| /third_party/openssl/doc/man3/ |
| D | X509_STORE_CTX_get_error.pod | 9 X509_verify_cert_error_string - get or set certificate verification status
41 nonnegative integer representing where in the certificate chain the error
42 occurred. If it is zero it occurred in the end entity certificate, one if
43 it is the certificate which signed the end entity certificate and so on.
49 X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
50 caused the error or B<NULL> if no certificate is relevant.
52 X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which
59 If a callback wishes the save the certificate for use after it returns, it
61 Once such a I<saved> certificate is no longer needed it can be freed with
65 certificate being verified by the B<ctx>.
[all …]
|
| D | SSL_CTX_set_client_cert_cb.pod | 5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
21 called when a client certificate is requested by a server and no certificate
30 set a certificate, a certificate/private key combination must be set
32 certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
33 If no certificate should be set, "0" has to be returned and no certificate
43 During a handshake (or renegotiation) a server may request a certificate
44 from the client. A client certificate must only be sent, when the server
47 When a certificate was set using the
50 certificate is sent, if it matches the list of acceptable CAs sent by the
53 selection routine or to allow a user interaction to choose the certificate to
[all …]
|
| D | SSL_CTX_use_certificate.pod | 16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
[all …]
|
| D | SSL_CTX_add1_chain_cert.pod | 11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
68 (i.e. server or client) certificate. This is the last certificate loaded or
72 certificate, but only if B<x509> has already been loaded into B<ctx> using a
80 SSL_CTX_set_current_cert() changes the current certificate to a value based
[all …]
|
| D | X509_get_extension_flags.pod | 15 X509_get_proxy_pathlen - retrieve certificate extension data
35 These functions retrieve information related to commonly used certificate extensions.
37 X509_get_pathlen() retrieves the path length extension from a certificate.
41 X509_get_extension_flags() retrieves general information about a certificate,
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
56 The certificate contains basic constraints and asserts the CA flag.
60 The certificate is a valid proxy certificate.
64 The certificate is self issued (that is subject and issuer names match).
73 The freshest CRL extension is present in the certificate.
[all …]
|
| D | X509_check_ca.pod | 5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
20 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
21 CA certificate with B<basicConstraints> extension CA:TRUE,
22 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
25 extension telling that it is CA certificate.
27 Actually, any nonzero value means that this certificate could have been
|
| D | SSL_get_peer_certificate.pod | 5 SSL_get_peer_certificate - get the X509 certificate of the peer
15 SSL_get_peer_certificate() returns a pointer to the X509 certificate the
16 peer presented. If the peer did not present a certificate, NULL is returned.
21 certificate, if present. A client will only send a certificate when
26 That a certificate is returned does not indicate information about the
31 will not be destroyed when the session containing the peer certificate is
42 No certificate was presented by the peer or no connection was established.
44 =item Pointer to an X509 certificate
46 The return value points to the certificate presented by the peer.
|
| D | SSL_CTX_set_verify.pod | 12 - set peer certificate verification parameters
47 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
50 SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
57 sent. A certificate callback will need to be set via
58 SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
73 B<Server mode:> the server will not send a client certificate request to the
74 client, so the client will not send a certificate.
77 server will send a certificate which will be checked. The result of the
78 certificate verification process can be checked after the TLS/SSL handshake
84 B<Server mode:> the server sends a client certificate request to the client.
[all …]
|
| D | SSL_get_peer_cert_chain.pod | 5 SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
18 forming the certificate chain sent by the peer. If called on the client side,
19 the stack also contains the peer's certificate; if called on the server
20 side, the peer's certificate must be obtained separately using
22 If the peer did not present a certificate, NULL is returned.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
29 of the peer including the peer's end entity certificate. It must be called
40 The reference count of each certificate in the returned STACK_OF(X509) object
54 No certificate was presented by the peer or no connection was established
55 or the certificate chain is no longer available when a session is reused.
[all …]
|
| D | X509_get_version.pod | 6 X509_CRL_get_version, X509_CRL_set_version - get or set certificate,
7 certificate request or CRL version
25 certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
26 less than the certificate version. So a version 3 certificate will return 2 and
27 a version 1 certificate will return 0.
29 X509_set_version() sets the numerical value of the version field of certificate
34 number of certificate requests and CRLs.
38 The version field of certificates, certificate requests and CRLs has a
|
| D | SSL_check_chain.pod | 5 SSL_check_chain - check certificate chain suitability
15 SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
16 certificate chain B<chain> is suitable for use with the current session
25 If this flag is B<not> set then the certificate will never be used even
31 B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
37 B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
42 B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
49 B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
57 clients after a certificate request message. It will typically be called
58 in the certificate callback.
[all …]
|
| D | X509_VERIFY_PARAM_set_flags.pod | 70 a certificate verification operation.
86 to B<purpose>. This determines the acceptable purpose of the certificate
108 neither the end-entity certificate nor the trust-anchor count against this
110 Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
112 intermediate CA certificate between the trust-anchor and the end-entity
113 certificate.
118 key strength when verifying certificate chains.
119 For a certificate chain to validate, the public keys of all the certificates
122 anchor> certificate, which is either directly trusted or validated by means other
135 name checks are not performed on the peer certificate. If B<name>
[all …]
|
| D | X509_check_issued.pod | 5 X509_check_issued - checks if certificate is apparently issued by another
6 certificate
17 X509_check_issued() checks if certificate I<subject> was apparently issued
18 using (CA) certificate I<issuer>. This function takes into account not only
23 if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
24 It does not check the certificate signature.
28 Function return B<X509_V_OK> if certificate I<subject> is issued by
|
| /third_party/openssl/doc/HOWTO/ |
| D | certificates.txt | 13 This file is for users who wish to get a certificate of their own.
29 keys, so before you create a certificate or a certificate request, you
42 3. Creating a certificate request
44 To create a certificate, you need to start with a certificate request
45 (or, as some certificate authorities like to put it, "certificate
48 policies). A certificate request is sent to a certificate authority
49 to get it signed into a certificate. You can also sign the certificate
50 yourself if you have your own certificate authority or create a
51 self-signed certificate (typically for testing purpose).
53 The certificate request is created like this:
[all …]
|
| /third_party/openssl/doc/man7/ |
| D | x509.pod | 5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
21 A related structure is a certificate request, defined in PKCS#10 from
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
27 a certificate attribute), X509_EXTENSION (to express a certificate
[all …]
|
| /third_party/ltp/testcases/commands/tpm-tools/tpmtoken/tpmtoken_import/ |
| D | 00_Descriptions.txt | 2 tpmtoken_import import a certificate and key
4 tpmtoken_import import a certificate and key
6 tpmtoken_import import a certificate and key with -y option
8 tpmtoken_import import a public certificate and key
10 tpmtoken_import import a public certificate and key
12 tpmtoken_import import a public certificate and key with -y option
14 tpmtoken_import import a certificate
18 tpmtoken_import attempt to import a certificate from a key file
20 tpmtoken_import attempt to import a key from a certificate file
|
| /third_party/openssl/doc/man1/ |
| D | verify.pod | 58 The B<verify> command verifies certificate chains.
77 form ("hash" is the hashed certificate subject name: see the B<-hash> option
102 the last certificate in a chain if the certificate is supposedly self-signed.
104 certificate with key usage restrictions not including the keyCertSign bit.
115 Attempt to download CRL information for this certificate.
119 Checks end entity certificate validity by attempting to look up a valid CRL.
148 supported by OpenSSL the certificate is rejected (as required by RFC5280).
176 trusted certificate that might not be self-signed.
186 Enables certificate policy processing.
194 The intended use for the certificate. If this option is not specified,
[all …]
|
| D | x509.pod | 72 The B<x509> command is a multi purpose certificate utility. It can be
73 used to display certificate information, convert certificates to
74 various forms, sign certificate requests like a "mini CA" or edit
75 certificate trust settings.
93 certificate but this can change if other options such as B<-req> are
94 present. The DER format is the DER encoding of the certificate and PEM
105 This specifies the input filename to read a certificate from or standard input
144 When signing a certificate, preserve the "notBefore" and "notAfter" dates instead
158 Prints out the certificate in text form. Full details are output including the
164 Prints out the certificate extensions in text form. Extensions are specified
[all …]
|
| D | nseq.pod | 6 nseq - create or examine a Netscape certificate sequence
18 The B<nseq> command takes a file containing a Netscape certificate
20 file of certificates and converts it into a Netscape certificate
42 Normally a Netscape certificate sequence will be input and the output
44 situation is reversed: a Netscape certificate sequence is created from
51 Output the certificates in a Netscape certificate sequence
55 Create a Netscape certificate sequence
61 The B<PEM> encoded form uses the same headers and footers as a certificate:
66 A Netscape certificate sequence is a Netscape specific format that can be sent
68 certificates are sent to the browser: for example during certificate enrollment.
[all …]
|
| D | ca.pod | 64 to sign certificate requests in a variety of forms and generate
95 An input filename containing a single certificate request to be
100 A single self-signed certificate to be signed by the CA.
111 are taken as the names of files containing certificate requests.
116 output. The certificate details will also be printed out to this
121 The directory to output certificates to. The certificate will be
127 The CA certificate file.
152 the certificate requests were signed with (given with B<-keyfile>).
158 certificate appears among the entries in the certificate database
161 self-signed certificate.
[all …]
|
| /third_party/gstreamer/gstplugins_bad/ext/dtls/ |
| D | gstdtlsagent.c | 58 GstDtlsCertificate *certificate; member
217 g_clear_object (&priv->certificate); in gst_dtls_agent_finalize()
229 GstDtlsCertificate *certificate; in gst_dtls_agent_set_property() local
233 certificate = GST_DTLS_CERTIFICATE (g_value_get_object (value)); in gst_dtls_agent_set_property()
234 g_return_if_fail (GST_IS_DTLS_CERTIFICATE (certificate)); in gst_dtls_agent_set_property()
237 self->priv->certificate = certificate; in gst_dtls_agent_set_property()
238 g_object_ref (certificate); in gst_dtls_agent_set_property()
241 _gst_dtls_certificate_get_internal_certificate (certificate))) { in gst_dtls_agent_set_property()
247 _gst_dtls_certificate_get_internal_key (certificate))) { in gst_dtls_agent_set_property()
266 if (self->priv->certificate) { in gst_dtls_agent_get_certificate()
[all …]
|
| /third_party/wpa_supplicant/wpa_supplicant-2.9_standard/wpa_supplicant_lib/ |
| D | wpa_evp_key.c | 163 struct Credential certificate = { 0 }; in BIO_from_cm() local
174 certificate.credData.data = (uint8_t *)malloc(MAX_LEN_CERTIFICATE_CHAIN); in BIO_from_cm()
175 if (certificate.credData.data == NULL) { in BIO_from_cm()
179 certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; in BIO_from_cm()
180 int ret = CmGetAppCert(&keyUri, store, &certificate); in BIO_from_cm()
183 key_id, certificate.credData.size, ret); in BIO_from_cm()
184 free(certificate.credData.data); in BIO_from_cm()
189 key_id, certificate.credData.size); in BIO_from_cm()
191 if (certificate.credData.size > 0) in BIO_from_cm()
192 bio = BIO_new_mem_buf(certificate.credData.data, certificate.credData.size); in BIO_from_cm()
[all …]
|
| /third_party/node/test/parallel/ |
| D | test-crypto-certificate.js | 38 function checkMethods(certificate) { argument
40 assert.strictEqual(certificate.verifySpkac(spkacValid), true);
41 assert.strictEqual(certificate.verifySpkac(spkacFail), false);
44 stripLineEndings(certificate.exportPublicKey(spkacValid).toString('utf8')),
47 assert.strictEqual(certificate.exportPublicKey(spkacFail), '');
50 certificate.exportChallenge(spkacValid).toString('utf8'),
53 assert.strictEqual(certificate.exportChallenge(spkacFail), '');
|
| /third_party/skia/third_party/externals/microhttpd/doc/chapters/ |
| D | tlsauthentication.inc | 24 In addition to the key, a certificate describing the server in human readable tokens
25 is also needed. This certificate will be attested with our aforementioned key. In this way,
26 we obtain a self-signed certificate, valid for one year.
33 To avoid unnecessary error messages in the browser, the certificate needs to
36 called @emph{Certificate Authority}, or @emph{CA}, to attest the certificate for you. This way,
39 Whether the server's certificate is signed by us or a third party, once it has been accepted
62 printf ("The key/certificate files could not be read.\n");
119 certificate or the client obtains the key over secure means. Anyway, the clients have to be aware (…
167 You can then extract the client certificate:
171 * Get the client's certificate
[all …]
|
| /third_party/curl/docs/ |
| D | SSLCERTS.md | 23 This system is about trust. In your local CA certificate store you have certs
37 libcurl performs peer SSL certificate verification by default. This is done
38 by using a CA certificate store that the SSL library can use to make sure the
39 peer's server certificate is valid.
45 If the remote server uses a self-signed certificate, if you don't install a CA
46 cert store, if the server uses a certificate signed by a CA that isn't
56 2. Get a CA certificate that can verify the remote server and use the proper
62 3. Add the CA cert for your server to the existing default CA certificate
63 store. The default CA certificate store can be changed at compile time with
66 --with-ca-bundle=FILE: use the specified file as CA certificate store. CA
[all …]
|