summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* test: Move some file and directory code into general test stuffStef Walter2014-07-083-129/+26
|
* Fix typo: supress - > suppressAndreas Metzler2014-07-073-3/+3
|
* trust: Add installcheck target for testing extractStef Walter2014-01-142-0/+195
| | | | | | | | This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file.
* enumerate: Preload and respect blacklist across all tokensStef Walter2014-01-133-52/+186
| | | | | | | This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558
* enumerate: Use p11_enumerate_ready() from testsStef Walter2014-01-132-13/+23
| | | | | | This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558
* trust: Check for race in BasicConstraints stapled extensionStef Walter2013-10-141-0/+49
| | | | | | Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314
* extract-compat: Skip extraction if running as non-rootStef Walter2013-09-051-0/+6
|
* anchor: Run extract-compat after we've changed somethingStef Walter2013-09-051-11/+33
| | | | | When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point
* trust: More appropriate rv when non-modifiable object deletedStef Walter2013-09-052-1/+2
| | | | | This will change once the spec has a specific attribute and code to signify deletability.
* anchor: Better failure messages when removing anchorsStef Walter2013-09-051-3/+26
|
* Release version 0.19.4Stef Walter2013-08-293-4/+4
|
* Route 'p11-kit extract-trust' over to trust toolStef Walter2013-08-295-6/+49
| | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present.
* trust: Add 'trust anchor --remove' commandStef Walter2013-08-291-52/+365
| | | | Also prevent --store from storing an anchor multiple times
* trust: Add a list command to the trust toolStef Walter2013-08-294-1/+294
| | | | Lists with PKCS#11 URI's and some basic fields.
* trust: Add support for removing trust token objectsStef Walter2013-08-292-1/+185
|
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-2914-543/+541
| | | | Because we want to use this same logic for listing trust
* trust: Do reload object removals inside a loading blockStef Walter2013-08-291-0/+4
| | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module.
* trust: Add index callback for when an object is removedStef Walter2013-08-296-9/+125
| | | | This allows a token to remove the file if desired
* trust: Prefer parsing the persist format to PEMStef Walter2013-08-281-2/+2
| | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data.
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-282-1/+75
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Avoid multiple stat() calls for same fileStef Walter2013-08-289-33/+27
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-231-1/+1
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-239-14/+29
|
* Use simple serial automake test harnessStef Walter2013-07-233-6/+11
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Add appropriate const qualifiersStef Walter2013-07-181-1/+1
|
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-183-44/+24
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-184-23/+23
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-185-23/+25
| | | | Among others fix possible usage of large stack allocation.
* Fixes for some recent win32 regressionsStef Walter2013-07-182-13/+19
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-172-2/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1012-34/+878
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-091-1/+1
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-041-37/+12
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0414-207/+548
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-043-5/+34
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-046-58/+74
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-039-39/+443
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable