Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | trust: Add installcheck target for testing extract | Stef Walter | 2014-01-14 | 2 | -0/+195 |
| | | | | | | | | This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file. | ||||
* | enumerate: Preload and respect blacklist across all tokens | Stef Walter | 2014-01-13 | 3 | -52/+186 |
| | | | | | | | This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558 | ||||
* | enumerate: Use p11_enumerate_ready() from tests | Stef Walter | 2014-01-13 | 2 | -13/+23 |
| | | | | | | This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558 | ||||
* | trust: Check for race in BasicConstraints stapled extension | Stef Walter | 2013-10-14 | 1 | -0/+49 |
| | | | | | | Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314 | ||||
* | extract-compat: Skip extraction if running as non-root | Stef Walter | 2013-09-05 | 1 | -0/+6 |
| | |||||
* | anchor: Run extract-compat after we've changed something | Stef Walter | 2013-09-05 | 1 | -11/+33 |
| | | | | | When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point | ||||
* | trust: More appropriate rv when non-modifiable object deleted | Stef Walter | 2013-09-05 | 2 | -1/+2 |
| | | | | | This will change once the spec has a specific attribute and code to signify deletability. | ||||
* | anchor: Better failure messages when removing anchors | Stef Walter | 2013-09-05 | 1 | -3/+26 |
| | |||||
* | Release version 0.19.4 | Stef Walter | 2013-08-29 | 3 | -4/+4 |
| | |||||
* | Route 'p11-kit extract-trust' over to trust tool | Stef Walter | 2013-08-29 | 5 | -6/+49 |
| | | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present. | ||||
* | trust: Add 'trust anchor --remove' command | Stef Walter | 2013-08-29 | 1 | -52/+365 |
| | | | | Also prevent --store from storing an anchor multiple times | ||||
* | trust: Add a list command to the trust tool | Stef Walter | 2013-08-29 | 4 | -1/+294 |
| | | | | Lists with PKCS#11 URI's and some basic fields. | ||||
* | trust: Add support for removing trust token objects | Stef Walter | 2013-08-29 | 2 | -1/+185 |
| | |||||
* | trust: Refactor enumeration of certificates to extract | Stef Walter | 2013-08-29 | 14 | -543/+541 |
| | | | | Because we want to use this same logic for listing trust | ||||
* | trust: Do reload object removals inside a loading block | Stef Walter | 2013-08-29 | 1 | -0/+4 |
| | | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module. | ||||
* | trust: Add index callback for when an object is removed | Stef Walter | 2013-08-29 | 6 | -9/+125 |
| | | | | This allows a token to remove the file if desired | ||||
* | trust: Prefer parsing the persist format to PEM | Stef Walter | 2013-08-28 | 1 | -2/+2 |
| | | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data. | ||||
* | trust: Correctly rewrite other objects in a modifiable persist file | Stef Walter | 2013-08-28 | 2 | -1/+75 |
| | | | | | There was a bug where we were rewriting the modified object multiple times. | ||||
* | Avoid multiple stat() calls for same file | Stef Walter | 2013-08-28 | 9 | -33/+27 |
| | | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525 | ||||
* | trust: Add test tool for creating BasicConstraints | Stef Walter | 2013-08-12 | 2 | -0/+102 |
| | |||||
* | Make tests work on file systems with block size directories | Stef Walter | 2013-07-24 | 1 | -0/+12 |
| | | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249 | ||||
* | Fix uninitialized variables | Stef Walter | 2013-07-23 | 1 | -2/+2 |
| | |||||
* | Don't use _GNU_SOURCE and fix strerror_r usage | Stef Walter | 2013-07-23 | 1 | -1/+1 |
| | | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together. | ||||
* | Fix various memory leaks exposed by 'make leakcheck' | Stef Walter | 2013-07-23 | 9 | -14/+29 |
| | |||||
* | Use simple serial automake test harness | Stef Walter | 2013-07-23 | 3 | -6/+11 |
| | | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues | ||||
* | Add appropriate const qualifiers | Stef Walter | 2013-07-18 | 1 | -1/+1 |
| | |||||
* | Always pass size_t varargs to p11_hash_xxx() functions | Stef Walter | 2013-07-18 | 3 | -4/+6 |
| | | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421 | ||||
* | Avoid using the non-thread-safe strerror() function | Stef Walter | 2013-07-18 | 3 | -44/+24 |
| | | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481 | ||||
* | Declare static variables const where it makes sense | Stef Walter | 2013-07-18 | 4 | -23/+23 |
| | | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337 | ||||
* | tools: Use $TMPDIR instead of $TEMP | Stef Walter | 2013-07-18 | 7 | -22/+13 |
| | | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017 | ||||
* | Fix various issues highlighted by coverity scanner | Stef Walter | 2013-07-18 | 5 | -23/+25 |
| | | | | Among others fix possible usage of large stack allocation. | ||||
* | Fixes for some recent win32 regressions | Stef Walter | 2013-07-18 | 2 | -13/+19 |
| | |||||
* | Remove erroneous comments about readdir() and thread-safety | Stef Walter | 2013-07-17 | 2 | -2/+0 |
| | | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989 | ||||
* | Add support for using freebl3 for SHA1 and MD5 hashing | Stef Walter | 2013-07-10 | 12 | -34/+878 |
| | | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory. | ||||
* | trust: Fix the 'p11-kit extract' command | Stef Walter | 2013-07-09 | 1 | -1/+1 |
| | | | | | This is supposed to call over to 'trust extract' and wasn't working correctly. | ||||
* | trust: Fix bug with load validation failures | Stef Walter | 2013-07-08 | 2 | -2/+53 |
| | |||||
* | trust: Add a basic 'anchor' command to store a new anchor | Stef Walter | 2013-07-08 | 4 | -0/+348 |
| | |||||
* | trust: Fix various issues writing objects in trust token | Stef Walter | 2013-07-08 | 8 | -252/+483 |
| | | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly. | ||||
* | trust: Mark CKA_X_DISTRUSTED as a boolean attribute | Stef Walter | 2013-07-08 | 1 | -0/+1 |
| | |||||
* | trust: Support token directory paths in user's home directory | Stef Walter | 2013-07-08 | 2 | -1/+2 |
| | |||||
* | trust: Explicitly specify which formats parser should parse | Stef Walter | 2013-07-08 | 5 | -28/+73 |
| | |||||
* | trust: Support using the parser without an asn1_cache | Stef Walter | 2013-07-08 | 3 | -7/+41 |
| | |||||
* | asn1: In p11_asn1_read() allocate an extra null terminator | Stef Walter | 2013-07-08 | 1 | -2/+5 |
| | | | | As a courtesy for callers. | ||||
* | p11-kit: Add P11_KIT_MODULE_TRUSTED flag | Stef Walter | 2013-07-04 | 1 | -37/+12 |
| | | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes". | ||||
* | trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec | Stef Walter | 2013-07-04 | 14 | -207/+548 |
| | | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above. | ||||
* | trust: Add p11_oid_hash() and various oid strings | Stef Walter | 2013-07-04 | 3 | -5/+34 |
| | |||||
* | trust: Add p11_asn1_read() and p11_asn1_free() functions | Stef Walter | 2013-07-04 | 6 | -58/+74 |
| | | | | Some helpers for commonly used ASN.1 related stuff. | ||||
* | trust: Initial support for writing out token objects | Stef Walter | 2013-07-03 | 9 | -39/+443 |
| | | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable | ||||
* | trust: If token path is a file, don't try loading subdirectories | Stef Walter | 2013-07-03 | 1 | -8/+15 |
| | |||||
* | trust: Correctly handle persisting OIDs with zero length | Stef Walter | 2013-07-03 | 1 | -2/+3 |
| |