summaryrefslogtreecommitdiff
path: root/trust
Commit message (Collapse)AuthorAgeFilesLines
* trust: Produce a proper message for an invalid stapled extensionStef Walter2014-09-051-1/+10
| | | | | | Previously we would output a line like this: p11-kit: 'node != NULL' not true at lookup_extension
* Move to non-recursive Makefile for building bins and libsStef Walter2014-08-1567-243/+272
| | | | Still use recursive for documentation and translation.
* trust: Don't use invalid public keys for looking up stapled extensionsStef Walter2014-08-081-1/+1
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=82328
* trust: Print label of certificate when complaining about basic constraintsStef Walter2014-08-081-1/+5
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=82328
* trust: Double check that index bucket is valid before accessStef Walter2014-08-081-2/+2
|
* Quiten down scanner warnings about unused variablesStef Walter2014-08-081-4/+1
|
* Fix mostly erroneous scanner warnings in testsStef Walter2014-08-086-1/+8
|
* trust: Fix leak in token loading error pathStef Walter2014-08-081-0/+1
|
* trust: Fix unlikely use of uninitialized memory in token loadingStef Walter2014-08-081-3/+3
|
* trust: Fix leak in trust list commandStef Walter2014-08-081-0/+1
|
* trust: Fix use after free and double free in extract commandStef Walter2014-08-081-7/+4
|
* trust: Remove dead while condition in anchor commondStef Walter2014-08-081-1/+1
|
* trust: Fix use of invalid memory in PEM parserStef Walter2014-08-081-3/+1
|
* trust: Parse TRUSTED CERTIFICATE openssl format even without CertAuxStef Walter2014-08-083-13/+151
| | | | | | | | openssl sometimes outputs TRUSTED CERTIFICATE PEM files without the additional CertAux (ie: trust fields) information. It simply leaves that block out. This happens with a command like: $ openssl x509 -in my-cert.pem -out output -trustout
* test: Move some file and directory code into general test stuffStef Walter2014-07-083-129/+26
|
* Fix typo: supress - > suppressAndreas Metzler2014-07-073-3/+3
|
* trust: Add installcheck target for testing extractStef Walter2014-01-142-0/+195
| | | | | | | | This is an integration test that the extract and blacklist functionality basics work. More integration tests should follow, at which point we should place the various generic testing bits into their own file.
* enumerate: Preload and respect blacklist across all tokensStef Walter2014-01-133-52/+186
| | | | | | | This fixes an issue where a blacklist in one token wasn't properly skipping anchors being extracted with extract-compat https://bugs.freedesktop.org/show_bug.cgi?id=73558
* enumerate: Use p11_enumerate_ready() from testsStef Walter2014-01-132-13/+23
| | | | | | This gives a little broader testing of the enumerator https://bugs.freedesktop.org/show_bug.cgi?id=73558
* trust: Check for race in BasicConstraints stapled extensionStef Walter2013-10-141-0/+49
| | | | | | Related to the following bug: https://bugs.freedesktop.org/show_bug.cgi?id=69314
* extract-compat: Skip extraction if running as non-rootStef Walter2013-09-051-0/+6
|
* anchor: Run extract-compat after we've changed somethingStef Walter2013-09-051-11/+33
| | | | | When the 'trust anchor' tool changes something, run 'trust extract-compat' after that point
* trust: More appropriate rv when non-modifiable object deletedStef Walter2013-09-052-1/+2
| | | | | This will change once the spec has a specific attribute and code to signify deletability.
* anchor: Better failure messages when removing anchorsStef Walter2013-09-051-3/+26
|
* Release version 0.19.4Stef Walter2013-08-293-4/+4
|
* Route 'p11-kit extract-trust' over to trust toolStef Walter2013-08-295-6/+49
| | | | | | The actual command is 'trust extract-compat'. Make installed placeholder script reflect this. We still support the old placeholder script if it is present.
* trust: Add 'trust anchor --remove' commandStef Walter2013-08-291-52/+365
| | | | Also prevent --store from storing an anchor multiple times
* trust: Add a list command to the trust toolStef Walter2013-08-294-1/+294
| | | | Lists with PKCS#11 URI's and some basic fields.
* trust: Add support for removing trust token objectsStef Walter2013-08-292-1/+185
|
* trust: Refactor enumeration of certificates to extractStef Walter2013-08-2914-543/+541
| | | | Because we want to use this same logic for listing trust
* trust: Do reload object removals inside a loading blockStef Walter2013-08-291-0/+4
| | | | | So that validation/storage logic doesn't kick in if a file was removed outside of p11-kit trust module.
* trust: Add index callback for when an object is removedStef Walter2013-08-296-9/+125
| | | | This allows a token to remove the file if desired
* trust: Prefer parsing the persist format to PEMStef Walter2013-08-281-2/+2
| | | | | This is because the persist format contains PEM, and if the PEM parser gets it first, then it'll ignore the other non PEM data.
* trust: Correctly rewrite other objects in a modifiable persist fileStef Walter2013-08-282-1/+75
| | | | | There was a bug where we were rewriting the modified object multiple times.
* Avoid multiple stat() calls for same fileStef Walter2013-08-289-33/+27
| | | | | | As a side effect we can also not use the dirent.d_type field https://bugs.freedesktop.org/show_bug.cgi?id=68525
* trust: Add test tool for creating BasicConstraintsStef Walter2013-08-122-0/+102
|
* Make tests work on file systems with block size directoriesStef Walter2013-07-241-0/+12
| | | | | | | | | On certain file systems the size of the directory does not change when adding a file. This caused the tests to fail. Make the tests wait more than a second in certain tests to get the mtime to change. https://bugs.freedesktop.org/show_bug.cgi?id=65249
* Fix uninitialized variablesStef Walter2013-07-231-2/+2
|
* Don't use _GNU_SOURCE and fix strerror_r usageStef Walter2013-07-231-1/+1
| | | | | glibc declares strerror_r completely different if in POSIX or GNU mode. Nastiness. Stop using _GNU_SOURCE all together.
* Fix various memory leaks exposed by 'make leakcheck'Stef Walter2013-07-239-14/+29
|
* Use simple serial automake test harnessStef Walter2013-07-233-6/+11
| | | | | * Add a testing sanity check to see if we're catching errors * Fix a few other testing issues
* Add appropriate const qualifiersStef Walter2013-07-181-1/+1
|
* Always pass size_t varargs to p11_hash_xxx() functionsStef Walter2013-07-183-4/+6
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985421
* Avoid using the non-thread-safe strerror() functionStef Walter2013-07-183-44/+24
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985481
* Declare static variables const where it makes senseStef Walter2013-07-184-23/+23
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=985337
* tools: Use $TMPDIR instead of $TEMPStef Walter2013-07-187-22/+13
| | | | | | | | | | | | TMPDIR is a more standard environment variable for locating the temp directory on Unix. In addition since this is only used in tests, remove the code from the generic p11_path_expand() func. In general remove the possibility for forks to put $HOME or $TEMP environment variables in configured paths. This was possible due to code in p11_path_expand() but not something we supported. https://bugzilla.redhat.com/show_bug.cgi?id=985017
* Fix various issues highlighted by coverity scannerStef Walter2013-07-185-23/+25
| | | | Among others fix possible usage of large stack allocation.
* Fixes for some recent win32 regressionsStef Walter2013-07-182-13/+19
|
* Remove erroneous comments about readdir() and thread-safetyStef Walter2013-07-172-2/+0
| | | | https://bugzilla.redhat.com/show_bug.cgi?id=984989
* Add support for using freebl3 for SHA1 and MD5 hashingStef Walter2013-07-1012-34/+878
| | | | | | Since we don't want to link freebl3 to libp11-kit.so where it isn't needed, move the SHA-1 and MD5 digest functionality to the trust/ directory.
generated by cgit v1.1 at 2024-12-26 17:40:02 +0000