| /openssl/test/recipes/80-test_cmp_http_data/ |
| H A D | test_credentials.csv | 9 1,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keyp…
15 0,keypass missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,,BLANK,…
16 0,keypass empty string, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:,…
17 1,keypass no prefix, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,12345,BLA…
18 0,keypass prefix wrong, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,:12345…
19 0,wrong keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123456,B…
23 0,no keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12,BLANK,,BLANK,,BLANK,,BLANK…
38 1,default sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,B…
39 1,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BL…
41 0,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123…
[all …]
|
| H A D | test_commands.csv | 50 1,geninfo, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -gen…
51 0,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:1…
52 0,geninfo bad syntax: leading '.', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass…
53 0,geninfo bad syntax: missing ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass…
54 0,geninfo bad syntax: double ':', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,…
55 0,geninfo bad syntax: missing ':int', -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keyp…
|
| H A D | test_verification.csv | 26 0,wrong srvcert, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt, -trusted,"""",BLANK,,BLANK…
32 …A_DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK, -secret,"""", -ce…
|
| /openssl/crypto/ocsp/ |
| H A D | ocsp_vfy.c | 88 ret = OCSP_REQUEST_verify(req, skey, signer->libctx, signer->propq); in ocsp_verify()
90 ret = OCSP_BASICRESP_verify(bs, skey, signer->libctx, signer->propq); in ocsp_verify()
101 X509 *signer, *x; in OCSP_basic_verify() local
171 X509 *signer; in ocsp_find_signer() local
175 *psigner = signer; in ocsp_find_signer()
180 *psigner = signer; in ocsp_find_signer()
225 X509 *signer, *sca; in ocsp_check_issuer() local
388 X509 *signer; in OCSP_request_verify() local
425 X509 *signer; in ocsp_req_find_signer() local
429 if (signer != NULL) { in ocsp_req_find_signer()
[all …]
|
| H A D | ocsp_srv.c | 168 X509 *signer, EVP_MD_CTX *ctx, in OCSP_basic_sign_ctx() argument
180 if (pkey == NULL || !X509_check_private_key(signer, pkey)) { in OCSP_basic_sign_ctx()
186 if (!OCSP_basic_add1_cert(brsp, signer) in OCSP_basic_sign_ctx()
193 if (!OCSP_RESPID_set_by_key(rid, signer)) in OCSP_basic_sign_ctx()
195 } else if (!OCSP_RESPID_set_by_name(rid, signer)) { in OCSP_basic_sign_ctx()
216 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, in OCSP_basic_sign() argument
227 signer->libctx, signer->propq, key, NULL)) { in OCSP_basic_sign()
231 i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags); in OCSP_basic_sign()
|
| H A D | ocsp_cl.c | 81 X509 *signer, in OCSP_request_sign() argument
86 if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) in OCSP_request_sign()
92 if (!X509_check_private_key(signer, key)) { in OCSP_request_sign()
97 if (!OCSP_REQUEST_sign(req, key, dgst, signer->libctx, signer->propq)) in OCSP_request_sign()
102 if (!OCSP_request_add1_cert(req, signer) in OCSP_request_sign()
|
| /openssl/crypto/ts/ |
| H A D | ts_rsp_verify.c | 20 X509 *signer, STACK_OF(X509) **chain);
95 X509 *signer; in TS_RESP_verify_signature() local
128 signer = sk_X509_value(signers, 0); in TS_RESP_verify_signature()
136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature()
146 j = PKCS7_signatureVerify(p7bio, token, si, signer); in TS_RESP_verify_signature()
153 *signer_out = signer; in TS_RESP_verify_signature()
154 X509_up_ref(signer); in TS_RESP_verify_signature()
172 X509 *signer, STACK_OF(X509) **chain) in ts_verify_cert() argument
295 X509 *signer = NULL; in int_ts_RESP_verify_token() local
338 && !ts_check_signer_name(ctx->tsa_name, signer)) { in int_ts_RESP_verify_token()
[all …]
|
| /openssl/test/ |
| H A D | ocspapitest.c | 115 X509 *signer = NULL, *tmp; in test_resp_signer() local
128 || !TEST_true(get_cert_and_key(&signer, &key)) in test_resp_signer()
129 || !TEST_true(sk_X509_push(extra_certs, signer)) in test_resp_signer()
130 || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), in test_resp_signer()
134 || !TEST_int_eq(X509_cmp(tmp, signer), 0)) in test_resp_signer()
142 || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), in test_resp_signer()
146 || !TEST_int_eq(X509_cmp(tmp, signer), 0)) in test_resp_signer()
152 X509_free(signer); in test_resp_signer()
|
| /openssl/crypto/pkcs7/ |
| H A D | pk7_smime.c | 217 X509 *signer; in PKCS7_verify() local
276 signer = sk_X509_value(signers, k); in PKCS7_verify()
340 signer = sk_X509_value(signers, i); in PKCS7_verify()
341 j = PKCS7_signatureVerify(p7bio, p7, si, signer); in PKCS7_verify()
367 X509 *signer; in STACK_OF() local
397 signer = NULL; in STACK_OF()
400 signer = X509_find_by_issuer_and_serial(certs, in STACK_OF()
402 if (!signer && !(flags & PKCS7_NOINTERN) in STACK_OF()
404 signer = in STACK_OF()
407 if (!signer) { in STACK_OF()
[all …]
|
| /openssl/crypto/cms/ |
| H A D | cms_sd.c | 355 X509_check_purpose(signer, -1, -1); in CMS_add1_signer()
357 X509_up_ref(signer); in CMS_add1_signer()
362 si->signer = signer; in CMS_add1_signer()
595 if (si->signer != NULL) { in STACK_OF()
608 if (signer != NULL) { in CMS_SignerInfo_set1_signer_cert()
609 X509_up_ref(signer); in CMS_SignerInfo_set1_signer_cert()
613 X509_free(si->signer); in CMS_SignerInfo_set1_signer_cert()
614 si->signer = signer; in CMS_SignerInfo_set1_signer_cert()
646 if (si->signer != NULL) in CMS_set1_signers_certs()
682 if (signer != NULL) in CMS_SignerInfo_get0_algs()
[all …]
|
| H A D | cms_smime.c | 268 X509 *signer; in cms_signerinfo_verify_cert() local
277 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); in cms_signerinfo_verify_cert()
278 if (!X509_STORE_CTX_init(ctx, store, signer, certs)) { in cms_signerinfo_verify_cert()
312 X509 *signer; in CMS_verify() local
338 CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); in CMS_verify()
339 if (signer) in CMS_verify()
|
| /openssl/doc/man3/ |
| H A D | CMS_get0_SignerInfos.pod | 8 - CMS signedData signer functions
20 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
27 CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier
37 CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer
42 B<signer>.
52 CMS. It will then obtain the signer certificate by some unspecified means
56 Once all signer certificates have been set CMS_verify() can be used.
|
| H A D | PKCS7_verify.pod | 20 the signer's certificate. B<store> is a trusted certificate store (used for
28 PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
45 An attempt is made to locate all the signer's certificates, first looking in
47 contained in the B<p7> structure itself. If any signer's certificates cannot be
50 Each signer's certificate is chain verified using the B<smimesign> purpose and
64 searched when locating the signer's certificate. This means that all the signers
71 If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
75 the signer's certificate) must be contained in the trusted store.
83 in the B<certs> parameter. In this case if the signer is not one of the
85 signer cannot be found.
[all …]
|
| H A D | PKCS7_sign_add_signer.pod | 5 PKCS7_sign_add_signer - add a signer PKCS7 signed data structure
17 PKCS7_sign_add_signer() adds a signer with certificate B<signcert> and private
44 digest value from the PKCS7 structure: to add a signer to an existing structure.
53 If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
54 PKCS7 structure, the signer's certificate must still be supplied in the
|
| H A D | OCSP_resp_find_status.pod | 40 int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
116 signed and that the signer certificate can be validated. It takes I<st> as
118 The function first tries to find the signer certificate of the response
121 It fails if the signer certificate cannot be found.
124 success if I<flags> contains B<OCSP_NOVERIFY> or if the signer certificate
126 Otherwise the function continues by validating the signer certificate.
133 and uses them for constructing the validation path for the signer certificate.
135 if the signer certificate contains the B<id-pkix-ocsp-no-check> extension.
138 Otherwise it verifies that the signer certificate meets the OCSP issuer
|
| H A D | CMS_add1_signer.pod | 5 CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure
19 CMS_add1_signer() adds a signer with certificate B<signcert> and private
51 digest value from the CMS_ContentInfo structure: to add a signer to an existing
61 If B<CMS_NOCERTS> is set the signer's certificate will not be included in the
62 CMS_ContentInfo structure, the signer's certificate must still be supplied in
|
| H A D | OCSP_response_status.pod | 28 int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
31 int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
75 OCSP_basic_sign() signs OCSP response I<brsp> using certificate I<signer>, private key
|
| H A D | CMS_verify.pod | 93 If B<CMS_CADES> is set, each signer certificate is checked against the
103 in the I<certs> parameter. In this case if the signer is not one of the
105 signer cannot be found.
121 signer it cannot be trusted without additional evidence (such as a trusted
|
| H A D | OCSP_REQUEST_new.pod | 19 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
39 B<signer>, private key B<key>, digest B<dgst> and additional certificates
|
| /openssl/doc/man1/ |
| H A D | openssl-smime.pod.in | 23 [B<-signer> I<file>]
239 =item B<-signer> I<file>
327 signer using the same message digest or this operation will fail.
375 -signer mycert.pem
380 -signer mycert.pem
386 -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
391 -signer mycert.pem -signer othercert.pem
395 openssl smime -sign -in in.txt -text -signer mycert.pem \
411 openssl smime -sign -in ml.txt -signer my.pem -text \
443 Add a signer to an existing message:
[all …]
|
| H A D | openssl-cms.pod.in | 79 [B<-signer> I<file>]
93 [B<-signer> I<file>]
448 =item B<-signer> I<file>
451 used multiple times if more than one signer is required.
514 =item B<-signer> I<file>
781 -signer mycert.pem
786 -signer mycert.pem
797 -signer mycert.pem -signer othercert.pem -keyid
817 openssl cms -sign -in ml.txt -signer my.pem -text \
849 Add a signer to an existing message:
[all …]
|
| /openssl/test/recipes/80-test_cmp_http_data/Mock/ |
| H A D | test.cnf | 32 newkey = signer.key
38 cert = signer.crt
39 key = signer.p12
|
| /openssl/apps/ |
| H A D | smime.c | 140 X509 *cert = NULL, *recip = NULL, *signer = NULL; in smime_main() local
576 signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); in smime_main()
577 if (signer == NULL) in smime_main()
583 if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) in smime_main()
585 X509_free(signer); in smime_main()
586 signer = NULL; in smime_main()
663 X509_free(signer); in smime_main()
|
| H A D | ts.c | 51 const EVP_MD *md, const char *signer, const char *chain,
57 const char *inkey, const EVP_MD *md, const char *signer,
169 char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; in ts_main() local
262 signer = opt_arg(); in ts_main()
335 password, inkey, md, signer, chain, policy, in ts_main()
590 const EVP_MD *md, const char *signer, const char *chain, in reply_command() argument
612 passin, inkey, md, signer, chain, policy); in reply_command()
698 const char *inkey, const EVP_MD *md, const char *signer, in create_response() argument
718 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) in create_response()
|
| H A D | cms.c | 290 X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL; in cms_main() local
872 if ((signer = load_cert(signerfile, FORMAT_UNDEF, in cms_main()
1060 srcms = CMS_sign_receipt(si, signer, key, other, flags); in cms_main()
1100 signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); in cms_main()
1101 if (signer == NULL) { in cms_main()
1117 si = CMS_add1_signer(cms, signer, key, sign_md, tflags); in cms_main()
1128 X509_free(signer); in cms_main()
1129 signer = NULL; in cms_main()
1296 X509_free(signer); in cms_main()
|
