Bug 61499 - trust module should represent multiple input sources as multiple tokens
trust module should represent multiple input sources as multiple tokens
Status: RESOLVED FIXED
Product: p11-glue
Classification: Unclassified
Component: p11-kit
unspecified
Other All
: medium normal
Assigned To: Stef Walter
:
Depends on: 62327
Blocks: 61497 61900
  Show dependency treegraph
 
Reported: 2013-02-26 09:47 UTC by Stef Walter
Modified: 2013-03-15 16:29 UTC (History)
3 users (show)

See Also:


Attachments
dict: Allow removal of current item in a p11_dict iteration (3.18 KB, patch)
2013-03-07 09:23 UTC, Stef Walter
Details | Splinter Review
trust: Make each configured path its own token (30.35 KB, patch)
2013-03-07 09:23 UTC, Stef Walter
Details | Splinter Review
trust: Make each configured path its own token (29.49 KB, patch)
2013-03-14 09:35 UTC, Stef Walter
Details | Splinter Review
trust: Make each configured path its own token (29.47 KB, patch)
2013-03-15 16:25 UTC, Stef Walter
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Stef Walter 2013-02-26 09:47:11 UTC
We've been talking about how multiple sources stack when loading trust policy. As part of this the multiple directories that p11-kit trust module can be configured with should show up as multiple slots/tokens in the module. 

This is an implementation detail, but does better model how we want to stack this stuff in the future.
Comment 1 Stef Walter 2013-03-07 09:23:56 UTC
Created attachment 76092 [details] [review]
dict: Allow removal of current item in a p11_dict iteration
Comment 2 Stef Walter 2013-03-07 09:23:58 UTC
Created attachment 76093 [details] [review]
trust: Make each configured path its own token
Comment 3 Stef Walter 2013-03-14 09:35:31 UTC
Created attachment 76517 [details] [review]
trust: Make each configured path its own token
Comment 4 Stef Walter 2013-03-14 09:36:29 UTC
This is ready for review.
Comment 5 Stef Walter 2013-03-14 11:28:01 UTC
This depends on bug #62327 being applied first.
Comment 6 Stef Walter 2013-03-14 11:34:38 UTC
After applying these patches, the various input paths built into the p11-kit trust module should show up as different tokens. Previously there was only one token in the module.

In PKCS#11 each token is a database of objects. A single module can have multiple tokens. This patch changes it so that each configured input source path shows up as a separate token. The certificate files in each input source path will show up as certificate objects in the token in question.

These tokens are visible in the Firefox security device manager. You should be able to see which certificates are on which token using the certificate authority list.

You can see the various tokens with the tool:

p11-kit list-modules
Comment 7 Stef Walter 2013-03-15 16:25:36 UTC
Created attachment 76572 [details] [review]
trust: Make each configured path its own token
Comment 8 Stef Walter 2013-03-15 16:28:58 UTC
Attachment 76092 [details] pushed as d2128c2 - dict: Allow removal of current item in a p11_dict iteration
Attachment 76572 [details] pushed as 0e75a5b - trust: Make each configured path its own token