| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
On certain file systems the size of the directory does not
change when adding a file. This caused the tests to fail. Make
the tests wait more than a second in certain tests to get the
mtime to change.
https://bugs.freedesktop.org/show_bug.cgi?id=65249
|
| | |
|
| |
|
|
|
| |
glibc declares strerror_r completely different if in POSIX or GNU
mode. Nastiness. Stop using _GNU_SOURCE all together.
|
| | |
|
| |
|
|
|
| |
* Add a testing sanity check to see if we're catching errors
* Fix a few other testing issues
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
By default this evaluates to ~/.config/pkcs11. This is a somewhat
backwards incompatible change. However so far only advanced users
have been exposed to the user p11-kit configuration.
Distributors are able to revert this if necessary with a
--with-user-config='~/.pkcs11' ./configure option.
|
| | |
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985416
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985421
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985433
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985497
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985481
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=985337
|
| |
|
|
|
|
|
|
|
|
| |
If ~/.config is specified as a prefix to a configured path,
then it is expanded to the $XDG_CONFIG_HOME if that exists
Add --with-user-config ./configure option to configure a
different user config directory.
Interpolate the right directories into documentation.
|
| |
|
|
|
|
|
| |
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
|
| |
|
|
|
|
|
|
|
|
|
|
| |
TMPDIR is a more standard environment variable for locating the
temp directory on Unix. In addition since this is only used in
tests, remove the code from the generic p11_path_expand() func.
In general remove the possibility for forks to put $HOME or $TEMP
environment variables in configured paths. This was possible
due to code in p11_path_expand() but not something we supported.
https://bugzilla.redhat.com/show_bug.cgi?id=985017
|
| |
|
|
| |
Among others fix possible usage of large stack allocation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
|
| |
|
|
|
|
|
|
| |
If we see an integer overflow here something has gone horribly wrong
(or malicious code is present). So treat this as unrecoverable, and
fail if we're going to overflow.
https://bugzilla.redhat.com/show_bug.cgi?id=985019
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reflects that preconditions are invalid/unreachable on a
functioning system and with valid input. We do not try to recover
from such conditions.
In addition teach coverity about how our test suite fails
See http://p11-glue.freedesktop.org/doc/p11-kit/devel-building-style.html
https://bugzilla.redhat.com/show_bug.cgi?id=985005
|
| |
|
|
|
|
|
|
| |
The matches argument is always initialized to CK_TRUE when a filter
is called, and it's up to filters to set it to CK_FALSE. Filters
don't need to set to CK_TRUE.
https://bugzilla.redhat.com/show_bug.cgi?id=985009
|
| | |
|
| |
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=984989
|
| |
|
|
|
|
| |
Fix some global variables not declared as extern
https://bugs.freedesktop.org/show_bug.cgi?id=66015
|
| | |
|
| |
|
|
|
|
| |
Since we don't want to link freebl3 to libp11-kit.so where it isn't
needed, move the SHA-1 and MD5 digest functionality to the trust/
directory.
|
| |
|
|
|
| |
This is supposed to call over to 'trust extract' and wasn't
working correctly.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Create directory before trying to write files to it
* Handle write failures appropriately
Refactor how we build and store objects in the index to handle
the above cases properly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
As a courtesy for callers.
|
| | |
|
| |
|
|
|
| |
A new flag to pass to p11_kit_modules_load() and related functions
which limits loaded modules to ones with "trust-policy: yes".
|
| |
|
|
|
|
|
|
|
|
| |
* Use the concepts and PKCS#11 objects described in the
recently updated (still work in progress) storing trust spec.
* Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
the CKA_PUBLIC_KEY_INFO isn't defined yet.
* Most notably, the association between certificates and stapled
extensions is by public key.
* Rework some of the tests to take into account the above.
|
| | |
|
| |
|
|
| |
Some helpers for commonly used ASN.1 related stuff.
|
| |
|
|
|
| |
* The objects are written out in the p11-kit persist format
* Parser marks files in p11-kit persist format as modifiable
|
| | |
|
| | |
|
| | |
|
