summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Fix distcheck and documentationStef Walter2013-03-151-10/+5
|
* trust: Support a p11-kit specific serialization formatStef Walter2013-03-151-0/+54
| | | | | | | This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* extract: Combine trust policy when extractingStef Walter2013-03-151-3/+16
| | | | | | | | | | * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497
* extract: --comment option adds comments to PEM bundlesStef Walter2013-03-151-0/+5
| | | | | | | | * Placed before the certificate, simple one liner * No need to put comments in PEM files extracted into directories, as the file names are already descriptive. https://bugs.freedesktop.org/show_bug.cgi?id=62029
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-152-7/+18
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* trust: Rework input path treatmentStef Walter2013-03-151-27/+34
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* doc: Move manual into doc/manual subdirectoryStef Walter2013-03-1215-135/+137
|
* Document and put code coverage onlineStef Walter2013-03-081-0/+22
| | | | | * Document our testing practices * Put lcov code coverage output online
* doc: Fix external URLs in documentationStef Walter2013-03-071-6/+6
|
* doc: Add P11_KIT_STRICT=yes debugging tipStef Walter2013-03-071-0/+11
|
* doc: Don't wrap the options in the pkcs11.conf manual pageStef Walter2013-03-071-6/+6
|
* Move pkcs11.conf and module documentation to a manual pageStef Walter2013-02-205-162/+238
|
* Add a placeholder external 'extract-trust' commandStef Walter2013-02-052-0/+42
|
* Implement support for java JKS keystore formatStef Walter2013-02-051-0/+4
| | | | | * All aliases must be lower case in order to work with the default keystore implementation.
* Add support for exporting OpenSSL's TRUSTED CERTIFICATE formatStef Walter2013-02-051-0/+8
|
* Add support for extracting to pem-bundle and pem-directory formatsStef Walter2013-02-051-0/+8
|
* Implement basic extract supportStef Walter2013-02-053-1/+99
| | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract
* Add public iterator API to p11-kitStef Walter2013-02-054-0/+88
|
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-0/+11
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Add the builtin roots NSS specific objectStef Walter2013-02-051-1/+4
| | | | This tells NSS that this is a source of anchors.
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-0/+8
|
* Add basic trust moduleStef Walter2013-02-056-1/+132
| | | | | | This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
* Tweak style of the manualStef Walter2013-02-054-7/+27
| | | | | | | * Unindent the main headings * Don't wrap options * Better spacing in table of contents * Don't have line numbers on code examples
* Add documentation about contributing to p11-kitStef Walter2013-02-055-57/+233
|
* Add a p11-kit tool manual pageStef Walter2013-02-053-35/+125
|
* Add a /usr/share/p11-kit/modules directory for package module configsStef Walter2013-02-051-2/+2
| | | | | | * Try to make /etc/pkcs11/modules for administrator use * Override the old pkg-config variables to help packages start using the new location
* Add p11_kit_be_loud() function for use in tests and toolsStef Walter2013-02-051-0/+1
| | | | This does the opposite of p11_kit_be_quiet().
* Add more mock-module implementationStef Walter2013-02-041-0/+3
| | | | | * Move mock code into the common/ directory to be used by multiple components of p11-kit
* Move debug and library code into the common/ subdirectoryStef Walter2013-01-091-1/+10
| | | | | | | | | | | Start using p11_ as our internal prefix rather than _p11_. We explicitly export p11_kit_ so this is fine as far as visibility. Move the threading, mutex, and module compat, dict, and array code into the common directory too. Take this opportunity to clean up a bit of internal API as well, since so many lines are being touched internally.
* Fix documentation warnings.Stef Walter2013-01-072-2/+3
| | | | | | * P11_KIT_URI_NO_MEMORY is an unexpected state, that will probably never actually be returned. But kept for API compatibility. * make distcheck doc fix
* Change the default of 'user-config' to merge.Stef Walter2012-09-061-2/+2
| | | | | | | * This allows user configured PKCS#11 modules by default. * Admins can change this to 'none' in /etc/pkcs11/pkcs11.conf to go back to the previous behavior. * Posted to the mailing list.
* Use '.module' extension on module configsStef Walter2012-07-241-2/+5
| | | | | | | | | | | | | * And want alphanumeric/_.- filenames * Currently this is just a warning, soon it will be enforced * The name of a module does not include the extension Andreas Metzler and Ubuntu both worked on this patch, and I've made some more changes. See https://bugs.launchpad.net/ubuntu/+source/p11-kit/+bug/911436 https://bugs.freedesktop.org/show_bug.cgi?id=52158
* Add enable-in and disable-in options to module configStef Walter2012-04-012-0/+28
| | | | | | | | * These can be used to load certain modules in certain programs, or prevent loading in others. * Useful for a key manager like seahorse, so we can load extra modules (think NSS) that other modules shouldn't load.
* Initial port to win32Stef Walter2011-10-171-1/+1
| | | | | | | | * Tests do not all yet pass, at least not on wine * Added abstraction of some non-portable functions in compat.h/c * Build with an argument like this for win32 support: ./autogen.sh --host=i586-mingw32msvc * This win32 port needs more work from interested parties
* Add documentation about the configuration pathsStef Walter2011-09-145-15/+76
| | | | | * Default module path * How to lookup paths using pkg-config
* Add 'critical' setting for modulesStef Walter2011-08-301-2/+22
| | | | | | * When a module has critical set to 'yes', and that module fails to init then it aborts the entire init process. * Defaults to 'no'
* Update PKCS#11 URI code for new draft of specStef Walter2011-08-052-1/+3
| | | | | | | | | * pinfile attribute was renamed to pin-source * objecttype attribute was renamed to object-type * secretkey value was renamed to secret-key We continue to support parsing the old attribute names and values but generate URIs with the new ones.
* Add example configuration documentation.Stef Walter2011-08-011-0/+48
| | | | * And also install example pkcs11.conf file.
* Cleanup documentation warningsStef Walter2011-07-271-2/+2
| | | | | * After recent hash table rewrite we should be ignoring the new file.
* More fine tuning of the pin APIs.Stef Walter2011-07-061-0/+1
|
* Add documentation for PIN callbacks.Stef Walter2011-07-063-1/+21
|
* Fixed typos and made options clearer.Stef Walter2011-06-091-3/+3
|
* Complete documentation for message functionality.Stef Walter2011-06-092-0/+7
|
* Store last failure message per thread.Stef Walter2011-06-091-1/+1
| | | | * Add p11_kit_message() function to get last message.
* Fix up documentationStef Walter2011-06-071-1/+4
|
* Add function p11_kit_uri_space_strlen() for figuring out the lengthStef Walter2011-05-301-0/+1
| | | | of space terminated strings.
* Allow use with CRYPTOKI_GNU style use of PKCS#11Stef Walter2011-05-301-1/+9
|
* Add p11_kit_load_initialize_module() function.Stef Walter2011-05-271-0/+1
| | | | | * This function will load a module from a file path, and then initialize it.
* Fix up documentationStef Walter2011-05-271-2/+7
|
* Fix problems with 'make distcheck'Stef Walter2011-05-271-1/+2
|
generated by cgit v1.1 at 2024-10-17 12:27:03 +0000