Home
last modified time | relevance | path

Searched +full:- +full:- +full:no +full:- +full:check +full:- +full:certificate (Results 1 – 25 of 676) sorted by relevance

12345678910>>...28

/third_party/openssl/doc/man1/
Dopenssl-verification-options.pod5 openssl-verification-options - generic X.509 certificate verification options
19 Certificate verification is implemented by L<X509_verify_cert(3)>.
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
28 of the target certificate, such as SSL server, or by default for any purpose.
33 DANE support is documented in L<openssl-s_client(1)>,
53 all self-signed "root" CA certificates that are placed in the I<trust store>,
56 or Apple's and Microsoft's certificate stores, ...
58 From the OpenSSL perspective, a trust anchor is a certificate
60 uses of a target certificate the certificate may serve as a trust anchor.
[all …]
Dopenssl-ocsp.pod.in2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-ocsp - Online Certificate Status Protocol command
13 [B<-help>]
14 [B<-out> I<file>]
15 [B<-issuer> I<file>]
16 [B<-cert> I<file>]
17 [B<-no_certs>]
18 [B<-serial> I<n>]
19 [B<-signer> I<file>]
20 [B<-signkey> I<file>]
[all …]
/third_party/node/deps/npm/node_modules/sigstore/dist/x509/
Dverify.js11 http://www.apache.org/licenses/LICENSE-2.0
36 // Construct certificate path from leaf to root
38 // Perform validation checks on each certificate in the path
40 // Return verified certificate path
47 // Filter for paths which contain a trusted certificate
50 throw new error_1.VerificationError('No trusted certificate path found');
55 // Removes the last certificate in the path, which will be a second copy
56 // of the root certificate given that the root is self-signed.
57 return [leafCert, ...path].slice(0, -1);
60 buildPaths(certificate) { argument
[all …]
/third_party/openssl/doc/man3/
DX509_VERIFY_PARAM_set_flags.pod21 - X509 verification parameters
75 a certificate verification operation.
91 to B<purpose>. This determines the acceptable purpose of the certificate
114 neither the end-entity certificate nor the trust-anchor count against this
116 Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
118 intermediate CA certificate between the trust anchor and the end-entity
119 certificate.
124 key strength when verifying certificate chains.
125 For a certificate chain to validate, the public keys of all the certificates
128 anchor> certificate, which is either directly trusted or validated by means other
[all …]
DX509_STORE_set_verify_cb_func.pod37 - set verification callback
133 Its purpose is to go through the chain of certificates and check that
135 limits of each certificate's first and last validity time.
138 I<If no chain verification function is provided, the internal default
141 X509_STORE_CTX_get1_issuer() tries to find a certificate from the I<store>
144 or at least the most recently expired match if there is no currently valid one.
148 to get the "best" candidate issuer certificate of the given certificate I<x>.
149 When such a certificate is found, I<get_issuer> must up-ref and assign it
151 Otherwise I<get_issuer> must return 0 if not found and -1 (or 0) on failure.
155 X509_STORE_set_check_issued() sets the function to check that a given
[all …]
DSSL_CTX_add1_chain_cert.pod10 SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra
11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
68 L<openssl-verification-options(1)/Certification Path Building>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
[all …]
DSSL_get_peer_certificate.pod7 SSL_get1_peer_certificate - get the X509 certificate of the peer
19 These functions return a pointer to the X509 certificate the
20 peer presented. If the peer did not present a certificate, NULL is returned.
25 certificate, if present. A client will only send a certificate when
28 is used, no certificates are sent.
30 That a certificate is returned does not indicate information about the
32 to check the verification state.
36 containing the peer certificate is freed. The X509 object must be explicitly
52 No certificate was presented by the peer or no connection was established.
54 =item Pointer to an X509 certificate
[all …]
DX509_check_host.pod5 X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching
21 The certificate matching functions are used to check whether a
22 certificate matches a given hostname, email address, or IP address.
23 The validity of the certificate and its trust level has to be checked by
26 X509_check_host() checks if the certificate Subject Alternative
30 and they match only in the left-most label; but they may match
33 certificate with a SAN or CN value of "*.example.com", "w*.example.com"
37 domain names must be given in A-label form. The B<namelen> argument
40 with a dot (e.g. ".example.com"), it will be matched by a certificate
41 valid for any sub-domain of B<name>, (see also
[all …]
/third_party/mbedtls/tests/
Dssl-opt.sh3 # ssl-opt.sh
6 # SPDX-License-Identifier: Apache-2.0
12 # http://www.apache.org/licenses/LICENSE-2.0
33 set -u
37 ulimit -f 20971520
50 : ${GNUTLS_CLI:=gnutls-cli}
51 : ${GNUTLS_SERV:=gnutls-serv}
58 # the variable is set, we can now check its value
66 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
74 : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
[all …]
/third_party/libcoap/man/
Dcoap_encryption.txt.in1 // -*- mode:doc; -*-
12 ----
17 - Work with CoAP TLS/DTLS
20 --------
30 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
31 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
32 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*. Otherwise, link with
33 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
36 -----------
42 https://www.trustedfirmware.org/projects/mbed-tls/[Mbed TLS],
[all …]
/third_party/node/deps/openssl/openssl/crypto/x509/
Dx509_vfy.c2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
33 #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
34 #define CRL_SCORE_SCOPE 0x080 /* certificate is within CRL scope */
36 #define CRL_SCORE_ISSUER_NAME 0x020 /* Issuer name matches certificate */
39 #define CRL_SCORE_ISSUER_CERT 0x018 /* CRL issuer is certificate issuer */
40 #define CRL_SCORE_SAME_PATH 0x008 /* CRL issuer is on certificate path */
86 /*-
87 * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
88 * This actually verifies self-signedness only if requested.
90 * to match issuer and subject names (i.e., the cert being self-issued) and any
[all …]
/third_party/openssl/crypto/x509/
Dx509_vfy.c2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
33 #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
34 #define CRL_SCORE_SCOPE 0x080 /* certificate is within CRL scope */
36 #define CRL_SCORE_ISSUER_NAME 0x020 /* Issuer name matches certificate */
39 #define CRL_SCORE_ISSUER_CERT 0x018 /* CRL issuer is certificate issuer */
40 #define CRL_SCORE_SAME_PATH 0x008 /* CRL issuer is on certificate path */
86 /*-
87 * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
88 * This actually verifies self-signedness only if requested.
90 * to match issuer and subject names (i.e., the cert being self-issued) and any
[all …]
/third_party/libcoap/include/coap3/
Dcoap_dtls.h2 * coap_dtls.h -- (Datagram) Transport Layer Support for libcoap
5 * Copyright (C) 2017 Jean-Claude Michelou <jcm@spinetix.com>
7 * SPDX-License-Identifier: BSD-2-Clause
51 * Check whether DTLS is available.
58 * Check whether TLS is available.
65 * Check whether (D)TLS PSK is available.
72 * Check whether (D)TLS PKI is available.
79 * Check whether (D)TLS PKCS11 is available.
86 * Check whether (D)TLS RPK is available.
93 COAP_TLS_LIBRARY_NOTLS = 0, /**< No DTLS library */
[all …]
/third_party/node/deps/openssl/openssl/
DCHANGES.md4 This is a high-level summary of the most important changes.
11 ----------------
13 - [OpenSSL 3.0](#openssl-30)
14 - [OpenSSL 1.1.1](#openssl-111)
15 - [OpenSSL 1.1.0](#openssl-110)
16 - [OpenSSL 1.0.2](#openssl-102)
17 - [OpenSSL 1.0.1](#openssl-101)
18 - [OpenSSL 1.0.0](#openssl-100)
19 - [OpenSSL 0.9.x](#openssl-09x)
22 -----------
[all …]
/third_party/openssl/
DCHANGES.md4 This is a high-level summary of the most important changes.
11 ----------------
13 - [OpenSSL 3.0](#openssl-30)
14 - [OpenSSL 1.1.1](#openssl-111)
15 - [OpenSSL 1.1.0](#openssl-110)
16 - [OpenSSL 1.0.2](#openssl-102)
17 - [OpenSSL 1.0.1](#openssl-101)
18 - [OpenSSL 1.0.0](#openssl-100)
19 - [OpenSSL 0.9.x](#openssl-09x)
22 -----------
[all …]
/third_party/openssl/test/recipes/
D25-test_req.t2 # Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
27 @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
29 @req_new = ("-new");
38 # Check for duplicate -addext parameters, and one "working" case.
39 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
40 "-key", srctop_file("test", "certs", "ee-key.pem"),
41 "-config", srctop_file("test", "test.cnf"), @req_new );
46 ok( run(app([@addext_args, "-addext", $val])));
47 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val])));
48 ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
[all …]
/third_party/mbedtls/
DChangeLog3 = Mbed TLS 3.4.1 branch released 2023-08-04
9 * Update test data to avoid failures of unit tests after 2023-08-07.
11 = Mbed TLS 3.4.0 branch released 2023-03-28
26 optionally providing file-specific error pairs. Please see psa_util.h for
33 - Only the signed-data content type, version 1 is supported.
34 - Only DER encoding is supported.
35 - Only a single digest algorithm per message is supported.
36 - Certificates must be in X.509 format. A message must have either 0
38 - There is no support for certificate revocation lists.
39 - The authenticated and unauthenticated attribute fields of SignerInfo
[all …]
/third_party/openssl/apps/
Dverify.c2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
22 static int check(X509_STORE *ctx, const char *file,
39 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
42 {"help", OPT_HELP, '-', "Display this summary"},
46 {"verbose", OPT_VERBOSE, '-',
48 {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
50 OPT_SECTION("Certificate chain"),
55 {"no-CAfile", OPT_NOCAFILE, '-',
57 {"no-CApath", OPT_NOCAPATH, '-',
59 {"no-CAstore", OPT_NOCASTORE, '-',
[all …]
Dx509.c2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
32 #define UNSET_DAYS -2 /* -1 is used for testing expiration checks */
33 #define EXT_COPY_UNSET -1
61 {"help", OPT_HELP, '-', "Display this summary"},
64 "Certificate input, or CSR input file with -req (default stdin)"},
65 {"passin", OPT_PASSIN, 's', "Private key and cert file pass-phrase source"},
66 {"new", OPT_NEW, '-', "Generate a certificate from scratch"},
67 {"x509toreq", OPT_X509TOREQ, '-',
68 "Output a certification request (rather than a certificate)"},
69 {"req", OPT_REQ, '-', "Input is a CSR file (rather than a certificate)"},
[all …]
/third_party/node/deps/openssl/openssl/apps/
Dverify.c2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
22 static int check(X509_STORE *ctx, const char *file,
39 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
42 {"help", OPT_HELP, '-', "Display this summary"},
46 {"verbose", OPT_VERBOSE, '-',
48 {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
50 OPT_SECTION("Certificate chain"),
55 {"no-CAfile", OPT_NOCAFILE, '-',
57 {"no-CApath", OPT_NOCAPATH, '-',
59 {"no-CAstore", OPT_NOCASTORE, '-',
[all …]
/third_party/mbedtls/include/mbedtls/
Dx509.h8 * SPDX-License-Identifier: Apache-2.0
14 * http://www.apache.org/licenses/LICENSE-2.0
43 * That is, maximum length of the chain, excluding the end-entity certificate
44 * and the trusted root certificate.
47 * resources verifying an overlong certificate chain.
57 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
59 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
61 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
63 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
65 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
[all …]
/third_party/curl/lib/vtls/
Dschannel_verify.c8 * Copyright (C) Marc Hoersken, <info@marc-hoersken.de>
23 * SPDX-License-Identifier: curl
28 * Source file for Schannel-specific certificate verification. This code should
55 #define BACKEND ((struct schannel_ssl_backend_data *)connssl->backend)
61 #define BEGIN_CERT "-----BEGIN CERTIFICATE-----"
62 #define END_CERT "\n-----END CERTIFICATE-----"
98 for(p = (const char *)haystack; p <= (str_limit - needlelen); p++) in c_memmem()
121 ca_buffer_limit-current_ca_file_ptr, in add_certs_data_to_store()
129 ca_buffer_limit-begin_cert_ptr, in add_certs_data_to_store()
145 ((end_cert_ptr + end_cert_len) - begin_cert_ptr); in add_certs_data_to_store()
[all …]
Dopenssl.c21 * SPDX-License-Identifier: curl
26 * Source file for all OpenSSL-specific code for the TLS/SSL layer. No code
51 #include "url.h" /* for the ssl config check function */
101 renegotiations when built with BoringSSL. Renegotiating is non-compliant
129 #define HAVE_X509_GET0_EXTENSIONS 1 /* added in 1.1.0 -pre1 */
130 #define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
131 #define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
192 * BoringSSL: supported since d28f59c27bac (committed 2015-11-19)
193 * LibreSSL: supported since 3.5.0 (released 2022-02-24)
205 * BoringSSL: no
[all …]
/third_party/mbedtls/library/
Dssl_tls13_generic.c5 * SPDX-License-Identifier: Apache-2.0
11 * http://www.apache.org/licenses/LICENSE-2.0
65 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
66 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
81 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
82 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
96 * - 64 bytes of octet 32,
97 * - 33 bytes for the context string
100 * - 1 byte for the octet 0x0, which serves as a separator,
101 * - 32 or 48 bytes for the Transcript-Hash(Handshake Context, Certificate)
[all …]
/third_party/rust/crates/rust-openssl/
DOAT.xml1 <?xml version="1.0" encoding="UTF-8"?>
2 <!-- Copyright (c) 2021 Huawei Device Co.|Ltd.
7 http://www.apache.org/licenses/LICENSE-2.0
17 -->
18 <!-- OAT(OSS Audit Tool) configuration guide:
21 …root dir|please define all the license files in this project in |OAT will check license files acco…
24 1. task: Define oat check thread|each task will start a new thread.
25 2. task name: Only an name|no practical effect.
32 …yitems will be merged to default OAT.xml rules|the name of policy doesn't affect OAT check process.
36 "compatibility" is used to check license compatibility in the specified path;
[all …]

12345678910>>...28