| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
* This is in cases where the certificate information does not
already have a friendly name or alias.
|
|
|
|
|
|
|
| |
* Based on the gcr code
* Bring in base64 output code from BSD
* Make sure to output base64 lines of 64 character length since
this is what OpenSSL expects
|
| |
|
|
|
|
| |
* So it can be used by other code, in addition to the trust stuff
|
|
|
|
| |
* Clears an array without freeing the array itself
|
|
|
|
|
|
| |
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities
based on the presence of BasicConstraints and/or v1 certificates
* Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the
parser is running for anchors or blacklist
* In addition support the concept of blacklisted certificates mixed
in with the anchors (without any purposes) since that's what exists
in the real world.
* We do this after the various hooks have had a chance to mess
with the certificate extensions and such.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use stapled certificate extensions to represent loaded trust policy
* Build NSS trust objects from stapled certificate extensions
* Add further attribute debugging for NSS trust objects
* Use a custom certificate extension for the OpenSSL reject purpose data
* Use SubjectKeyIdentifier for OpenSSL keyid data
* Use ExtendedKeyUsage for OpenSSL trust purpose data
* Implement simple way to handle binary DER OIDs, using the DER TLV
length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere.
* Split out the building of NSS trust objects from the main parser
|
| |
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
| |
The SHA-1 and MD5 digests here are used for checksums in legacy
protocols. We don't use them in cryptographic contexts at all.
These particular algorithms would be poor choices for that.
|
|
|
|
|
| |
We want to use p11_message in our commands anyway, since that
allows us control with --verbose and --quiet.
|
|
|
|
| |
To be used from tests
|
|
|
|
|
| |
* Move mock code into the common/ directory to be used by multiple
components of p11-kit
|
|
|
|
|
|
|
|
| |
* Check that the size is correct when looking for a boolean
or a ulong.
* Make sure that the length is not the invalid negative ulong.
* Functions for dumping out attribute contents
* Make it possible to use attributes in hash tables
|
|
|
|
| |
Represents a block of memory that can be added to, parsed and so on
|
|
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
|
|
|
| |
* Make the gcc constructor call p11_library_init_once()
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Allows use of them across the whole project
* Put a stub file in the p11-kit/ directory, so we can still refer
to the headers using that path, which is what it will be at
when in the installed includes directory.
|
|
|
|
|
|
| |
* This is cleaner than building the same source files all over
the place over and over.
* Works better with code coverage.
|
|
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
|
|
|
|
|
|
| |
* Conditional inclusion of the errno.h header
* Link librt when appropriate for nanosleep
https://bugs.freedesktop.org/show_bug.cgi?id=52261
|
|
|
|
| |
* Wine uses normal slashes instead of backslashes on windows
|
|
|
|
|
|
| |
* Remove unused functions
* Use getprogname() instead of calc_progname() which no longer exists
* Fix up exporting of functions in the mock module
|
|
|
|
|
| |
* Add macros GNUC_PRINTF and GNUC_NULL_TERMINATED to check
correct printf and NULL terminated style varargs
|
|
|
|
| |
* And use them in our replacement err() and p11_kit_set_progname()
|
|
* And the compat stuff in the p11-kit directory merged
into util.c and util.h
|