p11-kit.git - Clone of https://github.com/p11-glue/p11-kit

	Commit message (Collapse)	Author	Age	Files	Lines
*	trust: add a simple frob-nss-token tool to dump distrust	Stef Walter	2013-03-08	2	-0/+109
\| \| \| \| \|	Add a simple tool to dump NSS style distrust attributes from a module.
*	trust: Use the new NSS PKCS#11 extension codes	Stef Walter	2013-03-08	2	-13/+13
\| \| \| \| \|	NSS had subtly changed the values of the distrust CK_TRUST codes so update them to stay in sync.
*	Initialize modules correctly in tests	Stef Walter	2013-03-03	4	-1/+4
\| \| \| \|	This fixes hangs when running tests on windows
*	Fix syntax errors in OS_WIN32 ifdefs	Stef Walter	2013-03-03	1	-0/+2
\|
*	Use putenv() instead of setenv()	Stef Walter	2013-03-03	4	-4/+4
\| \| \| \|	Since older operating systems don't support setenv()
*	Use the CN, OU or O of certificates to generate a label	Stef Walter	2013-02-05	1	-11/+11
\| \| \| \| \|	* This is in cases where the certificate information does not already have a friendly name or alias.
*	Implement trust assertion PKCS#11 objects	Stef Walter	2013-02-05	2	-35/+317
\| \| \| \| \| \|	* Implement trust assertions for anchored and distrusted certs * Pinned certificate trust assertions are not implemented yet * Add an internal tool for pulling apart bits of certificates
*	Refactor how parsing of ASN.1 data and certificate extensions work	Stef Walter	2013-02-05	2	-129/+2
\|
*	Fill in certificate authority and trust data correctly	Stef Walter	2013-02-05	4	-57/+218
\| \| \| \| \| \| \| \| \| \| \| \|	* Fill in CKA_CERTIFICATE_CATEGORY properly for authorities based on the presence of BasicConstraints and/or v1 certificates * Fill in CKA_TRUSTED and CKA_X_DISTRUSTED based on whether the parser is running for anchors or blacklist * In addition support the concept of blacklisted certificates mixed in with the anchors (without any purposes) since that's what exists in the real world. * We do this after the various hooks have had a chance to mess with the certificate extensions and such.
*	Implement stapled certificate extensions internally	Stef Walter	2013-02-05	3	-26/+142
\| \| \| \| \| \| \| \| \| \| \| \|	* Use stapled certificate extensions to represent loaded trust policy * Build NSS trust objects from stapled certificate extensions * Add further attribute debugging for NSS trust objects * Use a custom certificate extension for the OpenSSL reject purpose data * Use SubjectKeyIdentifier for OpenSSL keyid data * Use ExtendedKeyUsage for OpenSSL trust purpose data * Implement simple way to handle binary DER OIDs, using the DER TLV length. DER OIDs are used in the CKA_OBJECT_ID value, and elsewhere. * Split out the building of NSS trust objects from the main parser
*	Better debugging and checks for attribute values	Stef Walter	2013-02-05	4	-86/+124
\|
*	Add tool for testing how fast the token loads	Stef Walter	2013-02-05	2	-0/+65
\|
*	Test a TRUSTED CERTIFICATE without any trust OIDs	Stef Walter	2013-02-05	2	-0/+38
\|
*	Add the builtin roots NSS specific object	Stef Walter	2013-02-05	2	-3/+30
\| \| \| \|	This tells NSS that this is a source of anchors.
*	Add support for openssl TRUSTED CERTIFICATE PEM files	Stef Walter	2013-02-05	2	-0/+95
\|
*	Add support for parsing PEM files	Stef Walter	2013-02-05	2	-0/+68
\|
*	Add basic trust module	Stef Walter	2013-02-05	17	-0/+1305
	This is based off the roots-store from gnome-keyring and loads certificates from a root directory and exposes them as PKCS#11 objects.