summaryrefslogtreecommitdiff
path: root/trust/test-parser.c
Commit message (Collapse)AuthorAgeFilesLines
* trust: Certificate CKA_ID is SubjectKeyIdentifier if possibleStef Walter2014-10-091-2/+0
| | | | | | | | | | | | | | | | | | | | | | The PKCS#11 spec states that the CKA_ID should match the SubjectKeyIdentifier if such an extension is present. We delay the filling of CKA_ID until the builder phase of populating attributes which allows us to have more control over how this works. Note that we don't make CKA_ID reflect SubjectKeyIdentifier *attached* extensions. The CKA_ID isn't supposed to change after object creation. Making it dependent on attached extensions would be making promises we cannot keep, since attached extensions can be added/removed at any time. This also means the CKA_ID of attached extensions and certificates won't necessarily match up, but that was never promised, and not how attached extensions should be matched to their certificate anyway. Based on a patch and research done by David Woodhouse. https://bugs.freedesktop.org/show_bug.cgi?id=84761
* trust: Use term 'attached extensions' instead of 'stapled'Stef Walter2014-09-101-2/+2
| | | | | | | The term 'stapled extensions' is confusing because it overloads terminology used with OSCP stapling. Suggested by Daniel Kahn Gillmor.
* common: Change the CKA_X_PUBLIC_KEY_INFO constant to CKA_PUBLIC_KEY_INFOStef Walter2014-09-101-4/+4
| | | | | | | | | CKA_PUBLIC_KEY_INFO is defined in the PKCS#11 2.40 draft, so use that rather than defining our own. * Fixed up by Nikos Mavrogiannopoulos <nmav@redhat.com> https://bugs.freedesktop.org/show_bug.cgi?id=83495
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-151-0/+569
Still use recursive for documentation and translation.