| /openssl/test/ |
| H A D | verify_extra_test.c | 66 STACK_OF(X509) *untrusted = NULL; in test_alt_chains_cert_forgery()
81 untrusted = load_certs_pem(untrusted_f); in test_alt_chains_cert_forgery()
90 if (!X509_STORE_CTX_init(sctx, store, x, untrusted)) in test_alt_chains_cert_forgery()
102 OSSL_STACK_OF_X509_free(untrusted); in test_alt_chains_cert_forgery()
231 STACK_OF(X509) *untrusted = sk_X509_new_null(); in do_test_purpose()
239 || !TEST_ptr(untrusted) in do_test_purpose()
247 if (!TEST_true(sk_X509_push(untrusted, untrcert))) in do_test_purpose()
251 if (!TEST_true(X509_STORE_CTX_init(ctx, NULL, eecert, untrusted))) in do_test_purpose()
270 OSSL_STACK_OF_X509_free(untrusted); in do_test_purpose()
|
| /openssl/test/recipes/80-test_cmp_http_data/ |
| H A D | test_verification.csv | 1 …n,val, -recipient,val, -expect_sender,val, -srvcert,val, -trusted,val, -untrusted,val, -ignore_key…
43 0,untrusted missing arg, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrust…
44 1,untrusted not matching cert, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -u…
45 0,untrusted empty file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untruste…
46 0,untrusted random file, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, -untrust…
47 0,untrusted file does not exist, -section,, -recipient,_CA_DN,BLANK,,BLANK,, -trusted,trusted.crt, …
|
| /openssl/test/recipes/ |
| H A D | 80-test_ocsp.t | 34 my $untrusted = shift;
35 if ($untrusted eq "") {
36 $untrusted = $CAfile;
49 "-verify_other", catfile($ocspdir, $untrusted),
|
| H A D | 60-test_x509_store.t | 29 my ($cert, $purpose, $trustedpath, $untrusted, @opts) = @_;
34 for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
|
| H A D | 25-test_verify.t | 21 my ($cert, $purpose, $trusted, $untrusted, @opts) = @_;
27 for (@$untrusted) { push(@args, "-untrusted", srctop_file(@path, "$_.pem")) }
|
| /openssl/crypto/cmp/ |
| H A D | cmp_genm.c | 191 STACK_OF(X509) *untrusted = X509_STORE_CTX_get0_untrusted(store_ctx); in selfsigned_verify_cb()
197 for (i = 0; i < sk_X509_num(untrusted); i++) { in selfsigned_verify_cb()
198 cert = sk_X509_value(untrusted, i); in selfsigned_verify_cb()
226 X509_STORE *ts, STACK_OF(X509) *untrusted, in verify_ss_cert()
238 || !X509_STORE_CTX_init(csc, ts, target, untrusted)) in verify_ss_cert()
254 STACK_OF(X509) *untrusted = NULL; in verify_ss_cert_trans()
268 && !ossl_x509_add_cert_new(&untrusted, trans, X509_ADD_FLAG_UP_REF)) in verify_ss_cert_trans()
273 ts, untrusted, target); in verify_ss_cert_trans()
281 sk_X509_pop_free(untrusted, X509_free); in verify_ss_cert_trans()
|
| H A D | cmp_vfy.c | 125 cert, ctx->untrusted)) in OSSL_CMP_validate_cert_path()
438 if (check_msg_with_certs(ctx, ctx->untrusted, "untrusted certs", in check_msg_all_certs()
451 msg->extraCerts, ctx->untrusted, in check_msg_all_certs()
756 num_untrusted = ctx->untrusted == NULL ? 0 : sk_X509_num(ctx->untrusted); in ossl_cmp_msg_check_update()
757 res = ossl_x509_add_certs_new(&ctx->untrusted, msg->extraCerts, in ossl_cmp_msg_check_update()
761 num_added = (ctx->untrusted == NULL ? 0 : sk_X509_num(ctx->untrusted)) in ossl_cmp_msg_check_update()
765 X509_free(sk_X509_shift(ctx->untrusted)); in ossl_cmp_msg_check_update()
783 X509_free(sk_X509_shift(ctx->untrusted)); in ossl_cmp_msg_check_update()
|
| H A D | cmp_ctx.c | 65 DEFINE_OSSL_CMP_CTX_get0(untrusted, STACK_OF(X509))
73 STACK_OF(X509) *untrusted = NULL;
79 if (!ossl_x509_add_certs_new(&untrusted, certs,
82 OSSL_STACK_OF_X509_free(ctx->untrusted);
83 ctx->untrusted = untrusted;
86 OSSL_STACK_OF_X509_free(untrusted);
128 if ((ctx->untrusted = sk_X509_new_null()) == NULL) { in OSSL_CMP_CTX_new()
214 OSSL_STACK_OF_X509_free(ctx->untrusted); in OSSL_CMP_CTX_free()
710 if (!ossl_x509_add_certs_new(&ctx->untrusted, candidates, in DEFINE_OSSL_set1_up_ref()
715 chain = X509_build_chain(ctx->cert, ctx->untrusted, own_trusted, 0, in DEFINE_OSSL_set1_up_ref()
|
| /openssl/crypto/ts/ |
| H A D | ts_rsp_verify.c | 19 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
93 STACK_OF(X509) *untrusted = NULL; in TS_RESP_verify_signature()
130 untrusted = sk_X509_new_reserve(NULL, sk_X509_num(certs) in TS_RESP_verify_signature()
132 if (untrusted == NULL in TS_RESP_verify_signature()
133 || !X509_add_certs(untrusted, certs, 0) in TS_RESP_verify_signature()
134 || !X509_add_certs(untrusted, token->d.sign->cert, 0)) in TS_RESP_verify_signature()
136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature()
162 sk_X509_free(untrusted); in TS_RESP_verify_signature()
173 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, in ts_verify_cert() argument
186 if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted)) in ts_verify_cert()
|
| /openssl/crypto/ocsp/ |
| H A D | ocsp_vfy.c | 32 STACK_OF(X509) *untrusted, STACK_OF(X509) **chain) in ocsp_verify_signer()
42 if (!X509_STORE_CTX_init(ctx, st, signer, untrusted)) { in ocsp_verify_signer()
103 STACK_OF(X509) *untrusted = NULL; in OCSP_basic_verify()
118 if ((untrusted = sk_X509_dup(bs->certs)) == NULL) in OCSP_basic_verify()
120 if (!X509_add_certs(untrusted, certs, X509_ADD_FLAG_DEFAULT)) in OCSP_basic_verify()
123 ret = ocsp_verify_signer(signer, 1, st, flags, untrusted, &chain); in OCSP_basic_verify()
158 sk_X509_free(untrusted); in OCSP_basic_verify()
|
| /openssl/doc/man1/ |
| H A D | openssl-verify.pod.in | 17 [B<-untrusted> I<filename>|I<uri>]
52 successful). Certificates in the chain that came from the untrusted list will be
53 flagged as "untrusted".
67 =item B<-untrusted> I<filename>|I<uri>
69 A file or URI of untrusted certificates to use for chain building.
84 B<-trusted>, B<-untrusted> or B<-CRLfile> options.
|
| H A D | openssl-pkcs12.pod.in | 53 [B<-untrusted> I<filename>]
271 and B<-untrusted>.
282 as well as any untrusted CA certificates given with the B<-untrusted> option.
284 =item B<-untrusted> I<filename>
286 An input file of untrusted certificates that may be used
|
| /openssl/apps/ |
| H A D | verify.c | 82 STACK_OF(X509) *untrusted = NULL, *trusted = NULL; in verify_main()
148 if (!load_certs(opt_arg(), 0, &untrusted, NULL, in verify_main()
224 if (check(store, NULL, untrusted, trusted, crls, show_chain, in verify_main()
229 if (check(store, argv[i], untrusted, trusted, crls, show_chain, in verify_main()
237 OSSL_STACK_OF_X509_free(untrusted); in verify_main()
|
| H A D | ts.c | 68 char *untrusted, X509_VERIFY_PARAM *vpm);
73 char *untrusted,
162 char *untrusted = NULL; in ts_main() local
277 untrusted = opt_arg(); in ts_main()
342 CApath, CAfile, CAstore, untrusted, in ts_main()
855 const char *CAstore, char *untrusted, in verify_command() argument
875 CApath, CAfile, CAstore, untrusted, in verify_command()
903 char *untrusted, in create_verify_ctx() argument
957 if (untrusted != NULL) { in create_verify_ctx()
958 certs = load_certs_multifile(untrusted, NULL, "extra untrusted certs", in create_verify_ctx()
|
| H A D | pkcs12.c | 165 char *untrusted = NULL, *ciphername = NULL, *enc_name = NULL; in pkcs12_main() local
313 untrusted = opt_arg(); in pkcs12_main()
412 if (untrusted != NULL) in pkcs12_main()
602 if (untrusted != NULL) { in pkcs12_main()
603 if (!load_certs(untrusted, 0, &untrusted_certs, passcerts, in pkcs12_main()
|
| /openssl/crypto/pkcs7/ |
| H A D | pk7_smime.c | 220 STACK_OF(X509) *untrusted = NULL; in PKCS7_verify()
279 if (!ossl_x509_add_certs_new(&untrusted, certs, X509_ADD_FLAG_NO_DUP)) in PKCS7_verify()
283 && !ossl_x509_add_certs_new(&untrusted, included_certs, in PKCS7_verify()
289 if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted)) { in PKCS7_verify()
363 sk_X509_free(untrusted); in PKCS7_verify()
|
| H A D | pk7_doit.c | 1006 STACK_OF(X509) *untrusted; in PKCS7_dataVerify()
1021 untrusted = p7->d.sign->cert; in PKCS7_dataVerify()
1024 untrusted = p7->d.signed_and_enveloped->cert; in PKCS7_dataVerify()
1035 signer = X509_find_by_issuer_and_serial(untrusted, ias->issuer, ias->serial); in PKCS7_dataVerify()
1044 if (!X509_STORE_CTX_init(ctx, cert_store, signer, untrusted)) { in PKCS7_dataVerify()
|
| /openssl/crypto/cms/ |
| H A D | cms_smime.c | 264 STACK_OF(X509) *untrusted, in cms_signerinfo_verify_cert()
280 if (!X509_STORE_CTX_init(ctx, store, signer, untrusted)) { in cms_signerinfo_verify_cert()
312 STACK_OF(X509) *untrusted = NULL; in CMS_verify()
364 if (!ossl_cms_get1_certs_ex(cms, &untrusted)) in CMS_verify()
367 && !ossl_x509_add_certs_new(&untrusted, certs, in CMS_verify()
378 if (!cms_signerinfo_verify_cert(si, store, untrusted, crls, in CMS_verify()
494 sk_X509_pop_free(untrusted, X509_free); in CMS_verify()
|
| /openssl/doc/man3/ |
| H A D | X509_STORE_CTX_new.pod | 34 X509 *target, STACK_OF(X509) *untrusted);
99 and a list of additional certificates may be provided in I<untrusted>,
100 which will be untrusted but may be used to build the chain.
103 Each of the I<trust_store>, I<target> and I<untrusted> parameters can be NULL.
108 list of untrusted certificates as its verification target,
158 stack of untrusted certificates associated with I<ctx>.
161 of untrusted certificates associated with I<ctx> to I<sk>.
165 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
302 X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
|
| H A D | PKCS7_verify.pod | 23 as a source of untrusted intermediate CA certificates for chain building.
24 I<p7> may contain extra untrusted CA certificates that may be used for
58 L<PKCS7_add_certificate(3)>, are used as untrusted CAs unless B<PKCS7_NOCHAIN>
88 not used as untrusted CAs. This means that the whole verify chain (apart from
|
| H A D | CMS_verify.pod | 30 as a source of untrusted intermediate CA certificates for chain building.
31 I<cms> may contain extra untrusted CA certificates that may be used for
44 The optional I<extra> parameter may be used to provide untrusted CA
71 L<CMS_add1_cert(3)>, are used as untrusted CAs.
|
| H A D | X509_STORE_CTX_set_verify_cb.pod | 81 verify and, if appropriate, of the available untrusted and trusted certificates.
112 because B<any> certificate (including untrusted generated ones) will be
|
| /openssl/demos/certs/apps/ |
| H A D | mkacerts.sh | 48 opensslcmd verify -CAfile root.pem -untrusted intca.pem \
|
| /openssl/test/recipes/80-test_cmp_http_data/Mock/ |
| H A D | test.cnf | 80 untrusted =
|
| /openssl/crypto/x509/ |
| H A D | x509_vfy.c | 280 if (ctx->cert == NULL && sk_X509_num(ctx->untrusted) >= 1) in X509_STORE_CTX_verify()
281 ctx->cert = sk_X509_value(ctx->untrusted, 0); in X509_STORE_CTX_verify()
1437 for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { in crl_akid_check()
1438 crl_issuer = sk_X509_value(ctx->untrusted, i); in crl_akid_check()
1463 if (!X509_STORE_CTX_init(&crl_ctx, ctx->store, x, ctx->untrusted)) in check_crl_path()
2513 ctx->untrusted = chain; in X509_STORE_CTX_init()
2708 return ctx->untrusted; in STACK_OF()
2713 ctx->untrusted = sk; in X509_STORE_CTX_set0_untrusted()
3310 search = ctx->untrusted != NULL ? S_DOUNTRUSTED : 0; in build_chain()
3340 if (!X509_add_certs(sk_untrusted, ctx->untrusted, X509_ADD_FLAG_DEFAULT)) { in build_chain()
|
