p11-kit.git/build/certs, branch p11p

Move to non-recursive Makefile for building bins and libs

2014-08-15T08:43:04+00:00

Still use recursive for documentation and translation.

Build in srcdir != builddir fashion by default

2014-01-14T10:28:43+00:00

Naturally this doesn't apply to tarballs

trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec

2013-07-04T13:48:38+00:00

 * Use the concepts and PKCS#11 objects described in the
   recently updated (still work in progress) storing trust spec.
 * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
   the CKA_PUBLIC_KEY_INFO isn't defined yet.
 * Most notably, the association between certificates and stapled
   extensions is by public key.
 * Rework some of the tests to take into account the above.

Don't try to guess at overflowing time values on 32-bit systems

2013-03-28T12:26:38+00:00

Since CKA_START_DATE and CKA_END_DATE are the only places
where we want to parse out times, and these are optional, just
leave blank if the time overflows what libc can handle on
a 32-bit system.

https://bugs.freedesktop.org/show_bug.cgi?id=62825

hash: Add the murmur2 hash and start using it

2013-03-20T09:54:00+00:00

Add implementation of the murmur2 hash function, and start using
it for our dictionaries. Our implementation is incremental
like our other hash functions.

Also remove p11_oid_hash() which wasn't being used.

In addition fix several tests whose success was based on the
way that the dictionary hashed. This was a hidden testing bug.

trust: Add a builder which builds objects out of parsed data

2013-03-15T17:00:10+00:00

The builder completes the objects from the parsed data and takes
over the responsibilities that the parser and adapter previously
shared.

This is necessary to prepare for arbitrary data coming from
the p11-kit specific input files.

https://bugs.freedesktop.org/show_bug.cgi?id=62329

trust: Rework input path treatment

2013-03-15T16:19:01+00:00

 * Accept a single --with-trust-paths argument to ./configure
   which cotnains all the input paths.
 * The --with-system-anchors and --with-system-certificates
   ./configure arguments are no longer supported. Since they were
   only present briefly, no provision is made for backwards
   compatibility.
 * Each input file is treated as containing anchors by default
   unless an input certificate contains detailed trust information.
 * The files in each input directory are not automatically treated
   as anchors unless a certificate contains detailed trust information.
 * The files in anchors/ subdirectory of each input directory are
   automatically marked as anchors.
 * The files in the blacklist/ subdirectory of each input directory
   are automatically marked as blacklisted.
 * Update tests and move around test certificates so we can
   test these changes.

https://bugs.freedesktop.org/show_bug.cgi?id=62327

Add support for exporting OpenSSL's TRUSTED CERTIFICATE format

2013-02-05T14:00:25+00:00

Add support for extracting to pem-bundle and pem-directory formats

2013-02-05T14:00:25+00:00

Support for sane writing to files extracted

2013-02-05T13:54:53+00:00

 * Implement atomic writes of files
 * Writing with checks that not overwriting anything unless desired
 * Writing and overwriting of directory contents in a robust way