a multi-cert test case for the Java keystore extractor. | ||||
* | test: Add test for p11_attrs_purge() | Daiki Ueno | 2018-04-06 | 1 | -0/+29 |
| | |||||
* | mock-module-ep: Properly override C_GetFunctionList | Daiki Ueno | 2018-04-06 | 1 | -1/+1 |
| | |||||
* | modules: Add option to control module visibility from proxy | Daiki Ueno | 2018-04-06 | 6 | -10/+118 |
| | | | | | | This enables to control whether a module will be loaded from the proxy module. The configuration reuses the "enable-in" and "disable-in" options, with a special literal "p11-kit-proxy" as the value. | ||||
* | trust: add unit test for the "edk2-cacerts" extractor | Laszlo Ersek | 2018-03-30 | 3 | -0/+214 |
| | | | | | | | | Add a multi-cert test case for the edk2 extractor, heavily based on the "/openssl/test_file_multiple" test case. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | trust: implement the "edk2-cacerts" extractor | Laszlo Ersek | 2018-03-30 | 1 | -1/+168 |
| | | | | | | | | | | | | | | | | | | | | | | | | Extract the DER-encoded X.509 certificates in the EFI_SIGNATURE_LIST format that is - defined by the UEFI 2.7 spec (using one inner EFI_SIGNATURE_DATA object per EFI_SIGNATURE_LIST, as specified for EFI_CERT_X509_GUID), - and expected by edk2's HttpDxe when it configures the certificate list for HTTPS boot from EFI_TLS_CA_CERTIFICATE_VARIABLE (see the TlsConfigCertificate() function in "NetworkPkg/HttpDxe/HttpsSupport.c"). The intended command line is p11-kit extract \ --format=edk2-cacerts \ --filter=ca-anchors \ --overwrite \ --purpose=server-auth \ $DEST/edk2/cacerts.bin Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | trust: introduce the "edk2-cacerts" extractor skeleton | Laszlo Ersek | 2018-03-30 | 4 | -1/+51 |
| | | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com> | ||||
* | modules: Fix memleak in re-initialization case | Daiki Ueno | 2018-03-29 | 1 | -0/+1 |
| | |||||
* | Treat CKR_CRYPTOKI_ALREADY_INITIALIZED correctly | Justin King-Lacroix | 2018-03-29 | 1 | -1/+6 |
| | | | | | | In p11_kit_modules_initialize(), treat a return code of CKR_CRYPTOKI_ALREADY_INITIALIZED as identical to CKR_OK. | ||||
* | travis: Disallow failure on mingw | Daiki Ueno | 2018-03-29 | 1 | -4/+0 |
| | |||||
* | test: Add missing seven.module in Windows fixtures | Daiki Ueno | 2018-03-29 | 1 | -0/+4 |
| | |||||
* | travis: Use LOG_COMPILER to run tests under wine | Daiki Ueno | 2018-03-29 | 1 | -3/+3 |
| | |||||
* | build: Enable make check with wine | Daiki Ueno | 2018-03-29 | 2 | -1/+14 |
| | |||||
* | common: Fix compilation of runtime.c under mingw | Daiki Ueno | 2018-03-29 | 2 | -10/+33 |
| | |||||
* | test: Add failing test for CKR_CRYPTOKI_ALREADY_INITIALIZED | Daiki Ueno | 2018-03-29 | 4 | -1/+115 |
| | |||||
* | test: Add test for error messages | Daiki Ueno | 2018-03-29 | 3 | -1/+113 |
| | |||||
* | test: Use _exit() in child process to immediately close open FDs | Daiki Ueno | 2018-03-29 | 1 | -1/+1 |
| | |||||
* | test: Rewrite test-server.sh in TAP style | Daiki Ueno | 2018-03-29 | 1 | -11/+27 |
| | |||||
* | test: Take advantage of TAP test driver | Daiki Ueno | 2018-03-29 | 3 | -0/+6 |
| | |||||
* | common: Add assert_skip() and assert_todo() | Daiki Ueno | 2018-03-29 | 2 | -15/+126 |
| | |||||
* | test-server.sh: Fix bashism | Andreas Metzler | 2018-02-28 | 1 | -4/+4 |
| | |||||
* | Release 0.23.10 | Daiki Ueno | 2018-02-27 | 2 | -1/+13 |
| | |||||
* | maint: Point to the new URLs | Daiki Ueno | 2018-02-27 | 2 | -5/+5 |
| | |||||
* | test-server: Add test for detecting address | Daiki Ueno | 2018-02-27 | 1 | -1/+29 |
| | |||||
* | test-server: Fix compilation error on FreeBSD | Daiki Ueno | 2018-02-27 | 1 | -0/+1 |
| | |||||
* | common, client: Move runtime directory detection to libp11-common | Daiki Ueno | 2018-02-27 | 5 | -65/+292 |
| | |||||
* | common: Make p11_test_directory_delete() work recursively | Daiki Ueno | 2018-02-27 | 1 | -1/+11 |
| | |||||
* | test: Improve temporary directory handling | Daiki Ueno | 2018-02-27 | 2 | -2/+6 |
| | |||||
* | p11_kit_remote_serve_tokens: Read "write-protected" setting from URI | Daiki Ueno | 2018-02-27 | 2 | -0/+42 |
| | |||||
* | filter: Respect CKF_WRITE_PROTECTED setting when allowing a token | Daiki Ueno | 2018-02-27 | 2 | -16/+134 |
| | |||||
* | test: Add test for client-server interaction | Daiki Ueno | 2018-02-27 | 4 | -3/+213 |
| | | | | | | | The test spawns a process running the server command and connects to it through p11-kit-client.so. It's is a bit tricky that the child process requires to preload libasan.so when ASan is in in effect, to properly load a mock module. |