ANNOUNCE: p11-kit 0.15.1
Stef Walter
stefw at redhat.com
Tue Feb 5 06:21:11 PST 2013
Announcing a new release of p11-kit. This is an unstable release.
This release contains big changes. In particular it contains the trust
policy module and extraction tool described here:
http://p11-glue.freedesktop.org/trust-module.html
I've decided to adopt the familiar odd/even numbering scheme. Where if
the second number in the version is odd, then this is an unstable
release, if even a stable one.
p11-kit now optionally depends on libtasn1, although this is a
recommended dependency and p11-kit tries to find it by default. Without
this dependency the trust policy module and related code will not be built.
What's new in 0.15.1
--------------------
* Fix some memory leaks
* Add a location for packages to drop module configs
* Documentation updates and fixes
* Add command line tool manual page
* Remove unused err() function and friends
* Move more code into common/ directory and refactor
* Add a system trust policy module
* Refactor how the p11-kit command line tool works
* Add p11-kit extract and extract-trust commands
* Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
* Refuse to load the p11-kit-proxy.so as a registered module
* Don't fail initialization if last initialized module fails
Many thanks to everyone who contributed with review, patches and testing :)
Detailed changes in 0.15
------------------------
Pankaj Sharma (2):
Fix file descriptor leak in p11_kit_pin_file_callback()
Fix leak when initializing the proxy module
Stef Walter (52):
Don't fail initialization if last initialized module fails
Refuse to load the p11-kit-proxy.so as a registered module
Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
Guarantee that the key is freed when replaced
Fix documentation warnings.
Distribute HACKING in the tarball
Documentation fixes for PIN functions
Move debug and library code into the common/ subdirectory
Build common code into noinst libraries
Move the pkcs11.h header files into common directory
Add common functions for manipulating CK_ATTRIBUTE arrays
Set strict debug preconditions during testing
Only initialize p11-kit libraries once
Use the stdbool.h C99 bool type
Add generic buffer code
Further tweaks and cleanup for functions dealing with PKCS#11 attr
Add more mock-module implementation
Add internal function for turning on messages
Add p11_kit_be_loud() function for use in tests and tools
Make the p11-kit tool have distinct commands
Add a /usr/share/p11-kit/modules directory for package module conf
Change the documentation configure arg to --enable-doc
Add a p11-kit tool manual page
Add documentation about contributing to p11-kit
Tweak style of the manual
Remove the unused err() function and friends
Add basic checksum algorithms
Add basic trust module
Add support for parsing PEM files
Add support for openssl TRUSTED CERTIFICATE PEM files
Add the builtin roots NSS specific object
Test a TRUSTED CERTIFICATE without any trust OIDs
Some debug info about which files are being loaded
Add tool for testing how fast the token loads
Better debugging and checks for attribute values
Implement stapled certificate extensions internally
Fill in certificate authority and trust data correctly
Refactor how parsing of ASN.1 data and certificate extensions work
Implement trust assertion PKCS#11 objects
Add p11_array_clear() function
Move the X.509 extension parsing code in common/
Allow internal use of token and module info matching
Add public iterator API to p11-kit
Support for sane writing to files extracted
Implement basic extract support
Implement code for writing PEM
Add support for extracting to pem-bundle and pem-directory formats
Add support for exporting OpenSSL's TRUSTED CERTIFICATE format
Use the CN, OU or O of certificates to generate a label
Implement support for java JKS keystore format
Add a placeholder external 'extract-trust' command
Release version 0.15.1
Download
--------
http://p11-glue.freedesktop.org/releases/
Cheers,
Stef
More information about the p11-glue
mailing list