| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
|
|
|
|
|
|
|
|
| |
* Placed before the certificate, simple one liner
* No need to put comments in PEM files extracted into
directories, as the file names are already descriptive.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Accept a single --with-trust-paths argument to ./configure
which cotnains all the input paths.
* The --with-system-anchors and --with-system-certificates
./configure arguments are no longer supported. Since they were
only present briefly, no provision is made for backwards
compatibility.
* Each input file is treated as containing anchors by default
unless an input certificate contains detailed trust information.
* The files in each input directory are not automatically treated
as anchors unless a certificate contains detailed trust information.
* The files in anchors/ subdirectory of each input directory are
automatically marked as anchors.
* The files in the blacklist/ subdirectory of each input directory
are automatically marked as blacklisted.
* Update tests and move around test certificates so we can
test these changes.
https://bugs.freedesktop.org/show_bug.cgi?id=62327
|
| |
|
|
|
|
|
| |
* Document our testing practices
* Put lcov code coverage output online
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
* All aliases must be lower case in order to work with the
default keystore implementation.
|
| |
|
| |
|
|
|
|
|
|
| |
* The only formats supported are x509-file and x509-directory
Allow tool to build without extract
|
| |
|
|
|
|
|
|
| |
* Implement trust assertions for anchored and distrusted certs
* Pinned certificate trust assertions are not implemented yet
* Add an internal tool for pulling apart bits of certificates
|
|
|
|
| |
This tells NSS that this is a source of anchors.
|
| |
|
|
|
|
|
|
| |
This is based off the roots-store from gnome-keyring and loads
certificates from a root directory and exposes them as PKCS#11
objects.
|
|
|
|
|
|
|
| |
* Unindent the main headings
* Don't wrap options
* Better spacing in table of contents
* Don't have line numbers on code examples
|
| |
|
| |
|
|
|
|
|
|
| |
* Try to make /etc/pkcs11/modules for administrator use
* Override the old pkg-config variables to help packages start
using the new location
|
|
|
|
| |
This does the opposite of p11_kit_be_quiet().
|
|
|
|
|
| |
* Move mock code into the common/ directory to be used by multiple
components of p11-kit
|
|
|
|
|
|
|
|
|
|
|
| |
Start using p11_ as our internal prefix rather than _p11_. We explicitly
export p11_kit_ so this is fine as far as visibility.
Move the threading, mutex, and module compat, dict, and array code
into the common directory too.
Take this opportunity to clean up a bit of internal API as well,
since so many lines are being touched internally.
|
|
|
|
|
|
| |
* P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably
never actually be returned. But kept for API compatibility.
* make distcheck doc fix
|
|
|
|
|
|
|
| |
* This allows user configured PKCS#11 modules by default.
* Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf
to go back to the previous behavior.
* Posted to the mailing list.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* And want alphanumeric/_.- filenames
* Currently this is just a warning, soon it will be enforced
* The name of a module does not include the extension
Andreas Metzler and Ubuntu both worked on this patch, and I've made
some more changes.
See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436
https://bugs.freedesktop.org/show_bug.cgi?id=52158
|
|
|
|
|
|
|
|
| |
* These can be used to load certain modules in certain
programs, or prevent loading in others.
* Useful for a key manager like seahorse, so we can load
extra modules (think NSS) that other modules shouldn't
load.
|
|
|
|
|
|
|
|
| |
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
|
|
|
|
|
| |
* Default module path
* How to lookup paths using pkg-config
|
|
|
|
|
|
| |
* When a module has critical set to 'yes', and that module fails to init
then it aborts the entire init process.
* Defaults to 'no'
|
|
|
|
|
|
|
|
|
| |
* pinfile attribute was renamed to pin-source
* objecttype attribute was renamed to object-type
* secretkey value was renamed to secret-key
We continue to support parsing the old attribute names and values but
generate URIs with the new ones.
|
|
|
|
| |
* And also install example pkcs11.conf file.
|
|
|
|
|
| |
* After recent hash table rewrite we should be ignoring the new
file.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
* Add p11_kit_message() function to get last message.
|
| |
|
|
|
|
| |
of space terminated strings.
|
| |
|
|
|
|
|
| |
* This function will load a module from a file path, and then
initialize it.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Install headers to ${prefix}/include/p11-kit-1/p11-kit/
* This solves problems with other projects that have their own
pkcs11.h files.
* Change the pkg-config file name to p11-kit-1.pc
* Change the source file names.
|
|
|
|
|
|
|
|
|
|
|
| |
Use P11_KIT_DEBUG=xxx environment variable to enable tracing. Must
have been built without --disable-debug option.
P11_KIT_DEBUG can (at this point) be one of these values:
all
help
conf
lib
|