Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

trust: Prevent trust module being loaded by proxy module #142

Merged
merged 6 commits into from
Apr 10, 2018
Merged

trust: Prevent trust module being loaded by proxy module #142

merged 6 commits into from
Apr 10, 2018

Conversation

ueno
Copy link
Member

@ueno ueno commented Apr 6, 2018
edited
Loading

Otherwise, when the proxy module were registered in NSS database, the
trust module would be loaded twice and affect search performance.

@coveralls
Copy link

coveralls commented Apr 6, 2018
edited
Loading

Coverage Status

Coverage increased (+0.7%) to 82.511% when pulling 05c257e on ueno:wip/dueno/disable-trust-in-proxy into dcb6ee3 on p11-glue:master.

@ueno ueno force-pushed the wip/dueno/disable-trust-in-proxy branch 11 times, most recently from cc36198 to 9ddd1b8 Compare April 10, 2018 05:52
@ueno ueno changed the title trust: Exclude the module from the proxy module aggregation trust: Prevent trust module being loaded by proxy module Apr 10, 2018
ueno added 5 commits April 10, 2018 09:46
@ueno
test: Factor out common harness from test-extract.in
433040c
@ueno
trust: Fix memleak in p11_enumerate_opt_filter
0511a16 
p11_kit_iter_add_filter() takes the ownership of given attributes.
Spotted by address sanitizer.
@ueno
travis: Run "make installcheck"
4704cb6
@ueno
trust: Prevent trust module being loaded by proxy module
5b3d305 
Otherwise, when the proxy module were registerd in NSS database, the
trust module would be loaded twice and degrade search performance.
@ueno
test: Add installcheck script to test trust module
a31f8de 
Currently it only checks that "disable-in: p11-kit-proxy" properly
prevents the trust module being loaded by the proxy module.
@ueno ueno force-pushed the wip/dueno/disable-trust-in-proxy branch from 9ddd1b8 to a31f8de Compare April 10, 2018 07:47
tomato42
tomato42 reviewed Apr 10, 2018
View reviewed changes
.travis.yml Outdated
@@ -22,26 +22,34 @@ before_install:
- docker exec $CONTAINER dnf -y install libasan libubsan
- docker exec $CONTAINER dnf -y install clang-analyzer
- docker exec $CONTAINER dnf -y install mingw64-gcc mingw64-libffi mingw64-libtasn1 wine
- docker exec $CONTAINER dnf -y install opensc openssl
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not all installations are done at the same time? wouldn't it make them faster?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point; I arranged the dnf install invocation in 05c257e.

@ueno ueno merged commit a95c7a3 into p11-glue:master Apr 10, 2018
@ueno
Copy link
Member Author

ueno commented Apr 10, 2018

Thank you for the review!

@ueno ueno deleted the wip/dueno/disable-trust-in-proxy branch April 10, 2018 15:57
@ueno ueno added this to the 0.23.11 milestone May 7, 2018
@jamescassell
Copy link

How is the trust module otherwise loaded? It it automatically loaded by some other mechanism, or are users expected to register it explicitly in the nssdb separate from the proxy module (which is automatically registered.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomato42 tomato42 tomato42 approved these changes

Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.23.11
Development

Successfully merging this pull request may close these issues.
4 participants
@ueno @coveralls @jamescassell @tomato42