| /openssl/doc/man3/ |
| H A D | SSL_extension_supported.pod | 12 - custom TLS extension handling
106 The callback B<add_cb> is called to send custom extension data to be
115 extension data and return 1.
124 to NULL then no extension is added.
150 called if the extension is present and relevant for the context (see
154 extension B<ext_type>.
181 The extension is only allowed in TLS
185 The extension is only allowed in DTLS
216 The extension may be present in the ClientHello message.
229 The extension may be present in an EncryptedExtensions message.
[all …]
|
| H A D | X509V3_get_d2i.pod | 50 occurrence of an extension is permissible, otherwise the first extension after
54 -1 if the extension could not be found, 0 if the extension is found and is
97 B<X509V3_ADD_DEFAULT> appends a new extension only if the extension does
98 not exist. An error is returned if the extension exists.
100 B<X509V3_ADD_APPEND> appends a new extension, ignoring whether the extension
103 B<X509V3_ADD_REPLACE> replaces an existing extension. If the extension does
104 not exist, appends a new extension.
107 extension does not exist, returns an error.
109 B<X509V3_ADD_KEEP_EXISTING> appends a new extension only if the extension does
112 B<X509V3_ADD_DELETE> deletes and frees an existing extension. If the extension
[all …]
|
| H A D | X509_EXTENSION_set_object.pod | 8 X509_EXTENSION_get_critical, X509_EXTENSION_get_data - extension utility
30 X509_EXTENSION_set_object() sets the extension type of B<ex> to B<obj>. The
34 B<crit> is zero the extension in non-critical otherwise it is critical.
36 X509_EXTENSION_set_data() sets the data in extension B<ex> to B<data>. The
39 X509_EXTENSION_create_by_NID() creates an extension of type B<nid>,
46 except it creates and extension using B<obj> instead of a NID.
48 X509_EXTENSION_get_object() returns the extension type of B<ex> as an
52 X509_EXTENSION_get_critical() returns the criticality of extension B<ex> it
60 These functions manipulate the contents of an extension directly. Most
62 use the extension encode and decode functions instead such as
[all …]
|
| H A D | X509v3_get_ext_by_NID.pod | 14 X509_REVOKED_add_ext - extension stack utility functions
65 extension is an internal pointer which B<MUST NOT> be freed by the
76 extension.
78 X509v3_delete_ext() deletes the extension with index I<loc> from I<x>.
79 The deleted extension is returned and must be freed by the caller.
106 Applications that want to parse or encode and add an extension should
107 use the extension encode and decode functions instead, such as
112 is not an error since extension STACK I<x> indices start from zero.
118 because these functions do not free the extension they delete.
124 X509v3_get_ext_count() returns the extension count or 0 for failure.
[all …]
|
| H A D | X509_get_extension_flags.pod | 15 X509_get_proxy_pathlen - retrieve certificate extension data
38 This extension is used to limit the length of a cert chain that may be
52 The certificate contains a basic constraints extension.
73 The freshest CRL extension is present in the certificate.
77 The certificate contains an unhandled critical extension.
81 Some certificate extension values are invalid or inconsistent.
94 The NID_certificate_policies certificate extension is invalid or
140 B<NULL> if the extension is not present or cannot be parsed.
144 extension is not present or cannot be parsed.
161 information an application should examine extension values directly
[all …]
|
| H A D | X509V3_set_ctx.pod | 6 X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
28 instance as a reference for generating the authority key identifier extension.
32 extension will be taken from any value provided using X509V3_set_issuer_pkey().
35 extension definitions is to be checked without actually producing any extension,
36 or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
38 extension with the same OID.
44 to provide fallback data for the authority key identifier extension.
|
| H A D | SSL_CTX_use_serverinfo.pod | 8 - use serverinfo extension
26 "serverinfo" extension is returned in response to an empty ClientHello
37 extensions to be added to a Certificate message, then the extension will only
55 B<file> into B<ctx>. The extensions must be in PEM format. Each extension
57 PEM extension name must begin with the phrase "BEGIN SERVERINFOV2 FOR " for
61 SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
63 loaded serverinfo extension data will be loaded for that certificate. To
64 use the serverinfo extension for multiple certificates,
|
| H A D | OPENSSL_ia32cap.pod | 51 =item bit #57 denoting AES-NI instruction set extension;
58 =item bit #60 denoting AVX extension;
98 =item bit #64+16 denoting availability of AVX512F extension;
100 =item bit #64+17 denoting availability of AVX512DQ extension;
107 aka AVX512IFMA extension;
109 =item bit #64+29 denoting availability of SHA extension;
111 =item bit #64+30 denoting availability of AVX512BW extension;
113 =item bit #64+31 denoting availability of AVX512VL extension;
115 =item bit #64+41 denoting availability of VAES extension;
117 =item bit #64+42 denoting availability of VPCLMULQDQ extension;
|
| H A D | X509_check_ca.pod | 22 CA certificate with B<basicConstraints> extension CA:TRUE,
24 B<keyUsage> extension with bit B<keyCertSign> set, but without
26 extension telling that it is CA certificate.
|
| H A D | OPENSSL_riscvcap.pod | 14 extensions are denoted by individual extension names in the capabilities
25 of the environment variable parser inside libcrypto, an extension must be
27 Vector extension.
31 Note that extension implication is currently not implemented.
198 Only enable the vector extension:
|
| H A D | SSL_set1_server_cert_type.pod | 30 set the values for the client certificate type extension.
32 retrieve the local values to be used in the client certificate type extension.
35 set the values for the server certificate type extension.
37 retrieve the local values to be used in the server certificate type extension.
83 If B<val> is set to a non-NULL value, then the extension is sent in the handshake.
84 If b<val> is set to a NULL value (and B<len> is 0), then the extension is
85 disabled. The default value is NULL, meaning the extension is not sent, and
|
| H A D | SSL_CTX_has_client_custom_ext.pod | 6 client extension type
17 client extension of type B<ext_type> using SSL_CTX_add_client_custom_ext().
|
| H A D | SSL_CTX_set_tlsext_servername_callback.pod | 31 the servername extension received in the incoming connection. When B<cb>
107 =item On the server, after the servername extension has been processed and a
113 =item On the server, after the servername extension has been processed and a
121 Note that the ClientHello callback occurs before a servername extension from the
123 a servername extension from the client is processed.
129 SSL_set_tlsext_host_name() sets the server name indication ClientHello extension
130 to contain the value B<name>. The type of server name indication extension is set
|
| H A D | OPENSSL_s390xcap.pod | 36 implements the corresponding instruction set extension. Possible values
75 # 76 1<<51 message-security assist extension 3
76 # 77 1<<50 message-security assist extension 4
81 #146 1<<45 message-security assist extension 8
82 #155 1<<36 message-security assist extension 9
|
| H A D | X509_STORE_CTX_get_error.pod | 268 extension does not permit certificate signing.
275 =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension>
277 Unhandled critical extension.
285 Unhandled critical CRL extension.
309 invalid or inconsistent certificate extension>
311 A certificate extension had an invalid value (for example an incorrect
315 invalid or inconsistent certificate policy extension>
317 A certificate policies extension had an invalid value (for example an incorrect
332 Some feature of a certificate extension is not supported. Unused.
349 A certificate name constraints extension included a minimum or maximum field:
[all …]
|
| H A D | SSL_CTX_set_client_hello_cb.pod | 59 from the ClientHello on a per-extension basis. For the provided wire
60 protocol extension type value, the extension value and length are returned
68 holding the numerical value of the TLS extension types in the order they appear
91 allow the server to examine the server name indication extension provided
121 SSL_client_hello_get0_ext() returns 1 if the extension of type 'type' is present, and
|
| H A D | SSL_CTX_set_tlsext_use_srtp.pod | 24 the "use_srtp" DTLS extension defined in RFC5764. This provides a mechanism for
29 extension is only supported in DTLS. Any SRTP configuration will be ignored if a
32 An OpenSSL client wishing to send the "use_srtp" extension should call
95 An OpenSSL server wishing to support the "use_srtp" extension should also call
|
| /openssl/test/ssl-tests/ |
| H A D | 13-fragmentation.cnf | 22 test-17 = 17-Maximum Fragment Len extension equal FragmentSize to 2048
23 test-18 = 18-Maximum Fragment Len extension 512 lower than FragmentSize 1024
24 test-19 = 19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024
440 [17-Maximum Fragment Len extension equal FragmentSize to 2048]
443 [17-Maximum Fragment Len extension equal FragmentSize to 2048-ssl]
447 [17-Maximum Fragment Len extension equal FragmentSize to 2048-server]
452 [17-Maximum Fragment Len extension equal FragmentSize to 2048-client]
468 [18-Maximum Fragment Len extension 512 lower than FragmentSize 1024]
496 [19-Maximum Fragment Len extension 1024 lower than FragmentSize 1024]
524 [20-Maximum Fragment Len extension 4096 greater than FragmentSize 2048]
[all …]
|
| H A D | 13-fragmentation.cnf.in | 191 name => "Maximum Fragment Len extension set to 1024 w. FragmentSize disabled",
204 name => "Maximum Fragment Len extension equal FragmentSize to 2048",
217 name => "Maximum Fragment Len extension 512 lower than FragmentSize 1024",
230 name => "Maximum Fragment Len extension 1024 lower than FragmentSize 1024",
243 name => "Maximum Fragment Len extension 4096 greater than FragmentSize 2048",
256 name => "Maximum Fragment Len extension 2048 greater than FragmentSize 1024",
|
| /openssl/doc/man5/ |
| H A D | x509v3_config.pod | 20 Each entry in the extension section takes the form:
31 There are four main types of extension:
96 the extension but should be documented.
99 If an extension type is unsupported, then the I<arbitrary> extension syntax
124 or omit the extension entirely.
181 No SKID extension will be included.
386 This extension should only appear in CRLs. It is a multi-valued extension
428 certificate extension.
524 This is a multi-valued extension consisting of a list of TLS extension
527 include that extension in its reply.
[all …]
|
| /openssl/util/perl/TLSProxy/ |
| H A D | ClientHello.pm | 147 my $extension = "";
150 $extension .= pack("n", $key);
151 $extension .= pack("n", length($extdata));
152 $extension .= $extdata;
153 return $extension;
|
| /openssl/doc/man1/ |
| H A D | openssl-verification-options.pod | 49 In particular, the subject key identifier extension, if present,
128 If the subject certificate has an authority key identifier extension,
179 the keyUsage extension (if present) of the candidate issuer certificate
283 CA certificates must explicitly include the keyUsage extension.
304 If a subjectAlternativeName extension is given it must not be empty.
328 Normally if an unhandled critical extension is present that is not
562 If the basicConstraints extension is absent,
571 If the keyUsage extension is present then additional restraints are
573 keyCertSign bit set if the keyUsage extension is present.
577 The extKeyUsage (EKU) extension places additional restrictions on the
[all …]
|
| H A D | tsget.pod | 11 [B<-e> I<extension>]
56 =item B<-e> I<extension>
58 If the B<-o> option is not given this argument specifies the extension of the
60 the input files. Default extension is F<.tsr>. (Optional)
68 of the input files and the default or specified extension argument. (Optional)
|
| /openssl/ssl/ |
| H A D | ssl_rsa.c | 747 const unsigned char *extension, in extension_append() argument
761 memcpy(serverinfo + contextoff, extension, extension_length); in extension_append()
837 unsigned char *extension = 0; in SSL_CTX_use_serverinfo_file() local
865 if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) in SSL_CTX_use_serverinfo_file()
901 || (extension[2] << 8) + extension[3] in SSL_CTX_use_serverinfo_file()
909 || (extension[6] << 8) + extension[7] in SSL_CTX_use_serverinfo_file()
921 extension_append(version, extension, extension_length, in SSL_CTX_use_serverinfo_file()
929 OPENSSL_free(extension); in SSL_CTX_use_serverinfo_file()
930 extension = NULL; in SSL_CTX_use_serverinfo_file()
939 OPENSSL_free(extension); in SSL_CTX_use_serverinfo_file()
|
| /openssl/doc/designs/quic-design/ |
| H A D | quic-tls.md | 133 QUIC requires the use of a TLS extension in order to send and receive "transport
136 extension to be sent in the ClientHello and receives them back from the peer in
147 * It supplies callbacks to register a custom TLS extension
221 ### Custom TLS extension
223 Libssl already has the ability for an application to supply a custom extension
226 mechanism is used for supporting QUIC transport parameters. An extension
230 The custom extension API enables the caller to supply `add`, `free` and `parse`
|
