summaryrefslogtreecommitdiff
path: root/trust/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* trust: introduce the "edk2-cacerts" extractor skeletonLaszlo Ersek2018-03-301-0/+1
| | | | | | | | Introduce the p11_extract_edk2_cacerts() skeleton. At the moment it always fails, silently. Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1559580 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
* trust: Forcibly mark "Default Trust" read-onlyDaiki Ueno2018-02-051-1/+5
| | | | | | | | The "Default Trust" token is typically mounted as $datadir, which is considered as read-only on modern OSes. Suggestd by Kai Engert in: https://bugzilla.redhat.com/show_bug.cgi?id=1523630
* build: Delay compilation of test-related stuffDaiki Ueno2018-01-301-4/+8
|
* build: Delay building test programs until "make check"Daiki Ueno2017-05-291-1/+1
| | | | | This is to disable clang-analyzer against test programs, which can contain several false-positives.
* rpc: Add PKCS#11 module that connects to socketDaiki Ueno2017-02-171-2/+1
| | | | | | | | | | | | | | | This patch adds a PKCS#11 module that connects to the p11-kit server exposed on the filesystem. The filename of the socket is determined in the following order: - $P11_KIT_SERVER_ADDRESS, if the envvar is available - $XDG_RUNTIME_DIR/p11-kit/pkcs11, if the envvar is available - /run/$(id -u)/p11-kit/pkcs11, if /run/$(id -u) exists - /var/run/$(id -u)/p11-kit/pkcs11, if /var/run/$(id -u) exists - ~/.cache/p11-kit/pkcs11. Note that the program loading this module may have called setuid() and secure_getenv() which we use for fetching envvars could return NULL.
* trust: Implement a 'trust dump' commandStef Walter2017-01-311-0/+1
| | | | | | | | | | | This dumps all the PKCS#11 objects in the internal .p11-kit persistence format. This is part of the trust command and tooling, even though at some point it could go in the p11-kit command. The reason for this is that the code related to the internal .p11-kit objects is in the trust code, and consumed solely by the trust related modules.
* trust: add missing libtasn1 cflagsRoman Bogorodskiy2014-10-071-0/+39
| | | | Add a number of missing LIBTASN1_CFLAGS where it's required
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-151-70/+203
| | | | Still use recursive for documentation and translation.
* Release version 0.19.4Stef Walter2013-08-291-1/+1
|
* Route 'p11-kit extract-trust' over to trust toolStef Walter2013-08-291-1/+2
| | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present.
* trust: Add a list command to the trust toolStef Walter2013-08-291-0/+1
| | | | Lists with PKCS#11 URI's and some basic fields.
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-291-1/+1
| | | | Because we want to use this same logic for listing trust
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-101-0/+4
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-081-0/+3
|
* trust: Initial support for writing out token objectsStef Walter2013-07-031-0/+1
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: Don't write out internal attributes when persistingStef Walter2013-07-031-0/+1
|
* Reorganize various componentsStef Walter2013-06-251-4/+52
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Merge branch 'stable'Stef Walter2013-06-171-0/+4
|\
| * trust: Move the extract-trust external placeholder command into trust/Stef Walter2013-06-171-0/+4
| |
* | Fix up Makefile.am files for automake 1.13 warningsStef Walter2013-05-211-1/+1
|/
* Separate library init from message codeStef Walter2013-04-031-1/+1
| | | | | | | | | | | Put library init/uninit code its into their own statically linked library so that they don't get linked into the p11-kit executable. Refactor the message code so that the library initialization can plug in its per thread message buffer. https://bugs.freedesktop.org/show_bug.cgi?id=63046
* Add a bit of infrastructure for running valgrindStef Walter2013-03-201-1/+2
| | | | | * make memcheck: Runs basic memory checking * make leakcheck: Also runs leak checking
* trust: Use descriptive labels for tokensStef Walter2013-03-191-0/+2
| | | | | | | | Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534
* trust: Support a p11-kit specific serialization formatStef Walter2013-03-151-0/+1
| | | | | | | This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
* trust: Add a builder which builds objects out of parsed dataStef Walter2013-03-151-1/+1
| | | | | | | | | | | The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* trust: Refactor to include concept of the indexStef Walter2013-03-151-0/+1
| | | | | | | | | | * The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329
* Build with the libtasn1 CFLAGS properlyStef Walter2013-03-041-0/+1
| | | | | | Tweaks by: Roman Bogorodskiy <bogorodskiy@gmail.com> https://bugs.freedesktop.org/show_bug.cgi?id=61739
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-1/+1
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Implement stapled certificate extensions internallyStef Walter2013-02-051-0/+1
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Add support for parsing PEM filesStef Walter2013-02-051-1/+2
|
* Add basic trust moduleStef Walter2013-02-051-0/+52
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.