summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* enumerate: Preload and respect blacklist across all tokensStef Walter2014-01-133-52/+186
| | | | | | | This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558
* enumerate: Use p11_enumerate_ready() from testsStef Walter2014-01-132-13/+23
| | | | | | This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558
* trust: Check for race in BasicConstraints stapled extensionStef Walter2013-10-141-0/+49
| | | | | | Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314
* extract-compat: Skip extraction if running as non-rootStef Walter2013-09-051-0/+6
|
* anchor: Run extract-compat after we've changed somethingStef Walter2013-09-051-11/+33
| | | | | When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point
* trust: More appropriate rv when non-modifiable object deletedStef Walter2013-09-052-1/+2
| | | | | This will change once the spec has a specific attribute and code to signify deletability.
* anchor: Better failure messages when removing anchorsStef Walter2013-09-051-3/+26
|
* Release version 0.19.4Stef Walter2013-08-293-4/+4
|
* Route 'p11-kit extract-trust' over to trust toolStef Walter2013-08-295-6/+49
| | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present.
* trust: Add 'trust anchor --remove' commandStef Walter2013-08-291-52/+365
| | | | Also prevent --store from storing an anchor multiple times
* trust: Add a list command to the trust toolStef Walter2013-08-294-1/+294
| | | | Lists with PKCS#11 URI's and some basic fields.
* trust: Add support for removing trust token objectsStef Walter2013-08-292-1/+185
|
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-2914-543/+541
| | | | Because we want to use this same logic for listing trust
* trust: Do reload object removals inside a loading blockStef Walter2013-08-291-0/+4
| | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module.
* trust: Add index callback for when an object is removedStef Walter2013-08-296-9/+125
| | | | This allows a token to remove the file if desired
* trust: Prefer parsing the persist format to PEMStef Walter2013-08-281-2/+2
| | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data.
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-282-1/+75
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Avoid multiple stat() calls for same fileStef Walter2013-08-289-33/+27
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-231-1/+1
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-239-14/+29
|
* Use simple serial automake test harnessStef Walter2013-07-233-6/+11
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Add appropriate const qualifiersStef Walter2013-07-181-1/+1
|
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-183-44/+24
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-184-23/+23
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-185-23/+25
| | | | Among others fix possible usage of large stack allocation.
* Fixes for some recent win32 regressionsStef Walter2013-07-182-13/+19
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-172-2/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1012-34/+878
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-091-1/+1
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-041-37/+12
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0414-207/+548
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-043-5/+34
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-046-58/+74
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-039-39/+443
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: If token path is a file, don't try loading subdirectoriesStef Walter2013-07-031-8/+15
|
* trust: Correctly handle persisting OIDs with zero lengthStef Walter2013-07-031-2/+3
|
* trust: Don't write out internal attributes when persistingStef Walter2013-07-034-15/+63
|
generated by cgit v1.1 at 2024-12-28 02:28:20 +0000