summaryrefslogtreecommitdiff
path: root/trust/parser.c
Commit message (Collapse)AuthorAgeFilesLines
* trust: Rework input path treatmentStef Walter2013-03-151-2/+45
| | | | | | | | | | | | | | | | | | | | | * Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
* Abstract mmap() into a compat APIStef Walter2013-03-031-21/+7
| | | | | The Win32 for mmap() is very different from Unix, so abstract this into our own p11_mmap_xxx() functions.
* Use the CN, OU or O of certificates to generate a labelStef Walter2013-02-051-21/+30
| | | | | * This is in cases where the certificate information does not already have a friendly name or alias.
* Move the X.509 extension parsing code in common/Stef Walter2013-02-051-63/+6
| | | | * So it can be used by other code, in addition to the trust stuff
* Implement trust assertion PKCS#11 objectsStef Walter2013-02-051-3/+2
| | | | | | * Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
* Refactor how parsing of ASN.1 data and certificate extensions workStef Walter2013-02-051-510/+36
|
* Fill in certificate authority and trust data correctlyStef Walter2013-02-051-72/+279
| | | | | | | | | | | | * Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
* Implement stapled certificate extensions internallyStef Walter2013-02-051-316/+408
| | | | | | | | | | | | * Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
* Add support for openssl TRUSTED CERTIFICATE PEM filesStef Walter2013-02-051-40/+204
|
* Add support for parsing PEM filesStef Walter2013-02-051-0/+38
|
* Add basic trust moduleStef Walter2013-02-051-0/+1103
This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.
generated by cgit v1.1 at 2024-12-27 14:06:06 +0000