Home
last modified time | relevance | path

Searched +full:- +full:- +full:no +full:- +full:check +full:- +full:certificate (Results 1 – 25 of 463) sorted by relevance

12345678910>>...19

/third_party/openssl/doc/man1/
Dopenssl-verification-options.pod5 openssl-verification-options - generic X.509 certificate verification options
19 Certificate verification is implemented by L<X509_verify_cert(3)>.
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
28 of the target certificate, such as SSL server, or by default for any purpose.
33 DANE support is documented in L<openssl-s_client(1)>,
53 all self-signed "root" CA certificates that are placed in the I<trust store>,
56 or Apple's and Microsoft's certificate stores, ...
58 From the OpenSSL perspective, a trust anchor is a certificate
60 uses of a target certificate the certificate may serve as a trust anchor.
[all …]
Dopenssl-ocsp.pod.in2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-ocsp - Online Certificate Status Protocol command
13 [B<-help>]
14 [B<-out> I<file>]
15 [B<-issuer> I<file>]
16 [B<-cert> I<file>]
17 [B<-no_certs>]
18 [B<-serial> I<n>]
19 [B<-signer> I<file>]
20 [B<-signkey> I<file>]
[all …]
/third_party/mbedtls/tests/
Dssl-opt.sh3 # ssl-opt.sh
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
21 set -u
25 ulimit -f 20971520
38 : ${GNUTLS_CLI:=gnutls-cli}
39 : ${GNUTLS_SERV:=gnutls-serv}
46 # the variable is set, we can now check its value
54 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
62 : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
65 O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
[all …]
/third_party/openssl/doc/man3/
DX509_STORE_set_verify_cb_func.pod37 - set verification callback
133 Its purpose is to go through the chain of certificates and check that
135 limits of each certificate's first and last validity time.
138 I<If no chain verification function is provided, the internal default
141 X509_STORE_CTX_get1_issuer() tries to find a certificate from the I<store>
144 or at least the most recently expired match if there is no currently valid one.
148 to get the "best" candidate issuer certificate of the given certificate I<x>.
149 When such a certificate is found, I<get_issuer> must up-ref and assign it
151 Otherwise I<get_issuer> must return 0 if not found and -1 (or 0) on failure.
155 X509_STORE_set_check_issued() sets the function to check that a given
[all …]
DX509_VERIFY_PARAM_set_flags.pod21 - X509 verification parameters
75 a certificate verification operation.
91 to B<purpose>. This determines the acceptable purpose of the certificate
114 neither the end-entity certificate nor the trust-anchor count against this
116 Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
118 intermediate CA certificate between the trust anchor and the end-entity
119 certificate.
124 key strength when verifying certificate chains.
125 For a certificate chain to validate, the public keys of all the certificates
128 anchor> certificate, which is either directly trusted or validated by means other
[all …]
DSSL_CTX_add1_chain_cert.pod10 SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra
11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
68 L<openssl-verification-options(1)/Certification Path Building>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
[all …]
DSSL_get_peer_certificate.pod7 SSL_get1_peer_certificate - get the X509 certificate of the peer
19 These functions return a pointer to the X509 certificate the
20 peer presented. If the peer did not present a certificate, NULL is returned.
25 certificate, if present. A client will only send a certificate when
28 is used, no certificates are sent.
30 That a certificate is returned does not indicate information about the
32 to check the verification state.
36 containing the peer certificate is freed. The X509 object must be explicitly
52 No certificate was presented by the peer or no connection was established.
54 =item Pointer to an X509 certificate
[all …]
DX509_check_host.pod5 X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 certificate matching
21 The certificate matching functions are used to check whether a
22 certificate matches a given hostname, email address, or IP address.
23 The validity of the certificate and its trust level has to be checked by
26 X509_check_host() checks if the certificate Subject Alternative
30 and they match only in the left-most label; but they may match
33 certificate with a SAN or CN value of "*.example.com", "w*.example.com"
37 domain names must be given in A-label form. The B<namelen> argument
40 with a dot (e.g. ".example.com"), it will be matched by a certificate
41 valid for any sub-domain of B<name>, (see also
[all …]
DSSL_check_chain.pod5 SSL_check_chain - check certificate chain suitability
15 SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
16 certificate chain B<chain> is suitable for use with the current session
25 If this flag is B<not> set then the certificate will never be used even
31 B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
37 B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
42 B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
49 B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
57 clients after a certificate request message. It will typically be called
58 in the certificate callback.
[all …]
DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
[all …]
/third_party/libcoap/man/
Dcoap_encryption.txt.in1 // -*- mode:doc; -*-
12 ----
17 - Work with CoAP TLS/DTLS
20 --------
30 *-lcoap-@LIBCOAP_API_VERSION@-notls*, *-lcoap-@LIBCOAP_API_VERSION@-gnutls*,
31 *-lcoap-@LIBCOAP_API_VERSION@-openssl*, *-lcoap-@LIBCOAP_API_VERSION@-mbedtls*
32 or *-lcoap-@LIBCOAP_API_VERSION@-tinydtls*. Otherwise, link with
33 *-lcoap-@LIBCOAP_API_VERSION@* to get the default (D)TLS library support.
36 -----------
42 https://www.trustedfirmware.org/projects/mbed-tls/[Mbed TLS],
[all …]
/third_party/openhitls/tls/handshake/recv/src/
Drecv_certificate.c11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
34 [(HITLS_X509_V_ERR_UNSPECIFIED - 1) & 0XFF] = ALERT_INTERNAL_ERROR,
35 [(HITLS_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT - 1) & 0XFF] = ALERT_UNKNOWN_CA,
36 [(HITLS_X509_V_ERR_UNABLE_TO_GET_CRL - 1) & 0XFF] = ALERT_UNKNOWN_CA,
37 [(HITLS_X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
38 [(HITLS_X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
39 [(HITLS_X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
40 [(HITLS_X509_V_ERR_CERT_SIGNATURE_FAILURE - 1) & 0XFF] = ALERT_DECRYPT_ERROR,
41 [(HITLS_X509_V_ERR_CRL_SIGNATURE_FAILURE - 1) & 0XFF] = ALERT_DECRYPT_ERROR,
42 [(HITLS_X509_V_ERR_CERT_NOT_YET_VALID - 1) & 0XFF] = ALERT_BAD_CERTIFICATE,
[all …]
/third_party/mindspore/mindspore-src/source/mindspore/lite/examples/runtime_gpu_extend/
Dbuild.sh8 # http://www.apache.org/licenses/LICENSE-2.0
24 MINDSPORE_FILE_NAME="mindspore-lite-${VERSION_STR}-linux-x64"
26 MINDSPORE_LITE_DOWNLOAD_URL="https://ms-release.obs.cn-north-4.myhuaweicloud.com/${VERSION_STR}/Min…
28 mkdir -p build
29 mkdir -p model
30 if [ ! -e ${BASEPATH}/model/add_extend.ms ]; then
31 wget -c -O ${BASEPATH}/model/add_extend.ms --no-check-certificate ${MODEL_DOWNLOAD_URL}
33 if [ ! -e ${BASEPATH}/model/add.ms ]; then
34 wget -c -O ${BASEPATH}/model/add.ms --no-check-certificate ${MODEL_DOWNLOAD_URL2}
36 if [ ! -e ${BASEPATH}/build/${MINDSPORE_FILE} ]; then
[all …]
/third_party/openssl/crypto/x509/
Dx509_vfy.c2 * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
33 #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
34 #define CRL_SCORE_SCOPE 0x080 /* certificate is within CRL scope */
36 #define CRL_SCORE_ISSUER_NAME 0x020 /* Issuer name matches certificate */
39 #define CRL_SCORE_ISSUER_CERT 0x018 /* CRL issuer is certificate issuer */
40 #define CRL_SCORE_SAME_PATH 0x008 /* CRL issuer is on certificate path */
86 /*-
87 * Return 1 if given cert is considered self-signed, 0 if not, or -1 on error.
88 * This actually verifies self-signedness only if requested.
90 * to match issuer and subject names (i.e., the cert being self-issued) and any
[all …]
/third_party/grpc/src/core/xds/grpc/
Dxds_certificate_provider.cc9 // http://www.apache.org/licenses/LICENSE-2.0
26 #include "absl/log/check.h"
40 // owned by the root certificate distributor and not by \a parent. Note that
52 parent_->SetKeyMaterials("", std::string(root_certs.value()), in OnCertificatesChanged()
60 parent_->SetErrorForCert("", root_cert_error /* pass the ref */, in OnError()
73 // owned by the root certificate distributor and not by \a parent. Note that
85 parent_->SetKeyMaterials("", absl::nullopt, key_cert_pairs); in OnCertificatesChanged()
92 parent_->SetErrorForCert("", absl::nullopt, in OnError()
121 distributor_->SetWatchStatusCallback( in XdsCertificateProvider()
136 distributor_->SetWatchStatusCallback( in XdsCertificateProvider()
[all …]
/third_party/openhitls/tls/cert/cert_adapt/
Dcert.c11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
42 HITLS_Config *config = &ctx->config.tlsConfig; in CheckKeySecbits()
53 ctx->method.sendAlert((TLS_Ctx *)ctx, ALERT_LEVEL_FATAL, ALERT_INSUFFICIENT_SECURITY); in CheckKeySecbits()
81 … const TLS_SigSchemeInfo *info = ConfigGetSignatureSchemeInfo(&ctx->config.tlsConfig, signScheme); in SAL_CERT_SignScheme2CertKeyType()
85 return info->keyType; in SAL_CERT_SignScheme2CertKeyType()
114 /* The certificate type is not specified. This check is not required. */ in CheckCertType()
117 /* Convert the key type to the certificate type. */ in CheckCertType()
148 uint32_t baseSignAlgorithmsSize = select->baseSignAlgorithmsSize; in CheckSelectSignAlgorithms()
149 const uint16_t *baseSignAlgorithms = select->baseSignAlgorithms; in CheckSelectSignAlgorithms()
150 uint32_t selectSignAlgorithmsSize = select->selectSignAlgorithmsSize; in CheckSelectSignAlgorithms()
[all …]
/third_party/libcoap/include/coap3/
Dcoap_dtls.h2 * coap_dtls.h -- (Datagram) Transport Layer Support for libcoap
5 * Copyright (C) 2017 Jean-Claude Michelou <jcm@spinetix.com>
7 * SPDX-License-Identifier: BSD-2-Clause
51 * Check whether DTLS is available.
58 * Check whether TLS is available.
65 * Check whether (D)TLS PSK is available.
72 * Check whether (D)TLS PKI is available.
79 * Check whether (D)TLS PKCS11 is available.
86 * Check whether (D)TLS RPK is available.
93 COAP_TLS_LIBRARY_NOTLS = 0, /**< No DTLS library */
[all …]
/third_party/mbedtls/tests/suites/
Dtest_suite_x509write.data1 Certificate Request check Server1 SHA1
5 Certificate Request check Server1 SHA224
9 Certificate Request check Server1 SHA256
13 Certificate Request check Server1 SHA384
17 Certificate Request check Server1 SHA512
21 Certificate Request check Server1 MD5
25 Certificate Request check Server1 key_usage
29 Certificate Request check opaque Server1 key_usage
33 Certificate Request check Server1 key_usage empty
37 Certificate Request check Server1 ns_cert_type
[all …]
/third_party/openhitls/tls/cert/include/
Dcert.h11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
34 /* Used to transfer certificate data in ASN.1 DER format. */
41 /* Information used to describe the expected certificate */
43 …/* The server must select the certificate matching the cipher suite. The client has no such restri…
45 uint16_t *signSchemeList; /* certificate signature algorithm list */
46 uint32_t signSchemeNum; /* number of certificate signature algorithms */
68 * @brief Check the certificate information.
71 * @param expectCertInfo [IN] Expected certificate information
72 * @param cert [IN] Certificate
74 * @param signCheck [IN] Indicates whether to check the certificate signature information.
[all …]
/third_party/openssl/
DCHANGES.md4 This is a high-level summary of the most important changes.
11 ----------------
13 - [OpenSSL 3.0](#openssl-30)
14 - [OpenSSL 1.1.1](#openssl-111)
15 - [OpenSSL 1.1.0](#openssl-110)
16 - [OpenSSL 1.0.2](#openssl-102)
17 - [OpenSSL 1.0.1](#openssl-101)
18 - [OpenSSL 1.0.0](#openssl-100)
19 - [OpenSSL 0.9.x](#openssl-09x)
22 -----------
[all …]
/third_party/openssl/test/recipes/
D25-test_req.t2 # Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
27 @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem"));
29 @req_new = ("-new");
38 # Check for duplicate -addext parameters, and one "working" case.
39 my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem",
40 "-key", srctop_file("test", "certs", "ee-key.pem"),
41 "-config", srctop_file("test", "test.cnf"), @req_new );
47 ok( run(app([@addext_args, "-addext", $val])));
48 ok( run(app([@addext_args, "-addext", $val1])));
50 ok(!run(app([@addext_args, "-addext", $val1])));
[all …]
/third_party/openhitls/include/tls/
Dhitls_config.h11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
224 Dual-ended check: Disabled
225 Allow Client No Certificate: Not Allowed
227 This API is a version-specific API. After the configuration context is created,
263 Dual-ended check: Disabled
264 Allow Client No Certificate: Not Allowed
266 This API is a version-specific API. After the configuration context is created,
300 Dual-ended check: Disabled
301 Allow Client No Certificate: Not Allowed
303 This API is a version-specific API. After the configuration context is created,
[all …]
/third_party/mbedtls/include/mbedtls/
Dx509.h8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
31 * That is, maximum length of the chain, excluding the end-entity certificate
32 * and the trusted root certificate.
35 * resources verifying an overlong certificate chain.
45 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
47 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
49 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
51 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
53 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
55 #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
[all …]
/third_party/mbedtls/library/
Dssl_tls13_generic.c5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
61 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
62 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
77 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
78 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
98 /* Case of no extension */ in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
104 * Extension extensions<x..2^16-1>; in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
108 * opaque extension_data<0..2^16-1>; in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
115 /* Check extensions do not go beyond the buffer of data. */ in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
147 * - 64 bytes of octet 32,
[all …]
/third_party/openssl/apps/
Dverify.c2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
22 static int check(X509_STORE *ctx, const char *file,
39 {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert...]\n"},
42 {"help", OPT_HELP, '-', "Display this summary"},
46 {"verbose", OPT_VERBOSE, '-',
48 {"nameopt", OPT_NAMEOPT, 's', "Certificate subject/issuer name printing options"},
50 OPT_SECTION("Certificate chain"),
55 {"no-CAfile", OPT_NOCAFILE, '-',
57 {"no-CApath", OPT_NOCAPATH, '-',
59 {"no-CAstore", OPT_NOCASTORE, '-',
[all …]

12345678910>>...19