p11-kit.git - Clone of https://github.com/p11-glue/p11-kit

	Commit message (Collapse)	Author	Age	Files	Lines
*	attrs: Print out the CKA_VALUE for certificates when debugging	Stef Walter	2013-03-20	1	-5/+10
\| \| \| \| \| \| \| \|	While it's true that we shouldn't be pritning out CKA_VALUE in certain cases, like for keys, we obviously can do so for certificates. We don't have keys anyway, but in the interest of being general purpose use the class to determine whether CKA_VALUE can be printed
*	Refine looking up of attributes in arrays	Stef Walter	2013-03-18	1	-1/+1
\| \| \| \| \| \| \| \|	There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
*	trust: Add a builder which builds objects out of parsed data	Stef Walter	2013-03-15	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \|	The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329
*	Fill in certificate authority and trust data correctly	Stef Walter	2013-02-05	1	-1/+17
\| \| \| \| \| \| \| \| \| \| \| \|	* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
*	Implement stapled certificate extensions internally	Stef Walter	2013-02-05	1	-1/+8
\| \| \| \| \| \| \| \| \| \| \| \|	* Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
*	Better debugging and checks for attribute values	Stef Walter	2013-02-05	1	-74/+80
\|
*	Add basic trust module	Stef Walter	2013-02-05	1	-0/+128
	This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.