| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
* The index holds PKCS#11 objects whether for the token or for the session.
* The index provides hook for a builder to expand or validate objects
being added to the index.
* In addition theres a change hook so that a builder can maintain state
between objects, such as the compat NSS trust objects.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
| |
This takes one set of attributes and merges them into
another, without copying memory needlessly.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
|
|
| |
In order to unmarry the parser from the future builder, but still retain
efficiency, we need to be able to cache parsed ASN.1 trees. The ASN.1
cache provides this. In addition it carries around the loaded ASN.1
definitions.
https://bugs.freedesktop.org/show_bug.cgi?id=62329
|
|
|
|
|
|
|
|
|
|
| |
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
|
|
|
|
|
|
|
|
| |
* Placed before the certificate, simple one liner
* No need to put comments in PEM files extracted into
directories, as the file names are already descriptive.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
|
|
|
|
|
|
|
|
| |
Also if automatically calculating length, then ignore input
that is NULL, as something that shouldn't be written out.
This allows easier chaining of optional output, such as comments.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Each source directory or file configured into the module or passed
in as an initialization argument becomes its own token.
Previously there was one token that contained certificates from
all the configured paths.
* These tokens are clearly labeled in the token info as
to the directory or file that they represent.
* Update PKCS#11 module logic to deal with multiple tokens, validate
the slot ids and so on.
* The order in which the paths are configured will become the
order of trust priority. This is the same order in which they
are listed through 'p11-kit list-modules' and C_GetSlotList.
* Update the frob-token internal tool to only play with one path
* Adjust tests where necessary to reflect the new state of things
and add tests for modified trust module code
https://bugs.freedesktop.org/show_bug.cgi?id=61499
|
|
|
|
|
|
|
| |
* This was already possible to do safely before
* Document and test this behavior
https://bugs.freedesktop.org/show_bug.cgi?id=61499
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
|
|
|
|
|
| |
When bringing over the BSD base64 code, there was a regression.
In addition add some tests for the base64 stuff.
|
| |
|
|
|
|
|
|
| |
Double check various combinations, and make sure we don't fail
needlessly when --disable-trust-module. Also check that actual
paths are passed into the arguments.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Fixes a regression
* In addition allows --help to be specified before the command. If
a command is present, command help will be shown
https://bugs.freedesktop.org/show_bug.cgi?id=62153
|
|
|
|
|
|
|
| |
Unless initialized according to the environment all debug output
is printed.
https://bugs.freedesktop.org/show_bug.cgi?id=62152
|
| |
|
|
|
|
|
| |
This flag is not required to be set unless C_InitToken has been
called. Many modules, like libnssckbi.so, do not set this flag.
|
|
|
|
|
| |
Add a simple tool to dump NSS style distrust attributes from
a module.
|
|
|
|
|
| |
NSS had subtly changed the values of the distrust CK_TRUST codes
so update them to stay in sync.
|
|
|
|
|
| |
This is because we have no way to load this data into the trust module.
Working on a real solution.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
The --purpose option would only match certificates that had no
purposes marked on them. Fix it so that it correctly matches
certificates with the given purpose.
https://bugs.freedesktop.org/show_bug.cgi?id=62009
|
|
|
|
|
| |
* Document our testing practices
* Put lcov code coverage output online
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=62001
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
The field defaults to FALSE. It sucks that libtasn1 doesn't
fill this in for us.
https://bugs.freedesktop.org/show_bug.cgi?id=61975
|
| |
|
|
|
|
|
| |
If the 'p11-kit extract-trust' command is to be used by
distributions, make them customize it appropriately.
|
| |
|
| |
|
|
|
|
|
|
| |
Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=61739
|
|
|
|
|
| |
Rewrite the mock.h header to relicense it. It is based on the BSD
licensed mock.c file, so this isn't a big issue.
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=60894
|
|
|
|
|
|
| |
This fixes building --without-libtasn1
https://bugs.freedesktop.org/show_bug.cgi?id=61740
|
|
|
|
| |
This fixes hangs when running tests on windows
|
|
|
|
|
|
|
| |
* Don't create symlinks on windows
* No atomic renames, so delete and then rename
* Make sure to close files before unlinking on windows
* No chmod permissions on windows
|
|
|
|
|
|
| |
The way that coverage is built and linked is different with mingw
so just use the --coverage flag to represent the correct behavior
when cross compiling.
|
|
|
|
|
| |
On Win32 wchar_t is only 2 bytes, which breaks our UTF-8 conversion
functions.
|
| |
|
|
|
|
| |
So that the Windows' C library doesn't munge line endings
|
|
|
|
| |
Not available on Win32 or ancient unixes
|