summaryrefslogtreecommitdiff
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* rpc: Implement PKCS#11 messages/client/server codeStef Walter2014-07-081-0/+2
| | | | | | | | | | | | * This enables passing around bytes which represent PKCS#11 RPC calls. * Caller is responsible for connecting/disconnecting and so on. * Client side caller gets a mixin from p11_rpc_client_init() to call into, which generates callbacks with byte arrays to be transported. * Server side calls p11_rpc_server_handle() with a CK_FUNCTION_LIST_PTR on which relevant methods get called. * Doesn't yet implement the actual daemon or clients etc... https://bugs.freedesktop.org/show_bug.cgi?id=54105
* p11-kit: Mark p11_kit_be_quiet() and p11_kit_be_loud() stableStef Walter2014-07-041-2/+2
| | | | | These are useful functions for callers who want to supress all output from p11-kit library.
* Build in srcdir != builddir fashion by defaultStef Walter2014-01-141-1/+2
| | | | Naturally this doesn't apply to tarballs
* Move gtk-doc.make into build directoryStef Walter2014-01-141-1/+1
|
* Fix documentation buildStef Walter2013-09-231-11/+13
|
* Documentation tweaksStef Walter2013-09-042-1/+3
|
* Release version 0.19.4Stef Walter2013-08-291-0/+3
|
* trust: Document the new command line trust toolStef Walter2013-08-295-139/+384
|
* iter: Add a p11_kit_iter_destroy_object() functionStef Walter2013-08-281-0/+1
| | | | Handy function since this is a common need.
* iter: Add p11_kit_iter_set_uri() functionStef Walter2013-08-281-1/+2
| | | | This is so we can set a filtering uri on the iterator after construction
* iter: Add p11_kit_iter_get_token() callStef Walter2013-08-281-0/+1
| | | | | To get the already loaded CK_TOKEN_INFO during iteration for the token that the current object is on.
* iter: Add new P11_KIT_ITER_WANT_WRITABLE iterator behaviorStef Walter2013-08-281-1/+0
| | | | | This allows us to try to get a RW session, but if not fallback to a read-only session.
* doc: Add identifiers to doc sections so gtk-doc doesn't autogen themStef Walter2013-07-183-10/+10
|
* Fix extract example in documentationStef Walter2013-07-181-1/+1
|
* Support expanding $XDG_CONFIG_HOME in user config pathsStef Walter2013-07-186-18/+52
| | | | | | | | | | If ~/.config is specified as a prefix to a configured path, then it is expanded to the $XDG_CONFIG_HOME if that exists Add --with-user-config ./configure option to configure a different user config directory. Interpolate the right directories into documentation.
* Don't load configs from user directory when setuidStef Walter2013-07-182-0/+6
| | | | | | | When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
* Various documentation tweaks and fixes for warningsStef Walter2013-07-102-1/+5
|
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-101-0/+11
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* Reorganize various componentsStef Walter2013-06-251-1/+0
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Mark p11_kit_message() as a stable functionStef Walter2013-05-211-1/+1
|
* Add the log-calls module config optionStef Walter2013-05-213-0/+25
| | | | | If 'log-calls = yes' is set then all the PKCS#11 modules are logged to stderr.
* Manage C_CloseAllSessions function for multiple callersStef Walter2013-05-211-0/+6
| | | | | | Make C_CloseAllSessions work for different callers. Track the sessions that each caller opens and close just those when C_CloseAllSessiosn is called.
* Update the proxy module to use managed PKCS#11 modulesStef Walter2013-05-211-0/+1
| | | | | | | | | | Each time C_GetFunctionList is called on the proxy module, a new managed PKCS#11 set of functions is returned. These are all cleaned up when the module is unloaded. We want the proxy module to continue to work even without the highly recommended libffi. For that reason we still keep the old behavior of sharing state in the proxy module.
* p11-kit: Managed PKCS#11 module loadingStef Walter2013-05-216-56/+134
| | | | | | | | | Support a new managed style module loading for PKCS#11 modules. This allows us to better coordinate between multiple callers of the same PKCS#11 modules and provide hooks into their behavior. This meant redoing the public facing API. The old methods are now deprecated, marked and documented as such.
* Use libffi to implement mixins for managed codeStef Walter2013-05-162-2/+6
| | | | | | * This allows us to call into subclassed PKCS#11 modules as if they were plain old PKCS#11 modules * libffi is an optional dependency
* doc: Use gtk-doc in the no-tmpl flavorStef Walter2013-04-041-0/+6
|
* manual: Use a consistent docbook versionStef Walter2013-04-046-12/+16
|
* Fix documentation so it builds out of treeStef Walter2013-04-032-2/+5
|
* Add a bit of infrastructure for running valgrindStef Walter2013-03-202-0/+8
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* Fix distcheck and documentationStef Walter2013-03-151-10/+5
|
* trust: Support a p11-kit specific serialization formatStef Walter2013-03-151-0/+54
| | | | | | | This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* extract: Combine trust policy when extractingStef Walter2013-03-151-3/+16
| | | | | | | | | | * Collapse multiple identical certificates coming from different tokens. Note that if a certificate should not be placed multiple times on a token. We cannot know which one to respect. * Add a new extract filter: --trust-policy This extracts all anchor and blacklist information https://bugs.freedesktop.org/show_bug.cgi?id=61497
* extract: --comment option adds comments to PEM bundlesStef Walter2013-03-151-0/+5
| | | | | | | | * Placed before the certificate, simple one liner * No need to put comments in PEM files extracted into directories, as the file names are already descriptive. https://bugs.freedesktop.org/show_bug.cgi?id=62029
* p11-kit: New priority option and change trust-policy optionStef Walter2013-03-152-7/+18
| | | | | | | | | | | | | | * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978
* trust: Rework input path treatmentStef Walter2013-03-151-27/+34
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* doc: Move manual into doc/manual subdirectoryStef Walter2013-03-1215-135/+137
|
* Document and put code coverage onlineStef Walter2013-03-081-0/+22
| | | | | * Document our testing practices * Put lcov code coverage output online
* doc: Fix external URLs in documentationStef Walter2013-03-071-6/+6
|
* doc: Add P11_KIT_STRICT=yes debugging tipStef Walter2013-03-071-0/+11
|
* doc: Don't wrap the options in the pkcs11.conf manual pageStef Walter2013-03-071-6/+6
|
* Move pkcs11.conf and module documentation to a manual pageStef Walter2013-02-205-162/+238
|
* Add a placeholder external 'extract-trust' commandStef Walter2013-02-052-0/+42
|
* Implement support for java JKS keystore formatStef Walter2013-02-051-0/+4
| | | | | * All aliases must be lower case in order to work with the default keystore implementation.
* Add support for exporting OpenSSL's TRUSTED CERTIFICATE formatStef Walter2013-02-051-0/+8
|
* Add support for extracting to pem-bundle and pem-directory formatsStef Walter2013-02-051-0/+8
|
* Implement basic extract supportStef Walter2013-02-053-1/+99
| | | | | | * The only formats supported are x509-file and x509-directory Allow tool to build without extract
* Add public iterator API to p11-kitStef Walter2013-02-054-0/+88
|
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-0/+11
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Add the builtin roots NSS specific objectStef Walter2013-02-051-1/+4
| | | | This tells NSS that this is a source of anchors.
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-0/+8
|