Bug 61497 - p11-kit extract tool should combine trust policy
Summary: p11-kit extract tool should combine trust policy
Status: RESOLVED FIXED
Alias: None
Product: p11-glue
Classification: Unclassified
Component: p11-kit (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Stef Walter
QA Contact:
URL:
Whiteboard:
Keywords:
: 61498 (view as bug list)
Depends on: 61499 61978
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-26 09:44 UTC by Stef Walter
Modified: 2013-03-15 16:46 UTC (History)
3 users (show)

See Also:
i915 platform:
i915 features:

Attachments
extract: Combine trust policy when extracting (19.65 KB, patch)
2013-03-15 08:28 UTC, Stef Walter 		Details | Splinter Review
extract: Combine trust policy when extracting (19.65 KB, patch)
2013-03-15 08:29 UTC, Stef Walter 		Details | Splinter Review
extract: Combine trust policy when extracting (20.37 KB, patch)
2013-03-15 16:45 UTC, Stef Walter 		Details | Splinter Review
Show Obsolete (2) View All

Description Stef Walter 2013-02-26 09:44:57 UTC 
When certificate anchors (or other trust policy) is loaded multiple times by the p11-kit trust module, the extract command extracts multiple instances of the policy. 

Instead the extract command should combine the policy in the expected manner (taking into account the stacking of the various sources) and the extracted data should only contain the results.
Comment 1 Stef Walter 2013-03-06 11:39:29 UTC 
*** Bug 61498 has been marked as a duplicate of this bug. ***
Comment 2 Stef Walter 2013-03-15 08:28:39 UTC 
Created attachment 76549 [details] [review]
extract: Combine trust policy when extracting
Comment 3 Stef Walter 2013-03-15 08:29:59 UTC 
Created attachment 76550 [details] [review]
extract: Combine trust policy when extracting
Comment 4 Stef Walter 2013-03-15 08:30:33 UTC 
commit 64b47aa5c8a4d9c758f6ed286b24beb4eae1a965
Author: Stef Walter <stefw@gnome.org>
Date:   Fri Mar 15 09:22:57 2013 +0100

    extract: Combine trust policy when extracting
    
     * Collapse multiple identical certificates coming from different
       tokens. Note that if a certificate should not be placed multiple
       times on a token. We cannot know which one to respect.
     * Add a new extract filter: --trust-policy
       This extracts all anchor and blacklist information
Comment 5 Stef Walter 2013-03-15 16:45:21 UTC 
Created attachment 76575 [details] [review]
extract: Combine trust policy when extracting
Comment 6 Stef Walter 2013-03-15 16:46:10 UTC 
Attachment 76575 [details] pushed as 07a53ce - extract: Combine trust policy when extracting

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.