summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-2914-543/+541
| | | | Because we want to use this same logic for listing trust
* trust: Do reload object removals inside a loading blockStef Walter2013-08-291-0/+4
| | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module.
* trust: Add index callback for when an object is removedStef Walter2013-08-296-9/+125
| | | | This allows a token to remove the file if desired
* trust: Prefer parsing the persist format to PEMStef Walter2013-08-281-2/+2
| | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data.
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-282-1/+75
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Avoid multiple stat() calls for same fileStef Walter2013-08-289-33/+27
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-231-1/+1
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-239-14/+29
|
* Use simple serial automake test harnessStef Walter2013-07-233-6/+11
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Add appropriate const qualifiersStef Walter2013-07-181-1/+1
|
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-183-44/+24
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-184-23/+23
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-185-23/+25
| | | | Among others fix possible usage of large stack allocation.
* Fixes for some recent win32 regressionsStef Walter2013-07-182-13/+19
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-172-2/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1012-34/+878
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
* trust: Fix the 'p11-kit extract' commandStef Walter2013-07-091-1/+1
| | | | | This is supposed to call over to 'trust extract' and wasn't working correctly.
* trust: Fix bug with load validation failuresStef Walter2013-07-082-2/+53
|
* trust: Add a basic 'anchor' command to store a new anchorStef Walter2013-07-084-0/+348
|
* trust: Fix various issues writing objects in trust tokenStef Walter2013-07-088-252/+483
| | | | | | | | * Create directory before trying to write files to it * Handle write failures appropriately Refactor how we build and store objects in the index to handle the above cases properly.
* trust: Mark CKA_X_DISTRUSTED as a boolean attributeStef Walter2013-07-081-0/+1
|
* trust: Support token directory paths in user's home directoryStef Walter2013-07-082-1/+2
|
* trust: Explicitly specify which formats parser should parseStef Walter2013-07-085-28/+73
|
* trust: Support using the parser without an asn1_cacheStef Walter2013-07-083-7/+41
|
* asn1: In p11_asn1_read() allocate an extra null terminatorStef Walter2013-07-081-2/+5
| | | | As a courtesy for callers.
* p11-kit: Add P11_KIT_MODULE_TRUSTED flagStef Walter2013-07-041-37/+12
| | | | | A new flag to pass to p11_kit_modules_load() and related functions which limits loaded modules to ones with "trust-policy: yes".
* trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store specStef Walter2013-07-0414-207/+548
| | | | | | | | | | * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above.
* trust: Add p11_oid_hash() and various oid stringsStef Walter2013-07-043-5/+34
|
* trust: Add p11_asn1_read() and p11_asn1_free() functionsStef Walter2013-07-046-58/+74
| | | | Some helpers for commonly used ASN.1 related stuff.
* trust: Initial support for writing out token objectsStef Walter2013-07-039-39/+443
| | | | | * The objects are written out in the p11-kit persist format * Parser marks files in p11-kit persist format as modifiable
* trust: If token path is a file, don't try loading subdirectoriesStef Walter2013-07-031-8/+15
|
* trust: Correctly handle persisting OIDs with zero lengthStef Walter2013-07-031-2/+3
|
* trust: Don't write out internal attributes when persistingStef Walter2013-07-034-15/+63
|
* trust: Add support for saving files with unique file namesStef Walter2013-07-038-114/+298
|
* path: Add p11_path_canon() functionStef Walter2013-07-031-9/+2
| | | | Cleans up a filename with readable characters.
* trust: Rename p11_index_batch() to p11_index_load()Stef Walter2013-07-036-22/+22
| | | | | | The name makes it clearer what's going on. This is only used during loading, so we can track whether a change has resulted from the trust module or from the file storage.
* trust: Implement reloading of token dataStef Walter2013-07-0314-407/+746
| | | | | | | | | | | | | | | * Reload token data whenever a new session is opened. * Only reload files/directories that have changed. * Move duplicate anchor/blacklist detection logic into the extract code. This is in line with the approach being discussed on the mailing lists and spec document. * New internal attribute CKA_X_ORIGIN set on all objects so we can track where an object came from, and replace it when reloaded. In general this is a prerequisite for modification of objects reload before modify is necessary to prevent multiple callers clobbering each other's changes.
* iter: Add iteration mode where session is not busyStef Walter2013-07-037-12/+12
| | | | | | | | | | | In order to use the session we are iterating on for other tasks such as other C_FindObject() calls, we need to make sure that it's not in the middle of a find operation. Finish up the complete find operation in advance of returning objects from a session. Make this the default mode. The previous behavior remains as an option. Add tests.
* trust: Implement validation for creating/modifying objectsStef Walter2013-06-262-43/+661
|
* Fix running trust module tests under distcheckStef Walter2013-06-251-10/+12
|
* Reorganize various componentsStef Walter2013-06-2557-12/+11145
| | | | | | | * p11-kit library and tool in the p11-kit/ subdirectory * trust module and new trust tool in trust/ subdirectory * No more tools/ subdirectory * Lots less in the common/ subdirectory
* Merge branch 'stable'Stef Walter2013-06-172-0/+30
|\
| * trust: Move the extract-trust external placeholder command into trust/Stef Walter2013-06-172-0/+30
| |
* | trust: Writable module PKCS#11 token functionsStef Walter2013-06-173-27/+100
| | | | | | | | | | | | Although we don't actually write anything out yet, make the various PKCS#11 functions behave properly when faced with requests to write to token objects
* | trust: Correctly reflect the CK_TOKEN_INFO writability flagsStef Walter2013-06-145-3/+184
| | | | | | | | | | Correctly set the CKF_TOKEN_WRITE_PROTECTED flag for paths which we will be able to write to.
generated by cgit v1.1 at 2024-10-19 15:41:45 +0000