| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The "Default Trust" token is typically mounted as $datadir, which is
considered as read-only on modern OSes.
Suggestd by Kai Engert in:
https://bugzilla.redhat.com/show_bug.cgi?id=1523630
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The trust policy module keeps all the objects in the database, while
PKIX doesn't allow multiple extensions identified by the same OID can
be attached to a certificate. Add a check to C_FindObjects to exclude
any duplicates and only return the first matching object.
It would be better if the module rejects such duplicates when loading,
but it would make startup slower.
https://bugzilla.redhat.com/show_bug.cgi?id=1141241
|
| |
|
|
|
|
|
| |
A persistent file written by the trust module starts with the line "#
This file has been auto-generated and written by p11-kit". This can
be used as a magic word to determine whether the objects read from a
.p11-kit file are read-only.
|
| |
|
|
|
|
|
|
| |
Previously p11-kit-trust.so tried to interpret certificate as PEM format
first. This could cause potential conflict if the certificate were
actually in DER format and contained a PEM marker strings.
https://bugs.freedesktop.org/show_bug.cgi?id=92063
|
| |
|
|
|
|
|
|
|
|
| |
GCC's asan spotted this:
Direct leak of 338 byte(s) in 13 object(s) allocated from:
#0 0x7f54f03fee20 in malloc (/lib64/libasan.so.3+0xc6e20)
#1 0x445e8c in p11_path_build ../common/path.c:222
#2 0x4385bd in expand_tempdir ../common/test.c:334
#3 0x43869c in p11_test_directory ../common/test.c:361
#4 0x4033e3 in setup_temp ../trust/test-token.c:79
|
| |
|
|
| |
Signed-off-by: Michael Cronenworth <mike@cchtml.com>
|
|
|
Still use recursive for documentation and translation.
|
