| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
| |
|
|
|
|
|
| |
* p11-kit library and tool in the p11-kit/ subdirectory
* trust module and new trust tool in trust/ subdirectory
* No more tools/ subdirectory
* Lots less in the common/ subdirectory
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
Also sorta covers --help and -h usage
|
| | |
| |
| |
| |
| | |
There were various bugs passing arguments, with duplicates being
passed, as well as certain arguments being skipped.t
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of looking for external commands in the path, just look
for them in our private directory.
We want to be conservative early on, and limit what sorta things
we have to maintain later. We can later remove this restriction
if a real use case presents itself.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* Support the TAP protocol
* Much cleaner without having to carry around state
* First class support for setup/teardown
* Port the common tests
* Wait on porting other tests until we've merged outstanding code
|
| |/
|
|
|
|
|
|
|
| |
Support a new managed style module loading for PKCS#11 modules. This
allows us to better coordinate between multiple callers of the same
PKCS#11 modules and provide hooks into their behavior.
This meant redoing the public facing API. The old methods are now
deprecated, marked and documented as such.
|
| |
|
|
|
| |
These are possibly architecture specific binaries, so they should be
in $libdir/p11-kit and not in $datadir/p11-kit
|
| |
|
|
|
|
|
|
|
|
| |
Centralize the path handling code, so we can remove unixy assumptions
and have a chance of running on Windows. The current goal is to run
all the tests on Windows.
Includes some code from LRN <lrn1986@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=63062
|
| |
|
|
|
|
|
|
|
|
|
| |
Put library init/uninit code its into their own statically
linked library so that they don't get linked into the p11-kit
executable.
Refactor the message code so that the library initialization can
plug in its per thread message buffer.
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
| |
|
|
|
|
| |
Don't reference an undefined macro
https://bugs.freedesktop.org/show_bug.cgi?id=63046
|
| |
|
|
| |
Also remove some generated files from the po/ directory.
|
| | |
|
| |
|
|
|
| |
* make memcheck: Runs basic memory checking
* make leakcheck: Also runs leak checking
|
| |
|
|
|
|
|
|
|
|
|
| |
Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.
Also remove p11_oid_hash() which wasn't being used.
In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.
|
| |
|
|
|
| |
We're going to be adding other hashes. Also build as part of a
different common library.
|
| |
|
|
|
|
| |
This is not a security feature or anything like that, but a hint
that the files are managed by the extract tool and should not be
modified manually.
|
| |
|
|
|
|
|
|
| |
There was a class of bugs for looking up invalid or empty
attributes in the internal PKCS#11 attribute arrays.
* Refine what p11_attrs_find_valid() treats as valid
* Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
|
| |
|
|
|
|
|
|
|
|
| |
* Collapse multiple identical certificates coming from different
tokens. Note that if a certificate should not be placed multiple
times on a token. We cannot know which one to respect.
* Add a new extract filter: --trust-policy
This extracts all anchor and blacklist information
https://bugs.freedesktop.org/show_bug.cgi?id=61497
|
| |
|
|
|
|
|
|
| |
* Placed before the certificate, simple one liner
* No need to put comments in PEM files extracted into
directories, as the file names are already descriptive.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
| |
|
|
|
|
|
|
|
| |
Also if automatically calculating length, then ignore input
that is NULL, as something that shouldn't be written out.
This allows easier chaining of optional output, such as comments.
https://bugs.freedesktop.org/show_bug.cgi?id=62029
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Sort loaded modules appropriately using the 'priority' option. This
allows us to have a predictable order for callers, when callers
iterate through modules.
* Modules default to having an 'priority' option of '0'.
* If modules have the same order value, then sort by name.
* The above assumes the role of ordering trust-policy sources.
* Change the trust-policy option to a boolean
* Some of this code will be rearranged when the managed branch
is merged.
https://bugs.freedesktop.org/show_bug.cgi?id=61978
|
| |
|
|
|
|
|
|
| |
* Fixes a regression
* In addition allows --help to be specified before the command. If
a command is present, command help will be shown
https://bugs.freedesktop.org/show_bug.cgi?id=62153
|
| |
|
|
|
|
|
| |
Unless initialized according to the environment all debug output
is printed.
https://bugs.freedesktop.org/show_bug.cgi?id=62152
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
The --purpose option would only match certificates that had no
purposes marked on them. Fix it so that it correctly matches
certificates with the given purpose.
https://bugs.freedesktop.org/show_bug.cgi?id=62009
|
| | |
|
| |
|
|
|
| |
If the 'p11-kit extract-trust' command is to be used by
distributions, make them customize it appropriately.
|
| |
|
|
|
|
| |
Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com>
https://bugs.freedesktop.org/show_bug.cgi?id=61739
|
| |
|
|
| |
This fixes hangs when running tests on windows
|
| |
|
|
|
|
|
| |
* Don't create symlinks on windows
* No atomic renames, so delete and then rename
* Make sure to close files before unlinking on windows
* No chmod permissions on windows
|
| |
|
|
| |
So that the Windows' C library doesn't munge line endings
|
| |
|
|
|
| |
The Win32 for mmap() is very different from Unix, so abstract
this into our own p11_mmap_xxx() functions.
|
| | |
|
| |
|
|
|
| |
* Add annotations to our precondition functions so that they
don't make the analyzer complain
|
| | |
|
| |
|
|
|
| |
* All aliases must be lower case in order to work with the
default keystore implementation.
|
| |
|
|
|
| |
* This is in cases where the certificate information does not
already have a friendly name or alias.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* The only formats supported are x509-file and x509-directory
Allow tool to build without extract
|
| |
|
|
|
|
| |
* Implement atomic writes of files
* Writing with checks that not overwriting anything unless desired
* Writing and overwriting of directory contents in a robust way
|
| |
|
|
|
|
| |
* Change the -l argument into the list-modules command.
* Add proper functions for printing usage
* Support for external commands in the path or /usr/share/p11-kit
|
| |
|
|
|
|
| |
It was getting really wild knowing whether a function returning
an int would return -1 on failure or 0 or whether the int return
value was actually a number etc..
|
