p11-kit.git - Clone of https://github.com/p11-glue/p11-kit

	Commit message (Collapse)	Author	Age	Files	Lines
*	hash: Rename file and functions for hashes	Stef Walter	2013-03-20	1	-5/+5
\| \| \| \| \|	We're going to be adding other hashes. Also build as part of a different common library.
*	trust: Use descriptive labels for tokens	Stef Walter	2013-03-19	1	-9/+21
\| \| \| \| \| \| \| \|	Try to determine which one is the system trust input token, and which one is the default token by using datadir and sysconfdir respectively. https://bugs.freedesktop.org/show_bug.cgi?id=62534
*	trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups	Stef Walter	2013-03-18	1	-0/+66
\| \| \| \| \| \| \| \|	Handle lookups for trust objects (by NSS) which expect CKA_SERIAL_NUMBER attributes without appropriate DER encoding. In addition allow creation of NSS trust objects as PKCS#11 session objects, so that we can test this behavior.
*	Refine looking up of attributes in arrays	Stef Walter	2013-03-18	1	-2/+2
\| \| \| \| \| \| \| \|	There was a class of bugs for looking up invalid or empty attributes in the internal PKCS#11 attribute arrays. * Refine what p11_attrs_find_valid() treats as valid * Rename p11_attrs_is_empty() to p11_attrs_terminator() for clarity
*	Fix distcheck and documentation	Stef Walter	2013-03-15	1	-2/+5
\|
*	trust: Support a p11-kit specific serialization format	Stef Walter	2013-03-15	1	-1/+1
\| \| \| \| \| \| \|	This is documented in doc/internals/ subdirectory Add tests for the format as well. https://bugs.freedesktop.org/show_bug.cgi?id=62156
*	trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default	Stef Walter	2013-03-15	1	-5/+5
\| \| \| \| \| \| \|	This is what's recommended by the spec, and allows stapled extensions to hang off a predictable CKA_ID. https://bugs.freedesktop.org/show_bug.cgi?id=62329
*	trust: Add a builder which builds objects out of parsed data	Stef Walter	2013-03-15	1	-10/+18
\| \| \| \| \| \| \| \| \| \| \|	The builder completes the objects from the parsed data and takes over the responsibilities that the parser and adapter previously shared. This is necessary to prepare for arbitrary data coming from the p11-kit specific input files. https://bugs.freedesktop.org/show_bug.cgi?id=62329
*	trust: Refactor to include concept of the index	Stef Walter	2013-03-15	1	-0/+238
\| \| \| \| \| \| \| \| \| \|	* The index holds PKCS#11 objects whether for the token or for the session. * The index provides hook for a builder to expand or validate objects being added to the index. * In addition theres a change hook so that a builder can maintain state between objects, such as the compat NSS trust objects. https://bugs.freedesktop.org/show_bug.cgi?id=62329
*	trust: Make each configured path its own token	Stef Walter	2013-03-15	1	-33/+250
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Each source directory or file configured into the module or passed in as an initialization argument becomes its own token. Previously there was one token that contained certificates from all the configured paths. * These tokens are clearly labeled in the token info as to the directory or file that they represent. * Update PKCS#11 module logic to deal with multiple tokens, validate the slot ids and so on. * The order in which the paths are configured will become the order of trust priority. This is the same order in which they are listed through 'p11-kit list-modules' and C_GetSlotList. * Update the frob-token internal tool to only play with one path * Adjust tests where necessary to reflect the new state of things and add tests for modified trust module code https://bugs.freedesktop.org/show_bug.cgi?id=61499
*	trust: Rework input path treatment	Stef Walter	2013-03-15	1	-5/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
*	trust: Use the new NSS PKCS#11 extension codes	Stef Walter	2013-03-08	1	-2/+2
\| \| \| \| \|	NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
*	Initialize modules correctly in tests	Stef Walter	2013-03-03	1	-1/+1
\| \| \| \|	This fixes hangs when running tests on windows
*	Fix syntax errors in OS_WIN32 ifdefs	Stef Walter	2013-03-03	1	-0/+2
\|
*	Use putenv() instead of setenv()	Stef Walter	2013-03-03	1	-1/+1
\| \| \| \|	Since older operating systems don't support setenv()
*	Better debugging and checks for attribute values	Stef Walter	2013-02-05	1	-5/+8
\|
*	Add the builtin roots NSS specific object	Stef Walter	2013-02-05	1	-0/+27
\| \| \| \|	This tells NSS that this is a source of anchors.
*	Add basic trust module	Stef Walter	2013-02-05	1	-0/+331
	This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.