Home
last modified time | relevance | path

Searched refs:certificate (Results 1 – 25 of 544) sorted by relevance

12345678910>>...22

/third_party/openssl/doc/man3/
DX509_STORE_CTX_get_error.pod9 X509_verify_cert_error_string - get or set certificate verification status
30 These functions are typically called after certificate or chain verification
44 nonnegative integer representing where in the certificate chain the error
45 occurred. If it is zero it occurred in the end entity certificate, one if
46 it is the certificate which signed the end entity certificate and so on.
52 X509_STORE_CTX_get_current_cert() returns the current certificate in
53 I<ctx>. If an error occurred, the current certificate will be the one
55 certificate is relevant.
57 X509_STORE_CTX_set_current_cert() sets the certificate I<x> in I<ctx> which
64 If a callback wishes the save the certificate for use after it returns, it
[all …]
DSSL_CTX_set_client_cert_cb.pod5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
20 called when a client certificate is requested by a server and no certificate
29 set a certificate, a certificate/private key combination must be set
31 certificate will be installed into I<ssl>, see the NOTES and BUGS sections.
32 If no certificate should be set, "0" has to be returned and no certificate
42 During a handshake (or renegotiation) a server may request a certificate
43 from the client. A client certificate must only be sent, when the server
46 When a certificate was set using the
49 certificate is sent, if it matches the list of acceptable CAs sent by the
52 selection routine or to allow a user interaction to choose the certificate to
[all …]
DSSL_get_certificate.pod5 SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
18 certificate used as the local peer's identity.
21 RSA and ECDSA certificates. The certificate which is returned by
28 If it is called before certificate selection has occurred, it returns the most
29 recently added certificate, or NULL if no certificate has been added.
33 After certificate selection has occurred, it returns the certificate which was
34 selected during the handshake, or NULL if no certificate was selected (for
35 example, on a client where no client certificate is in use).
41 will depend on whether that callback is made before or after certificate
45 L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
[all …]
DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
[all …]
DX509_check_ca.pod5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
16 to sign other certificates). The certificate must be a complete certificate
21 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
22 CA certificate with B<basicConstraints> extension CA:TRUE,
23 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
26 extension telling that it is CA certificate.
30 Actually, any nonzero value means that this certificate could have been
DX509_get_extension_flags.pod15 X509_get_proxy_pathlen - retrieve certificate extension data
35 These functions retrieve information related to commonly used certificate extensions.
37 X509_get_pathlen() retrieves the path length extension from a certificate.
41 X509_get_extension_flags() retrieves general information about a certificate,
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
56 The certificate contains basic constraints and asserts the CA flag.
60 The certificate is a valid proxy certificate.
64 The certificate is self issued (that is subject and issuer names match).
73 The freshest CRL extension is present in the certificate.
[all …]
DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
75 certificate, but only if B<x509> has already been loaded into B<ctx> using a
83 SSL_CTX_set_current_cert() changes the current certificate to a value based
[all …]
DSSL_CTX_set_verify.pod12 - set various SSL/TLS parameters for peer certificate verification
50 This would be typically done in case the certificate verification was not yet
57 server certificate verification step.
62 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
65 SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
72 sent. A certificate callback will need to be set via
73 SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
88 B<Server mode:> the server will not send a client certificate request to the
89 client, so the client will not send a certificate.
92 server will send a certificate which will be checked. The result of the
[all …]
DSSL_get_peer_certificate.pod7 SSL_get1_peer_certificate - get the X509 certificate of the peer
19 These functions return a pointer to the X509 certificate the
20 peer presented. If the peer did not present a certificate, NULL is returned.
25 certificate, if present. A client will only send a certificate when
30 That a certificate is returned does not indicate information about the
36 containing the peer certificate is freed. The X509 object must be explicitly
52 No certificate was presented by the peer or no connection was established.
54 =item Pointer to an X509 certificate
56 The return value points to the certificate presented by the peer.
DSSL_get_peer_cert_chain.pod5 SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
18 forming the certificate chain sent by the peer. If called on the client side,
19 the stack also contains the peer's certificate; if called on the server
20 side, the peer's certificate must be obtained separately using
22 If the peer did not present a certificate, NULL is returned.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
29 of the peer including the peer's end entity certificate. It must be called
40 The reference count of each certificate in the returned STACK_OF(X509) object
54 No certificate was presented by the peer or no connection was established
55 or the certificate chain is no longer available when a session is reused.
[all …]
/third_party/openssl/doc/HOWTO/
Dcertificates.txt13 This file is for users who wish to get a certificate of their own.
29 keys, so before you create a certificate or a certificate request, you
42 3. Creating a certificate request
44 To create a certificate, you need to start with a certificate request
45 (or, as some certificate authorities like to put it, "certificate
48 policies). A certificate request is sent to a certificate authority
49 to get it signed into a certificate. You can also sign the certificate
50 yourself if you have your own certificate authority or create a
51 self-signed certificate (typically for testing purpose).
53 The certificate request is created like this:
[all …]
/third_party/openssl/doc/man1/
Dopenssl-x509.pod.in84 This command is a multi-purposes certificate handling command.
85 It can be used to print certificate information,
86 convert certificates to various forms, edit certificate trust settings,
105 This specifies the input to read a certificate from
106 or the input file for reading a certificate request if the B<-req> flag is used.
113 The key and certificate file password source.
119 Generate a certificate from scratch, not using an input certificate
120 or certificate request. So the B<-in> option must not be used in this case.
128 Output a PKCS#10 certificate request (rather than a certificate).
132 X.509 extensions included in a certificate input are not copied by default.
[all …]
Dopenssl-verification-options.pod5 openssl-verification-options - generic X.509 certificate verification options
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
28 of the target certificate, such as SSL server, or by default for any purpose.
56 or Apple's and Microsoft's certificate stores, ...
58 From the OpenSSL perspective, a trust anchor is a certificate
60 uses of a target certificate the certificate may serve as a trust anchor.
78 A certificate, which may be CA certificate or an end-entity certificate,
103 First, a certificate chain is built up starting from the target certificate
107 a certificate with suitable key usage that
[all …]
Dopenssl-verify.pod.in6 openssl-verify - certificate verification command
24 [I<certificate> ...]
28 This command verifies certificate chains. If a certificate chain has multiple
51 Display information about the certificate chain that has been built (if
96 certificate files. This is useful if the first certificate filename begins
99 =item I<certificate> ...
102 given, this command will attempt to read a single certificate from standard
113 error 24 at 1 depth lookup:invalid CA certificate
115 The first line contains the name of the certificate being verified followed by
116 the subject name of the certificate. The second line contains the error number
[all …]
Dopenssl-nseq.pod.in6 openssl-nseq - create or examine a Netscape certificate sequence
19 This command takes a file containing a Netscape certificate
21 file of certificates and converts it into a Netscape certificate
24 A Netscape certificate sequence is an old Netscape-specific format that
27 certificate enrollment. It was also used by Netscape certificate server.
48 Normally a Netscape certificate sequence will be input and the output
50 situation is reversed: a Netscape certificate sequence is created from
59 Output the certificates in a Netscape certificate sequence
63 Create a Netscape certificate sequence
/third_party/openssl/doc/man7/
Dx509.pod5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
21 A related structure is a certificate request, defined in PKCS#10 from
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
27 a certificate attribute), X509_EXTENSION (to express a certificate
[all …]
/third_party/wpa_supplicant/wpa_supplicant-2.9_standard/wpa_supplicant_lib/
Dwpa_evp_key.c110 struct Credential certificate = { 0 }; in get_pubkey() local
111 certificate.credData.data = (uint8_t *)malloc(MAX_LEN_CERTIFICATE_CHAIN); in get_pubkey()
112 if (certificate.credData.data == NULL) { in get_pubkey()
117 BIO* bio = BIO_from_cm(key_id, certificate); in get_pubkey()
120 if (certificate.credData.data != NULL) { in get_pubkey()
121 free(certificate.credData.data); in get_pubkey()
128 if (certificate.credData.data != NULL) { in get_pubkey()
129 free(certificate.credData.data); in get_pubkey()
174 BIO *BIO_from_cm(const char *key_id, struct Credential certificate) in BIO_from_cm() argument
187 certificate.credData.size = MAX_LEN_CERTIFICATE_CHAIN; in BIO_from_cm()
[all …]
/third_party/node/deps/npm/node_modules/sigstore/dist/x509/
Dverify.js60 buildPaths(certificate) { argument
62 const issuers = this.findIssuer(certificate);
69 if (issuer.equals(certificate)) {
70 paths.push([certificate]);
83 findIssuer(certificate) { argument
87 if (certificate.subject.equals(certificate.issuer)) {
88 if (certificate.verify()) {
89 return [certificate];
94 if (certificate.extAuthorityKeyID) {
95 keyIdentifier = certificate.extAuthorityKeyID.keyIdentifier;
[all …]
/third_party/ltp/testcases/commands/tpm-tools/tpmtoken/tpmtoken_import/
D00_Descriptions.txt2 tpmtoken_import import a certificate and key
4 tpmtoken_import import a certificate and key
6 tpmtoken_import import a certificate and key with -y option
8 tpmtoken_import import a public certificate and key
10 tpmtoken_import import a public certificate and key
12 tpmtoken_import import a public certificate and key with -y option
14 tpmtoken_import import a certificate
18 tpmtoken_import attempt to import a certificate from a key file
20 tpmtoken_import attempt to import a key from a certificate file
/third_party/gstreamer/gstplugins_bad/ext/dtls/
Dgstdtlsagent.c58 GstDtlsCertificate *certificate; member
217 g_clear_object (&priv->certificate); in gst_dtls_agent_finalize()
229 GstDtlsCertificate *certificate; in gst_dtls_agent_set_property() local
233 certificate = GST_DTLS_CERTIFICATE (g_value_get_object (value)); in gst_dtls_agent_set_property()
234 g_return_if_fail (GST_IS_DTLS_CERTIFICATE (certificate)); in gst_dtls_agent_set_property()
237 self->priv->certificate = certificate; in gst_dtls_agent_set_property()
238 g_object_ref (certificate); in gst_dtls_agent_set_property()
241 _gst_dtls_certificate_get_internal_certificate (certificate))) { in gst_dtls_agent_set_property()
247 _gst_dtls_certificate_get_internal_key (certificate))) { in gst_dtls_agent_set_property()
266 if (self->priv->certificate) { in gst_dtls_agent_get_certificate()
[all …]
/third_party/node/test/parallel/
Dtest-crypto-certificate.js42 function checkMethods(certificate) { argument
44 assert.strictEqual(certificate.verifySpkac(spkacValid), true);
45 assert.strictEqual(certificate.verifySpkac(spkacFail), false);
48 stripLineEndings(certificate.exportPublicKey(spkacValid).toString('utf8')),
51 assert.strictEqual(certificate.exportPublicKey(spkacFail), '');
54 certificate.exportChallenge(spkacValid).toString('utf8'),
57 assert.strictEqual(certificate.exportChallenge(spkacFail), '');
60 assert.strictEqual(certificate.verifySpkac(ab), true);
61 assert.strictEqual(certificate.verifySpkac(new Uint8Array(ab)), true);
62 assert.strictEqual(certificate.verifySpkac(new DataView(ab)), true);
/third_party/curl/docs/cmdline-opts/
Dcert.d5 Arg: <certificate[:password]>
6 Help: Client certificate file and password
14 Tells curl to use the specified client certificate file when getting a file
15 with HTTPS, FTPS or another SSL-based protocol. The certificate must be in
18 the terminal. Note that this option assumes a certificate file that is the
19 private key and the client certificate concatenated. See --cert and --key to
22 In the <certificate> portion of the argument, you must escape the character ":"
28 then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in
35 certificate string can either be the name of a certificate/private key in the
36 system or user keychain, or the path to a PKCS#12-encoded certificate and
[all …]
/third_party/curl/docs/
DSSLCERTS.md22 This system is about trust. In your local CA certificate store you have certs
25 certificate authorities you trust.
27 Which certificate authorities do you trust? You can decide to trust the same
31 *hundreds* of companies and in recent years several certificate authorities
37 libcurl performs peer SSL certificate verification by default. This is done
38 by using a CA certificate store that the SSL library can use to make sure the
39 peer's server certificate is valid.
45 If the remote server uses a self-signed certificate, if you do not install a CA
46 cert store, if the server uses a certificate signed by a CA that is not
56 2. Get a CA certificate that can verify the remote server and use the proper
[all …]
/third_party/node/deps/undici/src/docs/api/
DConnector.md72 cb(new Error('Fingerprint does not match or malformed certificate'))
97 let certificate = socket.getPeerCertificate(true)
98 while (certificate && Object.keys(certificate).length > 0) {
99 // invalid certificate
100 if (certificate.issuerCertificate == null) {
104 // We have reached the root certificate.
106 if (certificate.fingerprint256 === certificate.issuerCertificate.fingerprint256) {
111 certificate = certificate.issuerCertificate
113 return certificate
/third_party/skia/third_party/externals/microhttpd/doc/chapters/
Dtlsauthentication.inc24 In addition to the key, a certificate describing the server in human readable tokens
25 is also needed. This certificate will be attested with our aforementioned key. In this way,
26 we obtain a self-signed certificate, valid for one year.
33 To avoid unnecessary error messages in the browser, the certificate needs to
36 called @emph{Certificate Authority}, or @emph{CA}, to attest the certificate for you. This way,
39 Whether the server's certificate is signed by us or a third party, once it has been accepted
62 printf ("The key/certificate files could not be read.\n");
119 certificate or the client obtains the key over secure means. Anyway, the clients have to be aware (…
167 You can then extract the client certificate:
171 * Get the client's certificate
[all …]

12345678910>>...22