Menu
▾
▴
Git Merge Request #1: misc cleanups (open)
Merging...
Merged
Something went wrong. Please, merge manually
Checking if merge is possible...
Something went wrong. Please, merge manually
Michal Suchanek wants to merge 9 commits from /u/msuchanek/ibmtpm20tss/ to master, 2021-12-01
- Support relative certificate path in rootcerts.txt
- Make it possible to call reg.sh outside of the source directory
- Move logs and test keys to subdirectory of regtest
- Remove .cvsignore files
| Commit | Date | |
|---|---|---|
|
[e5b6a7]
(HEAD, master)
by
Remove .cvsignore files. The repository is in git now. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-29 15:08:44 | Tree |
|
[658bc6]
by
regtests: Move test data to a separate directory. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-29 13:01:00 | Tree |
|
[9232d3]
by
regtests: Allow running from arbitrary location. This allows installing the tests. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-26 20:55:50 | Tree |
|
[5e2307]
by
regtests: Remove useless WARN variable. This variable can never be set. It is only set in subshell which is not Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-26 20:23:54 | Tree |
|
[1ed832]
by
regtests: Count errors, don't exit on first error. Also remove completely unused RC variable. The script always exited when Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-26 20:20:02 | Tree |
|
[5db64a]
by
regtests: Allow setting PREFIX. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-26 19:41:38 | Tree |
|
[a07e46]
by
ekutils: Allow certificate paths relative only to list file. In the previous commit support for resolving relative certificate paths Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-12-01 09:33:16 | Tree |
|
[d247f7]
by
ekutils: Allow certificate path relative to certificate list. This makes the certificate directory self-contained. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-29 11:48:29 | Tree |
|
[fa8fbf]
by
ekutils: Set freed pointer to NULL. The whole array is walked and freed later which will cause double-free. Signed-off-by: Michal Suchanek <msuchanek@...> |
2021-11-29 10:00:07 | Tree |
Note: not tested on Windows
The last 3 seem worthwhile. I'll take a look and merge them.
Question about the first one. My idea was than no one should trust all those certificates in a real deployment. Having it fail until rootcerts.txt is modified forces the user to at least be aware of the list. Hopefully, they will review it.
I have to look at the implementation, but I wonder if a relative path could be an attack point.
Old versions of OpenSSL required an absolute path, but this may have changed.
I don't think an absolute path is really required with the current implementation. Relative to your working directory would likely work too.
My point is that if somebody crafts and maintains a list file like this it should allow paths relative to the list so that it can be distributed easily.
Also the whole stat dance is to not break lists that are relative to working directory. If that is not intended to work the code can be simplified.