Home
last modified time | relevance | path

Searched +full:- +full:- +full:no +full:- +full:check +full:- +full:certificate (Results 1 – 25 of 1019) sorted by relevance

12345678910>>...41

/external/cronet/net/cert/internal/
Drevocation_checker.cc2 // Use of this source code is governed by a BSD-style license that can be
13 #include "third_party/abseil-cpp/absl/types/optional.h"
29 errors->AddError(bssl::cert_errors::kCertificateRevoked); in MarkCertificateRevoked()
52 // Check using stapled OCSP, if available. in CheckCertRevocation()
59 stapled_ocsp_verify_result->response_status = response_details; in CheckCertRevocation()
60 stapled_ocsp_verify_result->revocation_status = ocsp_status; in CheckCertRevocation()
78 // TODO(eroman): Should still check CRL/OCSP caches. in CheckCertRevocation()
84 // Check OCSP. in CheckCertRevocation()
85 if (cert->has_authority_info_access()) { in CheckCertRevocation()
87 for (const auto& ocsp_uri : cert->ocsp_uris()) { in CheckCertRevocation()
[all …]
/external/tpm2-tss/src/tss2-fapi/api/
DFapi_Provision.c1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
32 /** One-Call function for the initial FAPI provisioning.
35 * and policy settings as well as the readout of the EK and its certificate and
36 * the initialization of the system-wide keystore.
50 * @retval TSS2_FAPI_RC_NO_CERT: if no certificate was found for the computed EK.
52 * configured certificate or the configured fingerprint does not match
57 * @retval TSS2_FAPI_RC_NO_TPM if FAPI was initialized in no-TPM-mode via its
85 /* Check for NULL parameters */ in Fapi_Provision()
88 /* Check whether TCTI and ESYS are initialized */ in Fapi_Provision()
[all …]
/external/conscrypt/common/src/main/java/org/conscrypt/
DTrustManagerImpl.java8 * http://www.apache.org/licenses/LICENSE-2.0
26 * http://www.apache.org/licenses/LICENSE-2.0
46 import java.security.cert.Certificate;
91 * Comparator used for ordering trust anchors during certificate path building.
102 * The AndroidCAStore if non-null, null otherwise.
107 * The CertPinManager, which validates the chain against a host-to-pin mapping
112 * The backing store for the AndroidCAStore if non-null. This will
134 * non-AndroidCAStore, we initialize this as part of the
287 throw new CertificateException("Not in handshake; no session available"); in getHandshakeSessionOrThrow()
310 throw new CertificateException("Not in handshake; no session available"); in checkClientTrusted()
[all …]
/external/mbedtls/tests/
Dssl-opt.sh3 # ssl-opt.sh
6 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
21 set -u
25 ulimit -f 20971520
38 : ${GNUTLS_CLI:=gnutls-cli}
39 : ${GNUTLS_SERV:=gnutls-serv}
46 # the variable is set, we can now check its value
54 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
62 : ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
64 O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key"
[all …]
/external/openscreen/cast/common/certificate/proto/
Dtest_suite.proto2 // Use of this source code is governed by a BSD-style license that can be
7 package cast.certificate;
11 // A suite of test data to exercise Cast device certificate verification and
21 // The device certificate is valid.
24 // Problem with device certificate or its path.
30 // Device certificate or one of the certificates in its path did not pass the
31 // revocation check.
34 // No CRL was provided, but revocation check is required, and therefore fails.
38 // revocation is checked, the CRL signer cert has expired and the CRL is no
44 // Human-readable description of the test.
[all …]
/external/cronet/third_party/boringssl/src/pki/
Dverify_certificate_chain.h2 // Use of this source code is governed by a BSD-style license that can be
26 // The key purpose (extended key usage) to check for during verification.
32 // certificate.
34 // certificate.
57 // certificate signing, false otherwise. When returning false implementations
58 // can optionally add high-severity errors to |errors| with details on why it
65 // called for each certificate in the chain, including the target certificate.
66 // When returning false implementations can optionally add high-severity
69 // |public_key| can be assumed to be non-null.
75 // is no verification cache.
[all …]
/external/conscrypt/repackaged/common/src/main/java/com/android/org/conscrypt/
DTrustManagerImpl.java9 * http://www.apache.org/licenses/LICENSE-2.0
27 * http://www.apache.org/licenses/LICENSE-2.0
51 import java.security.cert.Certificate;
93 * Comparator used for ordering trust anchors during certificate path building.
103 * The AndroidCAStore if non-null, null otherwise.
108 * The CertPinManager, which validates the chain against a host-to-pin mapping
113 * The backing store for the AndroidCAStore if non-null. This will
135 * non-AndroidCAStore, we initialize this as part of the
291 throw new CertificateException("Not in handshake; no session available"); in getHandshakeSessionOrThrow()
316 throw new CertificateException("Not in handshake; no session available"); in checkClientTrusted()
[all …]
/external/google-cloud-java/java-compute/proto-google-cloud-compute-v1/src/main/java/com/google/cloud/compute/v1/
DSecuritySettingsOrBuilder.java8 * https://www.apache.org/licenses/LICENSE-2.0
30 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
42 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
54 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
67certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
79certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
91certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
104certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
DSecuritySettings.java8 * https://www.apache.org/licenses/LICENSE-2.0
80 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
95 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
118 …MANAGED. If left blank, communications are not encrypted. Note: This field currently has no impact.
146certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
160certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
174certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
189certificate to the client, the client inspects the certificate's subjectAltName field. If the fiel…
201 private byte memoizedIsInitialized = -1;
228 if (size != -1) return size; in getSerializedSize()
[all …]
/external/openthread/third_party/mbedtls/repo/tests/suites/
Dtest_suite_x509write.data1 Certificate Request check Server1 SHA1
5 Certificate Request check Server1 SHA224
9 Certificate Request check Server1 SHA256
13 Certificate Request check Server1 SHA384
17 Certificate Request check Server1 SHA512
21 Certificate Request check Server1 MD4
25 Certificate Request check Server1 MD5
29 Certificate Request check Server1 key_usage
33 Certificate Request check Server1 key_usage empty
37 Certificate Request check Server1 ns_cert_type
[all …]
/external/bouncycastle/bcprov/src/main/java/org/bouncycastle/x509/
DCertPathReviewerMessages.properties14 CertPathReviewer.notPermittedDN.title = Name constraint error: certificate DN is not permitted
15 CertPathReviewer.notPermittedDN.text = Name constraint error: the certificate DN {0} is not permitt…
16 CertPathReviewer.notPermittedDN.summary = Name constraint error: certificate DN is not permitted.
17 CertPathReviewer.notPermittedDN.details = Name constraint checking error. The certificate DN {0} is…
21 CertPathReviewer.excludedDN.title = Name constraint error: certificate DN is excluded
22 CertPathReviewer.excludedDN.text = Name constraint error: The certificate DN {0} is excluded.
23 CertPathReviewer.excludedDN.summary = Name constraint error: certificate DN is excluded.
24 CertPathReviewer.excludedDN.details = Name constraint checking error. The certificate DN {0} is ins…
29 CertPathReviewer.notPermittedEmail.text = Name constraint error: certificate contains the not permi…
31 CertPathReviewer.notPermittedEmail.details = Name constraint checking error. The certificate contai…
[all …]
/external/trusty/arm-trusted-firmware/docs/security_advisories/
Dsecurity-advisory-tfv-10.rst1 Advisory TFV-10 (CVE-2022-47630)
4 +----------------+-------------------------------------------------------------+
5 | Title | Incorrect validation of X.509 certificate extensions can |
6 | | result in an out-of-bounds read. |
8 | CVE ID | `CVE-2022-47630`_ |
9 +----------------+-------------------------------------------------------------+
11 +----------------+-------------------------------------------------------------+
14 +----------------+-------------------------------------------------------------+
17 | | interfaces. Not exploitable in upstream TF-A code. |
18 +----------------+-------------------------------------------------------------+
[all …]
/external/parameter-framework/upstream/
Dappveyor.yml1 version: 3.0.0-{build}
13 # See: https://msdn.microsoft.com/en-us/library/bb513638%28VS.85%29.aspx
14 - reg add "HKLM\SYSTEM\CurrentControlSet\Control\Windows" /f /v ErrorMode /d 2
17 # | Windows can check online for a solution to the problem|
18 # | - Check online for a solution and close the program |
19 # | - Close the program |
20 # See: https://msdn.microsoft.com/en-us/library/bb513638%28VS.85%29.aspx
21 - reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /f /v DontShowUI /d 1
24 - set PREFIX_PATH=%APPVEYOR_BUILD_FOLDER%\asio-1.10.6;%APPVEYOR_BUILD_FOLDER%\catch
26 - set INSTALL=%HOMEPATH%\install
[all …]
/external/openthread/src/cli/
DREADME_COAPS.md1 # OpenThread CLI - CoAPS Example
13 CoAPS uses DTLS to establish a secure, end-to-end connection.
17 - TLS_PSK_WITH_AES_128_CCM_8
20 > coaps psk <your-psk> <your-psk-id>
24 - TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
29 The X.509 certificate stored in `core/cli/x509_cert_key.hpp`.
33 On node 1, setup CoAPS server with resource `test-resource`.
38 > coaps resource test-resource
47 > coaps connect <peer-ip6-address>
50 > coaps get test-resource
[all …]
/external/tpm2-tss/src/tss2-fapi/
Dfapi_crypto.c1 /* SPDX-License-Identifier: BSD-2-Clause */
3 * Copyright 2018-2019, Fraunhofer SIT sponsored by Infineon Technologies AG
62 /* Check for NULL parameters */ in ifapi_get_profile_sig_scheme()
69 if (tpmPublic->type == TPM2_ALG_RSA) { in ifapi_get_profile_sig_scheme()
70 *signatureScheme = profile->rsa_signing_scheme; in ifapi_get_profile_sig_scheme()
72 } else if (tpmPublic->type == TPM2_ALG_ECC) { in ifapi_get_profile_sig_scheme()
73 *signatureScheme = profile->ecc_signing_scheme; in ifapi_get_profile_sig_scheme()
168 /* Check for NULL parameters */ in ifapi_initialize_sign_public()
180 LOG_ERROR("No suitable template found"); in ifapi_initialize_sign_public()
199 /* Check for NULL parameters */ in ifapi_bn2binpad()
[all …]
/external/grpc-grpc-java/xds/src/test/java/io/grpc/xds/internal/security/trust/
DXdsX509TrustManagerTest.java8 * http://www.apache.org/licenses/LICENSE-2.0
99 fail("no exception thrown"); in missingPeerCerts()
101 assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing"); in missingPeerCerts()
114 fail("no exception thrown"); in emptyArrayPeerCerts()
116 assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing"); in emptyArrayPeerCerts()
131 fail("no exception thrown"); in noSansInPeerCerts()
133 assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed"); in noSansInPeerCerts()
169 fail("no exception thrown"); in oneSanInPeerCertsVerifies_differentCase_expectException()
171 assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed"); in oneSanInPeerCertsVerifies_differentCase_expectException()
217 fail("no exception thrown"); in oneSanInPeerCertsPrefix_differentCase_expectException()
[all …]
/external/boringssl/src/include/openssl/pki/
Dcertificate.h9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
29 // Certificate represents a parsed X.509 certificate. It includes accessors for
30 // the various things that one might want to extract from a certificate,
31 class OPENSSL_EXPORT Certificate {
33 Certificate(Certificate&& other);
34 Certificate(const Certificate& other) = delete;
35 ~Certificate();
36 Certificate& operator=(const Certificate& other) = delete;
38 // FromDER returns a certificate from an DER-encoded X.509 object in |der|.
39 // In the event of a failure, it will return no value, and |out_diagnostic|
[all …]
Dverify_error.h9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
23 // VerifyError describes certificate chain validation result.
33 // PATH_VERIFIED means there were no errors, the certificate chain is valid.
36 // CERTIFICATE_INVALID_SIGNATURE means that the certificate's signature
40 // CERTIFICATE_UNSUPPORTED_KEY means that the certificate's key type and/or
48 // CERTIFICATE_REVOKED means that the certificate has been revoked.
52 // required and no revocation mechanism was given for the certificate
56 // required and we were unable to check if the certificate was revoked via
61 // certificate's |notAfter| timestamp.
65 // certificate's |notBefore| timestamp.
[all …]
/external/rust/crates/webpki/src/
Dverify_cert.rs9 // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
32 ) -> Result<(), ErrorExt> { in build_chain()
55 ) -> Result<(), ErrorExt> { in build_chain_inner()
76 UsedAsCa::No => { in build_chain_inner()
137 UsedAsCa::No => sub_ca_count, in build_chain_inner()
160 ) -> Result<(), ErrorExt> { in check_signatures()
167 // TODO: check revocation in check_signatures()
186 ) -> Result<(), Error> { in check_signed_chain_name_constraints()
215 ) -> Result<(), Error> { in check_issuer_independent_properties()
217 // TODO: Check signature algorithm like mozilla::pkix. in check_issuer_independent_properties()
[all …]
/external/libevent/sample/
Dopenssl_hostname_validation.c1 /* Obtained from: https://github.com/iSECPartners/ssl-conservatory */
18 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
28 * Please read "everything-you-wanted-to-know-about-openssl.pdf" before
39 #pragma clang diagnostic ignored "-Wdeprecated-declarations"
57 * Tries to find a match for hostname in the certificate's Common Name field.
60 * Returns MatchNotFound if no matches were found.
65 int common_name_loc = -1; in matches_common_name()
70 // Find the position of the CN field in the Subject field of the certificate in matches_common_name()
71 …_loc = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *) server_cert), NID_commonName, -1); in matches_common_name()
105 * Tries to find a match for hostname in the certificate's Subject Alternative Name extension.
[all …]
/external/conscrypt/repackaged/common/src/test/java/com/android/org/conscrypt/
DChainStrengthAnalyzerTest.java9 * http://www.apache.org/licenses/LICENSE-2.0
38 //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
39 //-newkey rsa:2048 -sha256 -keyout k.pem -out good.pem
41 "-----BEGIN CERTIFICATE-----\n" +
61 "-----END CERTIFICATE-----";
63 //openssl ecparam -genkey -name prime256v1 -out eckey.pem && \
64 //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
65 //-newkey ec:eckey.pem -sha256 -keyout k.pem -out good.pem
67 "-----BEGIN CERTIFICATE-----\n" +
78 "-----END CERTIFICATE-----\n";
[all …]
/external/conscrypt/common/src/test/java/org/conscrypt/
DChainStrengthAnalyzerTest.java8 * http://www.apache.org/licenses/LICENSE-2.0
34 //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
35 //-newkey rsa:2048 -sha256 -keyout k.pem -out good.pem
37 "-----BEGIN CERTIFICATE-----\n" +
57 "-----END CERTIFICATE-----";
59 //openssl ecparam -genkey -name prime256v1 -out eckey.pem && \
60 //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
61 //-newkey ec:eckey.pem -sha256 -keyout k.pem -out good.pem
63 "-----BEGIN CERTIFICATE-----\n" +
74 "-----END CERTIFICATE-----\n";
[all …]
/external/openthread/third_party/mbedtls/repo/include/mbedtls/
Dx509.h8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
34 * That is, maximum length of the chain, excluding the end-entity certificate
35 * and the trusted root certificate.
38 * resources verifying an overlong certificate chain.
48 #define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
50 #define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
52 #define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
54 #define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
56 #define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
58 #define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
[all …]
/external/mbedtls/library/
Dssl_tls13_generic.c5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
61 if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE || in mbedtls_ssl_tls13_fetch_handshake_msg()
62 ssl->in_msg[0] != hs_type) { in mbedtls_ssl_tls13_fetch_handshake_msg()
77 *buf = ssl->in_msg + 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
78 *buf_len = ssl->in_hslen - 4; in mbedtls_ssl_tls13_fetch_handshake_msg()
98 /* Case of no extension */ in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
104 * Extension extensions<x..2^16-1>; in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
108 * opaque extension_data<0..2^16-1>; in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
115 /* Check extensions do not go beyond the buffer of data. */ in mbedtls_ssl_tls13_is_supported_versions_ext_present_in_exts()
147 * - 64 bytes of octet 32,
[all …]
/external/mbedtls/tests/suites/
Dtest_suite_x509write.data1 Certificate Request check Server1 SHA1
5 Certificate Request check Server1 SHA224
9 Certificate Request check Server1 SHA256
13 Certificate Request check Server1 SHA384
17 Certificate Request check Server1 SHA512
21 Certificate Request check Server1 MD5
25 Certificate Request check Server1 key_usage
29 Certificate Request check opaque Server1 key_usage
33 Certificate Request check Server1 key_usage empty
37 Certificate Request check Server1 ns_cert_type
[all …]

12345678910>>...41