Bug 61497 - p11-kit extract tool should combine trust policy
p11-kit extract tool should combine trust policy
Status: RESOLVED FIXED
Product: p11-glue
Classification: Unclassified
Component: p11-kit
unspecified
Other All
: medium normal
Assigned To: Stef Walter
:
: 61498 (view as bug list)
Depends on: 61499 61978
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-26 09:44 UTC by Stef Walter
Modified: 2013-03-15 16:46 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:


Attachments
extract: Combine trust policy when extracting (19.65 KB, patch)
2013-03-15 08:28 UTC, Stef Walter
Details | Splinter Review
extract: Combine trust policy when extracting (19.65 KB, patch)
2013-03-15 08:29 UTC, Stef Walter
Details | Splinter Review
extract: Combine trust policy when extracting (20.37 KB, patch)
2013-03-15 16:45 UTC, Stef Walter
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Stef Walter 2013-02-26 09:44:57 UTC
When certificate anchors (or other trust policy) is loaded multiple times by the p11-kit trust module, the extract command extracts multiple instances of the policy. 

Instead the extract command should combine the policy in the expected manner (taking into account the stacking of the various sources) and the extracted data should only contain the results.
Comment 1 Stef Walter 2013-03-06 11:39:29 UTC
*** Bug 61498 has been marked as a duplicate of this bug. ***
Comment 2 Stef Walter 2013-03-15 08:28:39 UTC
Created attachment 76549 [details] [review]
extract: Combine trust policy when extracting
Comment 3 Stef Walter 2013-03-15 08:29:59 UTC
Created attachment 76550 [details] [review]
extract: Combine trust policy when extracting
Comment 4 Stef Walter 2013-03-15 08:30:33 UTC
commit 64b47aa5c8a4d9c758f6ed286b24beb4eae1a965
Author: Stef Walter <stefw@gnome.org>
Date:   Fri Mar 15 09:22:57 2013 +0100

    extract: Combine trust policy when extracting
    
     * Collapse multiple identical certificates coming from different
       tokens. Note that if a certificate should not be placed multiple
       times on a token. We cannot know which one to respect.
     * Add a new extract filter: --trust-policy
       This extracts all anchor and blacklist information
Comment 5 Stef Walter 2013-03-15 16:45:21 UTC
Created attachment 76575 [details] [review]
extract: Combine trust policy when extracting
Comment 6 Stef Walter 2013-03-15 16:46:10 UTC
Attachment 76575 [details] pushed as 07a53ce - extract: Combine trust policy when extracting