/openssl/test/recipes/ |
H A D | 25-test_req.t | 478 generate_cert($cert); 479 has_version($cert, 3); 481 has_AKID($cert, 0); 501 has_version($cert, 1); 560 "-out", $cert)])), "generate using x509: $cert"); 575 has_version($cert, 3); 577 has_AKID($cert, 0); 620 has_version($cert, 3); 638 has_SKID($cert, 1); 639 has_AKID($cert, 0); [all …]
|
H A D | tconversion.pl | 132 my ($cert, $pattern, $expected, $name) = @_; 134 run(app(["openssl", "x509", "-noout", "-text", "-in", $cert, "-out", $out])); 140 my ($cert, $expect) = @_; 141 cert_contains($cert, "Version: $expect", 1); 145 my ($cert, $expect) = @_; 146 cert_contains($cert, "Subject Key Identifier", $expect); 150 my ($cert, $expect) = @_; 151 cert_contains($cert, "Authority Key Identifier", $expect); 168 my ($cert, $expected, $exts, $name) = @_; 171 "-in", $cert, "-out", $out])); [all …]
|
/openssl/test/certs/ |
H A D | setup.sh | 81 ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert 112 ./mkcert.sh genca "CA" ca-key ca-cert-md5 root-key root-cert 119 ./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert 158 ./mkcert.sh genee server.example ee-key ee-cert ca-key ca-cert 199 ./mkcert.sh genee server.example ee-key ee-cert-md5 ca-key ca-cert 212 ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named 239 ./mkcert.sh genpc pc2-key pc2-cert pc1-key pc1-cert \ 244 ./mkcert.sh genpc bad-pc3-key bad-pc3-cert pc1-key pc1-cert \ 248 ./mkcert.sh genpc bad-pc4-key bad-pc4-cert pc1-key pc1-cert \ 252 ./mkcert.sh genpc pc5-key pc5-cert pc1-key pc1-cert \ [all …]
|
H A D | mkcert.sh | 90 cert() { function 199 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 216 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 269 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 303 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 332 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 349 cert "$cert" "$exts" -signkey "${key}.pem" \ 359 cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" 392 cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ 394 cat ${cert}.pem ${ca}.pem > ${cert}-chain.pem [all …]
|
/openssl/test/recipes/80-test_cmp_http_data/ |
H A D | test_credentials.csv | 3 1,valid secret - wrong cert/key ignored, -section,, -ref,_PBM_REF, -secret,_PBM_SECRET, -cert,root.… 6 0,wrong secret - correct cert, -section,,BLANK,, -secret,pass:wrong, -cert,signer.crt, -key,signer.… 9 1,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keyp… 10 1,wrong ref but correct cert, -section,, -ref,wrong,BLANK,, -cert,signer.crt, -key,signer.p12, -key… 12 1,valid cert and key and keypass, -section,,BLANK,,-secret,"""", -cert,signer.crt, -key,signer.p12,… 13 0,cert missing arg, -section,,BLANK,,BLANK,, -cert,, -key,signer.p12, -keypass,pass:12345,BLANK,,BL… 21 0,no cert, -section,,BLANK,,BLANK,,BLANK,, -key,signer.p12, -keypass,pass:12345,BLANK,,BLANK,,BLANK… 24 0,wrong cert, -section,,BLANK,,BLANK,, -cert,trusted.crt, -key,signer.p12, -keypass,pass:12345,BLAN… 25 0,cert file does not exist, -section,,BLANK,,BLANK,, -cert,idontexist, -key,signer.p12, -keypass,pa… 26 0,cert file random content, -section,,BLANK,,BLANK,, -cert,random.bin, -key,signer.p12, -keypass,pa… [all …]
|
/openssl/crypto/ocsp/ |
H A D | ocsp_srv.c | 157 int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) in OCSP_basic_add1_cert() argument 236 int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) in OCSP_RESPID_set_by_name() argument 246 int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, in OCSP_RESPID_set_by_key_ex() argument 258 if (!X509_pubkey_digest(cert, sha1, md, NULL)) in OCSP_RESPID_set_by_key_ex() 279 int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) in OCSP_RESPID_set_by_key() argument 281 if (cert == NULL) in OCSP_RESPID_set_by_key() 283 return OCSP_RESPID_set_by_key_ex(respid, cert, cert->libctx, cert->propq); in OCSP_RESPID_set_by_key() 303 if (!X509_pubkey_digest(cert, sha1, md, NULL)) in OCSP_RESPID_match_ex() 322 int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) in OCSP_RESPID_match() argument 324 if (cert == NULL) in OCSP_RESPID_match() [all …]
|
/openssl/test/ |
H A D | pkcs12_api_test.c | 108 X509 *cert = NULL; in pkcs12_parse_test() local 121 if ((has_cert && !TEST_ptr(cert)) || (!has_cert && !TEST_ptr_null(cert))) in pkcs12_parse_test() 125 if (has_key && !changepass(p12, key, cert, ca)) in pkcs12_parse_test() 132 X509_free(cert); in pkcs12_parse_test() 150 if (!TEST_true(PKCS12_parse(p12, "", key, cert, ca))) in pkcs12_create_ex2_setup() 164 X509 *cert = NULL; in pkcs12_create_ex2_test() local 167 p12 = pkcs12_create_ex2_setup(&key, &cert, &ca); in pkcs12_create_ex2_test() 182 if (!TEST_ptr(cert)) in pkcs12_create_ex2_test() 188 cert, NULL, NID_undef, NID_undef, in pkcs12_create_ex2_test() 199 cert, NULL, NID_undef, NID_undef, in pkcs12_create_ex2_test() [all …]
|
H A D | localetest.c | 97 X509 *cert = NULL; in setup_tests() local 110 cert = d2i_X509(NULL, &p, sizeof(der_bytes)); in setup_tests() 111 if (!TEST_ptr(cert)) in setup_tests() 114 cert_pubkey = X509_get_X509_PUBKEY(cert); in setup_tests() 116 X509_free(cert); in setup_tests() 121 X509_free(cert); in setup_tests() 125 X509_free(cert); in setup_tests()
|
H A D | cmsapitest.c | 20 static X509 *cert = NULL; variable 38 if (!TEST_int_gt(sk_X509_push(certstack, cert), 0)) in test_encrypt_decrypt() 45 if (!TEST_true(CMS_decrypt(content, privkey, cert, NULL, outmsgbio, in test_encrypt_decrypt() 51 NULL, privkey, cert, NULL, in test_encrypt_decrypt() 97 && TEST_ptr(CMS_add1_signer(cms, cert, privkey, NULL, 0)) in test_CMS_add1_cert() 98 && TEST_true(CMS_add1_cert(cms, cert)); /* add cert again */ in test_CMS_add1_cert() 416 X509_free(cert); in setup_tests() 417 cert = NULL; in setup_tests() 422 X509_free(cert); in setup_tests() 423 cert = NULL; in setup_tests() [all …]
|
H A D | x509aux.c | 40 X509 *cert = NULL; in test_certs() local 54 cert = d2i(NULL, &p, len); in test_certs() 56 if (cert == NULL || (p - data) != len) { in test_certs() 63 enclen = i2d(cert, NULL); in test_certs() 75 enclen = i2d(cert, &bufp); in test_certs() 100 err = X509_cmp(reuse, cert); in test_certs() 110 enclen = i2d(cert, &buf); in test_certs() 129 enclen = i2d(cert, &buf); in test_certs() 147 X509_free(cert); in test_certs()
|
H A D | pkcs7_test.c | 134 X509 *cert = NULL; in pkcs7_verify_test() local 156 && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL)) in pkcs7_verify_test() 159 && TEST_true(X509_STORE_add_cert(store, cert)) in pkcs7_verify_test() 166 X509_free(cert); in pkcs7_verify_test() 225 X509 *cert = NULL; in pkcs7_inner_content_verify_test() local 368 && TEST_ptr(cert = d2i_X509_bio(x509_bio, NULL)) in pkcs7_inner_content_verify_test() 371 && TEST_true(X509_STORE_add_cert(store, cert)) in pkcs7_inner_content_verify_test() 382 X509_free(cert); in pkcs7_inner_content_verify_test()
|
/openssl/crypto/ess/ |
H A D | ess_lib.c | 18 static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, 21 const X509 *cert, 48 X509 *cert = sk_X509_value(certs, i); in OSSL_ESS_signing_cert_new_init() local 50 if ((cid = ESS_CERT_ID_new_init(cert, 1)) == NULL) { in OSSL_ESS_signing_cert_new_init() 67 static ESS_CERT_ID *ESS_CERT_ID_new_init(const X509 *cert, in ESS_CERT_ID_new_init() argument 78 if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL)) { in ESS_CERT_ID_new_init() 150 X509 *cert = sk_X509_value(certs, i); in OSSL_ESS_signing_cert_v2_new_init() local 204 if (!X509_digest(cert, hash_alg, hash, &hash_len)) { in ESS_CERT_ID_V2_new_init() 273 const X509 *cert; in find() local 308 cert = sk_X509_value(certs, i); in find() [all …]
|
/openssl/test/ocsp-tests/ |
H A D | mk-ocsp-cert-chain.sh | 28 -out root-cert.pem 51 -CA root-cert.pem \ 55 -out intermediate-cert.pem 80 -CA intermediate-cert.pem \ 84 -out server-cert.pem 91 -valid server-cert.pem \ 93 -cert intermediate-cert.pem 97 cat server-cert.pem server-key.pem intermediate-cert.pem > server.pem 98 cat intermediate-cert.pem intermediate-key.pem > ocsp.pem
|
/openssl/crypto/cmp/ |
H A D | cmp_vfy.c | 46 pubkey = X509_get_pubkey(cert); in verify_signature() 113 if (ctx == NULL || cert == NULL) { in OSSL_CMP_validate_cert_path() 153 X509_STORE_CTX_set_current_cert(csc, cert); in verify_cb_cert() 225 static int already_checked(const X509 *cert, in already_checked() argument 251 int self_issued = X509_check_issued(cert, cert) == X509_V_OK; in cert_acceptable() 268 if (already_checked(cert, already_checked1) in cert_acceptable() 295 if (!ossl_x509v3_cache_extensions(cert)) { in cert_acceptable() 299 if (!verify_signature(ctx, msg, cert)) { in cert_acceptable() 372 cert, NULL, NULL, msg) in check_msg_given_cert() 398 X509 *cert = sk_X509_value(certs, i); in check_msg_with_certs() local [all …]
|
/openssl/test/ssl-tests/ |
H A D | 20-cert-select.cnf.in | 16 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), 18 "Ed25519.Certificate" => test_pem("server-ed25519-cert.pem"), 20 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), 26 "PSS.Certificate" => test_pem("server-pss-cert.pem"), 28 "ECDSA.Certificate" => test_pem("server-ecdsa-cert.pem"), 32 "Ed448.Certificate" => test_pem("server-ed448-cert.pem"), 38 "Certificate" => test_pem("server-pss-cert.pem"), 70 "RequestCAFile" => test_pem("root-cert.pem"), 94 "RequestCAFile" => test_pem("root-cert.pem"), 118 "RequestCAFile" => test_pem("root-cert.pem"), [all …]
|
H A D | 01-simple.cnf | 7 test-2 = 2-verify-cert 59 [2-verify-cert] 60 ssl_conf = 2-verify-cert-ssl 62 [2-verify-cert-ssl] 63 server = 2-verify-cert-server 64 client = 2-verify-cert-client 66 [2-verify-cert-server] 71 [2-verify-cert-client] 96 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
|
H A D | 20-cert-select.cnf | 86 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 119 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 152 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 555 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 616 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 647 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 718 RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1414 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1451 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem 1487 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem [all …]
|
/openssl/fuzz/ |
H A D | dtlsserver.c | 605 X509 *cert; in FuzzerTestOneInput() local 643 cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); in FuzzerTestOneInput() 645 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 646 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() 648 X509_free(cert); in FuzzerTestOneInput() 668 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 670 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() 672 X509_free(cert); in FuzzerTestOneInput() 692 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 694 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() [all …]
|
H A D | server.c | 527 X509 *cert; in FuzzerTestOneInput() local 563 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 564 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() 566 X509_free(cert); in FuzzerTestOneInput() 585 cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL); in FuzzerTestOneInput() 586 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 588 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() 590 X509_free(cert); in FuzzerTestOneInput() 610 OPENSSL_assert(cert != NULL); in FuzzerTestOneInput() 612 ret = SSL_CTX_use_certificate(ctx, cert); in FuzzerTestOneInput() [all …]
|
/openssl/ssl/ |
H A D | ssl_cert.c | 95 CERT *ssl_cert_dup(CERT *cert) in ssl_cert_dup() argument 113 ret->key = &ret->pkeys[cert->key - cert->pkeys]; in ssl_cert_dup() 168 if (cert->conf_sigalgs) { in ssl_cert_dup() 174 cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs)); in ssl_cert_dup() 185 cert->client_sigalgslen * sizeof(*cert->client_sigalgs)); in ssl_cert_dup() 190 if (cert->ctype) { in ssl_cert_dup() 191 ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len); in ssl_cert_dup() 207 if (cert->chain_store) { in ssl_cert_dup() 297 CERT_PKEY *cpk = s != NULL ? s->cert->key : ctx->cert->key; in ssl_cert_set0_chain() 334 CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key; in ssl_cert_add0_chain_cert() [all …]
|
/openssl/crypto/pkcs12/ |
H A D | p12_crt.c | 20 X509 *cert, 62 if (pkey == NULL && cert == NULL && ca == NULL) { in PKCS12_create_ex2() 67 if (pkey && cert) { in PKCS12_create_ex2() 68 if (!X509_check_private_key(cert, pkey)) in PKCS12_create_ex2() 74 if (cert) { in PKCS12_create_ex2() 76 name = (char *)X509_alias_get0(cert, &namelen); in PKCS12_create_ex2() 81 pkeyid = X509_keyid_get0(cert, &pkeyidlen); in PKCS12_create_ex2() 193 X509 *cert, in pkcs12_add_cert_bag() argument 202 if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) in pkcs12_add_cert_bag() 231 name = (char *)X509_alias_get0(cert, &namelen); in PKCS12_add_cert() [all …]
|
/openssl/demos/certs/ |
H A D | ocspquery.sh | 18 opensslcmd ocsp -issuer intca.pem -cert client.pem -CAfile root.pem \ 20 opensslcmd ocsp -issuer intca.pem -cert server.pem -CAfile root.pem \ 22 opensslcmd ocsp -issuer intca.pem -cert rev.pem -CAfile root.pem \ 27 -cert client.pem -cert server.pem -cert rev.pem \
|
/openssl/crypto/ct/ |
H A D | ct_sct_ctx.c | 60 static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated) in ct_x509_get_ext() argument 62 int ret = X509_get_ext_by_NID(cert, nid, -1); in ct_x509_get_ext() 65 *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0; in ct_x509_get_ext() 75 __owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner) in ct_x509_cert_fixup() argument 85 certidx = ct_x509_get_ext(cert, NID_authority_key_identifier, in ct_x509_cert_fixup() 100 if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner))) in ct_x509_cert_fixup() 105 X509_EXTENSION *certext = X509_get_ext(cert, certidx); in ct_x509_cert_fixup() 119 int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner) in SCT_CTX_set1_cert() argument 138 certderlen = i2d_X509(cert, &certder); in SCT_CTX_set1_cert() 144 idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup); in SCT_CTX_set1_cert() [all …]
|
H A D | ct_policy.c | 62 X509_free(ctx->cert); in CT_POLICY_EVAL_CTX_free() 68 int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert) in CT_POLICY_EVAL_CTX_set1_cert() argument 70 if (!X509_up_ref(cert)) in CT_POLICY_EVAL_CTX_set1_cert() 72 ctx->cert = cert; in CT_POLICY_EVAL_CTX_set1_cert() 97 return ctx->cert; in CT_POLICY_EVAL_CTX_get0_cert()
|
/openssl/apps/include/ |
H A D | cmp_mock_srv.h | 23 int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); 24 int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); 30 int ossl_cmp_mock_srv_set1_newWithNew(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); 31 int ossl_cmp_mock_srv_set1_newWithOld(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); 32 int ossl_cmp_mock_srv_set1_oldWithNew(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
|