ANNOUNCE: p11-kit 0.23.4

Daiki Ueno dueno at
Wed Feb 22 10:09:05 UTC 2017

This is a development release.

What's new in 0.23.4

 * Recognize query attributes defined in PKCS#11 URI (RFC7512) [PR#31,
   PR#37, PR#52]
 * The trust policy module now recognizes CKA_NSS_MOZILLA_CA_POLICY
   attribute, used by Firefox [#99453, PR#46]
 * Add 'trust dump' command to dump all PKCS#11 objects in the
   persistence format [PR#44]
 * New experimental 'p11-kit server' command that allows PKCS#11
   forwarding through a Unix domain socket.  A client-side module is also provided [PR#15]
 * Add systemd unit files for exporting the proxy module through a
   Unix domain socket [PR#35]
 * New P11KitIter API to iterate over slots, tokens, and modules in
   addition to objects [PR#28]
 * libffi dependency is now optional [PR#9]
 * Build fixes for FreeBSD, macOS, and Windows [PR#32, PR#39, PR#45]

Detailed changes between 0.23.3 and 0.23.4

Daiki Ueno (34):
      uri: Avoid typecasting confusion on s390x
      uri: Support query attributes to specify module
      travis: Enable strict code compilation
      maint: Add .dir-locals.el file for Emacs
      build: Make libffi closure optional
      test: Release transport mock module
      virtual: Make virtual-fixed internal API cleaner
      uri: Relax pin-* parsing for compatibility
      iter: Enable iteration over slots/tokens/modules
      filter: New virtual wrapper for access control
      trust: Revert to the original 'extract' behavior
      virtual: Move mutex into p11_library_init()
      library: Deinit p11_virtual_mutex
      compat: Fix character generation in mk{s,d}temp()
      argv: Fix misinterpretation of backslash in quotes
      build: Check *asprintf on all platforms
      build: Include <unistd.h> for execv
      build: Avoid undefined reference to rpc_exec_init
      build: Adjust executable/module names for Windows
      rpc: Port exec transport to Windows
      test: Fix Windows test case for p11_path_expand
      trust: Fix saving trust file on Windows
      test: Fix modules test for Windows
      library: Initialize p11_virtual_mutex for Windows
      trust: Fix uninitialized value in anchor command
      travis: Enable mingw64 cross build
      common: Add path encoding functions
      remote, server: Recognize PKCS#11 URI
      remote: Add API to serve a token
      rpc: Add PKCS#11 module that connects to socket
      trust: Honor "modifiable" setting in persist file
      rpc: Make it less verbose about connection failure
      uri: Support vendor query attributes
      Release 0.23.4

Kai Engert (2):
      Support loading new NSS attribute CKA_NSS_MOZILLA_CA_POLICY from .p11-kit files. See also NSS bug and p11-kit bug
      Fix a typo in "x-cetrificate-value", see also

Lubomir Rintel (4):
      uri: fix the query attribute parsing
      uri: fix producing the query attributes
      common: use recursive pthread mutex for library lock
      systemd: add per-user remoting socket

Mantas Mikul─Śnas (1):
      rpc: Try $XDG_CACHE_HOME before ~/.cache

Nikos Mavrogiannopoulos (4):
      test: Check exhaustion of fixed closures
      rpc: New rpc_unix transport based on Unix socket
      common: New p11_get_upeer_id() function
      p11-kit: Add 'p11-kit server' command

Roman Bogorodskiy (2):
      build: improve p11-kit-proxy symlink handling
      Fix compiler warnings on FreeBSD

Stef Walter (5):
      trust: Load all attributes for each object when enumerating
      trust: Make extraction and correlation of certificate info optional
      trust: Add an "all" filter option for trust commands
      trust: Don't encode spaces when writing .p11-kit format
      trust: Implement a 'trust dump' command


Daiki Ueno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <>

More information about the p11-glue mailing list