| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
The actual command is 'trust extract-compat'. Make installed placeholder
script reflect this. We still support the old placeholder script
if it is present.
|
|
|
|
| |
Also prevent --store from storing an anchor multiple times
|
|
|
|
| |
Lists with PKCS#11 URI's and some basic fields.
|
| |
|
|
|
|
| |
Because we want to use this same logic for listing trust
|
|
|
|
|
| |
So that validation/storage logic doesn't kick in if a file was
removed outside of p11-kit trust module.
|
|
|
|
| |
This allows a token to remove the file if desired
|
|
|
|
|
| |
This is because the persist format contains PEM, and if the PEM
parser gets it first, then it'll ignore the other non PEM data.
|
|
|
|
|
| |
There was a bug where we were rewriting the modified object
multiple times.
|
|
|
|
|
|
| |
As a side effect we can also not use the dirent.d_type field
https://bugs.freedesktop.org/show_bug.cgi?id=68525
|
| |
|
|
|
|
|
|
|
|
|
| |
On certain file systems the size of the directory does not
change when adding a file. This caused the tests to fail. Make
the tests wait more than a second in certain tests to get the
mtime to change.
https://bugs.freedesktop.org/show_bug.cgi?id=65249
|
| |
|
|
|
|
|
| |
glibc declares strerror_r completely different if in POSIX or GNU
mode. Nastiness. Stop using _GNU_SOURCE all together.
|
| |
|
|
|
|
|
| |
* Add a testing sanity check to see if we're catching errors
* Fix a few other testing issues
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985421
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985337
|
|
|
|
|
|
|
|
|
|
|
|
| |
TMPDIR is a more standard environment variable for locating the
temp directory on Unix. In addition since this is only used in
tests, remove the code from the generic p11_path_expand() func.
In general remove the possibility for forks to put $HOME or $TEMP
environment variables in configured paths. This was possible
due to code in p11_path_expand() but not something we supported.
https://bugzilla.redhat.com/show_bug.cgi?id=985017
|
|
|
|
| |
Among others fix possible usage of large stack allocation.
|
| |
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=984989
|
|
|
|
|
|
| |
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
|
|
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
* Create directory before trying to write files to it
* Handle write failures appropriately
Refactor how we build and store objects in the index to handle
the above cases properly.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
As a courtesy for callers.
|
|
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
|
|
|
|
|
|
|
|
|
| |
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
|
| |
|
|
|
|
| |
Some helpers for commonly used ASN.1 related stuff.
|
|
|
|
|
| |
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Cleans up a filename with readable characters.
|
|
|
|
|
|
| |
The name makes it clearer what's going on. This is only used
during loading, so we can track whether a change has resulted
from the trust module or from the file storage.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reload token data whenever a new session is opened.
* Only reload files/directories that have changed.
* Move duplicate anchor/blacklist detection logic into
the extract code. This is in line with the approach
being discussed on the mailing lists and spec document.
* New internal attribute CKA_X_ORIGIN set on all objects
so we can track where an object came from, and replace
it when reloaded.
In general this is a prerequisite for modification of objects
reload before modify is necessary to prevent multiple callers
clobbering each other's changes.
|
|
|
|
|
|
|
|
|
|
|
| |
In order to use the session we are iterating on for other tasks
such as other C_FindObject() calls, we need to make sure that
it's not in the middle of a find operation. Finish up the
complete find operation in advance of returning objects from
a session.
Make this the default mode. The previous behavior remains
as an option. Add tests.
|
| |
|
| |
|