99797 – Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]

Bug 99797 - Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]

Summary: Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]

Status:	NEW

Alias:	None

Product:	p11-glue
Classification:	Unclassified
Component:	p11-kit (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	Stef Walter
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-02-13 14:47 UTC by Kai Engert
Modified:	2017-02-17 15:30 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Kai Engert 2017-02-13 14:47:02 UTC

I'm using the new trust dump command for comparison purposes.

If the input to p11-kit-trust is BEGIN TRUSTED CERTIFICATE, the resulting object has
  modifiable: false

If the input is [p11-kit-object-v1], the resulting object has
  modifiable: true

Even if the attribute
  modifiable: false
is added to the [p11-kit-object-v1] input format,
the resuling object is listed as
  modifiable: true

Comment 1 Daiki Ueno 2017-02-17 15:30:36 UTC

It seems that the behavior was introduced when p11-kit persist files gained writing support:
https://github.com/p11-glue/p11-kit/commit/96771f49dc945800ae28c77ff407753cbb995c7f

I am not sure if it is intended, but I have opened a PR that respects "modifiable" settings from the file itself:
https://github.com/p11-glue/p11-kit/pull/51

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.