| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
|
|
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
| |
|
|
|
|
|
| |
If 'log-calls = yes' is set then all the PKCS#11 modules are logged
to stderr.
|
|
|
|
|
|
| |
Make C_CloseAllSessions work for different callers. Track the sessions
that each caller opens and close just those when C_CloseAllSessiosn is
called.
|
|
|
|
|
|
|
|
|
|
| |
Each time C_GetFunctionList is called on the proxy module, a new
managed PKCS#11 set of functions is returned. These are all cleaned
up when the module is unloaded.
We want the proxy module to continue to work even without the highly
recommended libffi. For that reason we still keep the old behavior of
sharing state in the proxy module.
|
|
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
|
|
|
|
|
| |
* This allows us to call into subclassed PKCS#11 modules as if
they were plain old PKCS#11 modules
* libffi is an optional dependency
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
|
|
|
|
|
|
|
|
| |
* Placed before the certificate, simple one liner
* No need to put comments in PEM files extracted into
directories, as the file names are already descriptive.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
|
|
|