In order to solve bug #62156, and have an format for storing arbitrary objects, we need to refactor the p11-kit trust module internals somewhat. This means quite a bit of change, but it's done with the concept of future modifications written through the module.
Two basic concepts are introduced here: The index * index is where objects are stored and searched for internally. The builder * The builder is what validates and completes incomplete objects. For example if a certificate is loaded, all the various PKCS#11 attributes that weren't specified by the input format, are built out by the builder. * The builder also builds the compat objects (like NSS trust objects) from the input data, and keeps them in sync with what's coming in. * This replaces the previous code in adapter.c and parser.c which did some of this building. In all the goal of the above is to: * Allow importing/validation of arbitrary objects from our own storage format. * Allow reloading the input directory when it changes. * Allow modification of objects through the module, which is necessary for writing tools that operate on these objects.
Created attachment 76576 [details] [review] asn1: Implement a parsed ASN.1 tree cache
Created attachment 76577 [details] [review] attrs: New p11_attrs_merge() function
Created attachment 76578 [details] [review] trust: Refactor to include concept of the index
Created attachment 76579 [details] [review] attrs: Add info functions for constant names and values
Created attachment 76580 [details] [review] trust: Add a builder which builds objects out of parsed data
Created attachment 76581 [details] [review] trust: Use a SHA-1 hash of subjectPublicKeyInfo as CKA_ID by default
Merged into git master and 0.17.x releases.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.