summaryrefslogtreecommitdiff
path: root/build/certs
Commit message (Collapse)AuthorAgeFilesLines
* Build in srcdir != builddir fashion by defaultStef Walter2014-01-141-1/+1
| | | | Naturally this doesn't apply to tarballs
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-041-9/+10
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* Don't try to guess at overflowing time values on 32-bit systemsStef Walter2013-03-282-0/+3
| | | | | | | | | Since CKA_START_DATE and CKA_END_DATE are the only places where we want to parse out times, and these are optional, just leave blank if the time overflows what libc can handle on a 32-bit system. https://bugs.freedesktop.org/show_bug.cgi?id=62825
* hash: Add the murmur2 hash and start using itStef Walter2013-03-201-3/+3
| | | | | | | | | | | Add implementation of the murmur2 hash function, and start using it for our dictionaries. Our implementation is incremental like our other hash functions. Also remove p11_oid_hash() which wasn't being used. In addition fix several tests whose success was based on the way that the dictionary hashed. This was a hidden testing bug.
* trust: Add a builder which builds objects out of parsed dataStef Walter2013-03-152-0/+0
| | | | | | | | | | | The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Rework input path treatmentStef Walter2013-03-152-6/+7
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* Add support for exporting OpenSSL's TRUSTED CERTIFICATE formatStef Walter2013-02-051-0/+9
|
* Add support for extracting to pem-bundle and pem-directory formatsStef Walter2013-02-051-0/+2
|
* Support for sane writing to files extractedStef Walter2013-02-051-0/+2
| | | | | | * Implement atomic writes of files * Writing with checks that not overwriting anything unless desired * Writing and overwriting of directory contents in a robust way
* Test a TRUSTED CERTIFICATE without any trust OIDsStef Walter2013-02-052-0/+2
|
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-0/+3
|
* Add support for parsing PEM filesStef Walter2013-02-051-0/+1
|
* Add basic trust moduleStef Walter2013-02-0510-0/+65
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.