ANNOUNCE: p11-kit 0.18.0

Stef Walter stefw at
Wed Apr 3 23:58:06 PDT 2013

Announcing a new release of p11-kit. This is a stable release (at least
that's the idea :)

The 0.16.x series of releases contained the trust module, but various
tweaks and changes needed to be put into place before it was actually
useful. Those occurred during the 0.17.x series.

What's new in 0.18.x

 * Make each trust input path for the trust module it's own PKCS#11
   token [#61499, #62327]
 * Better labels for trust module tokens [#62534]
 * Make directories and files extracted with 'p11-kit extract' read
   only [#61898]
 * When extracting certificates with 'p11-kit extract' don't extract
   duplicates, but combine based on trust policy [#61497]
 * Add a new --comment argument to 'p11-kit extract' [#62029]
 * Put in a new 'priority' config option for ordering which p11-kit
   modules to search first [#61978]
 * The trust module now discard duplicate certificates found within a
   single trust input path [#62548]
 * Better performance when looking up certificates in the trust module.
 * Support a native p11-kit PKCS#11 persistence format for loading
   objects in the trust module [#62156, #62329]
 * Have the trust module use recommended id's for certificates [#62329]
 * Numerous bug and build fixes [#62896, #62819, #63062, #63046, #62874,
   #62825, #927394, #62479 ...]

Many thanks to everyone who contributed with review, patches and testing :)

Detailed changes between 0.16.x and 0.18.0

Andreas Metzler (1):
      Do not export (de)constructor

Stef Walter (69):
      doc: Move manual into doc/manual subdirectory
      Fix up the system anchors/certificates configure arguments
      Don't overwrite the build directory when uploading documentation
      pem: Fix a bug decoding some PEM files
      trust: Rework input path treatment
      dict: Allow removal of current item in a p11_dict iteration
      trust: Make each configured path its own token
      p11-kit: New priority option and change trust-policy option
      extract: Allow p11_save_write() to automatically calculate length
      extract: --comment option adds comments to PEM bundles
      extract: Combine trust policy when extracting
      asn1: Implement a parsed ASN.1 tree cache
      attrs: New p11_attrs_merge() function
      trust: Refactor to include concept of the index
      attrs: Add info functions for constant names and values
      trust: Add a builder which builds objects out of parsed data
      trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by defau
      lexer: Make a lexer for our config file format
      url: Split out the URL encoding and decoding functions
      trust: Support a p11-kit specific serialization format
      trust: Update frob-nss-tool so it can compare modules for trust in
      Fix distcheck and documentation
      Bump version number
      trust: Remove file that's no longer used
      Refine looking up of attributes in arrays
      trust: Better generation of nss objects and assertions for serial+
      Use the nickname x-distrusted for CKA_X_DISTRUSTED
      compat: Fix trivial comment
      Add workaround for broken strndup() in firefox
      trust: Handle incorrectly encoded CKA_SERIAL_NUMBER lookups
      attrs: Change p11_attrs_to_string() to allow static templates
      trust: Provide better debugging of trust module functions
      Release version 0.17.1
      trust: Fix invalid varargs call in the builder
      trust: Fix trust tests on 32-bit builds
      Release version 0.17.2
      trust: Don't use POSIX or GNU basename()
      extract: Make extracted output directories read-only
      trust: Remove the temporary built in distrust objects
      trust: Use descriptive labels for tokens
      Release version 0.17.3
      hash: Rename file and functions for hashes
      hash: Add the murmur2 hash and start using it
      attrs: Print out the CKA_VALUE for certificates when debugging
      trust: Rework index to be faster and more usable
      trust: Predictable behavior with duplicate certificates in token
      Add a bit of infrastructure for running valgrind
      Fix invalid memory accesses reported by 'make memcheck'
      Fix memory leaks reported by 'make leakcheck'
      Release 0.17.4
      Fix testing of murmur hash on bigendian systems
      Don't try to guess at overflowing time values on 32-bit systems
      Release version 0.17.5
      Don't complain when applications call C_Logout or C_Login
      Use CKA_X_CERTIFICATE_VALUE for trust assertions
      Fix build with automake 1.13
      Fix documentation so it builds out of tree
      Fix build on Win32
      Add new script for setting up p11-kit for a maintainer
      Don't use library locks from p11-kit tool
      Separate library init from message code
      Don't use free() on memory allocated by LocalFree()
      More compatible path munging and handling code
      trust: Fix logic for matching invalid NSS serial numbers
      Don't respect timezones for CKA_START_DATE or CKA_END_DATE
      Update to MurmurHash3
      Don't print erroneous debug messages when skipping files
      Fix off by one in date parsing code
      Release version 0.18.0




More information about the p11-glue mailing list