| /openssl/test/ |
| H A D | danetest.in | 55 issuer=
70 issuer=
85 issuer=
100 issuer=
115 issuer=
130 issuer=
145 issuer=
160 issuer=
175 issuer=
190 issuer=
[all …]
|
| H A D | dane-cross.in | 26 issuer=CN = CA
49 issuer=CN = Root CA
71 issuer=CN = Cross Root
93 issuer=CN = Cross Root
|
| H A D | ca-and-certs.cnf | 38 authorityKeyIdentifier = keyid,issuer:always
88 authorityKeyIdentifier = keyid:always,issuer:always
91 issuerAltName = issuer:copy
|
| /openssl/doc/man3/ |
| H A D | X509_check_issued.pod | 12 int X509_check_issued(X509 *issuer, X509 *subject);
18 using (CA) certificate I<issuer>. This function takes into account not only
19 matching of the issuer field of I<subject> with the subject field of I<issuer>,
22 serial number, and issuer fields of I<issuer>, as far as present. It also checks
23 if the B<keyUsage> field (if present) of I<issuer> allows certificate signing.
25 if the I<issuer> or the I<subject> are incomplete certificates.
|
| H A D | OCSP_cert_to_id.pod | 13 X509 *subject, X509 *issuer);
33 message digest B<dgst> for certificate B<subject> with issuer B<issuer>. If
37 issuer name B<issuerName>, issuer key hash B<issuerKey> and serial number
45 OCSP_id_issuer_cmp() compares only the issuer name of B<OCSP_CERTID> B<a> and B<b>.
47 OCSP_id_get0_info() returns the issuer name hash, hash OID, issuer key hash and
|
| H A D | X509_STORE_set_verify_cb_func.pod | 43 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
46 X509 *x, X509 *issuer);
152 to I<*issuer> and then return 1.
158 certificate I<x> is issued by the issuer certificate I<issuer>.
160 been issued with I<issuer>) and 1 on success.
161 I<If no function to get the issuer is provided, the internal default
169 I<If no function to get the issuer is provided, the internal default
176 I<If no function to get the issuer is provided, the internal default
182 I<If no function to get the issuer is provided, the internal default
188 I<If no function to get the issuer is provided, the internal default
[all …]
|
| H A D | X509V3_set_ctx.pod | 12 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
27 If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for
29 I<issuer> may be the same pointer value as I<subject> (which usually is an
40 X509V3_set_issuer_pkey() explicitly sets the issuer private key of
42 This should be done in case the I<issuer> and I<subject> arguments to
|
| H A D | OSSL_CMP_ITAV_new_caCerts.pod | 40 const GENERAL_NAMES *issuer,
45 DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
99 or a copy of the certificate issuer I<issuer>, while giving both is an error.
106 Any available distribution point name is preferred over issuer names.
109 candidate issuer names are taken from following sources, as far as present:
137 =item the issuer field of the authority key identifier of I<cert>,
139 =item the issuer DN of I<cert>,
141 =item the issuer field of the authority key identifier of I<crl>, and
143 =item the issuer DN of I<crl>.
147 If <only_DN> is set, a candidate issuer name of type B<GENERAL_NAMES> is
[all …]
|
| H A D | X509_STORE_CTX_get_error.pod | 138 unable to decode issuer public key>
206 unable to get local issuer certificate>
208 The issuer certificate could not be found: this occurs if the issuer certificate
226 issuer certificate doesn't have a public key>
228 The issuer certificate does not have a public key.
249 did not match the issuer name of the current certificate.
259 authority and issuer serial number mismatch>
261 The current candidate issuer certificate was rejected because its issuer name
272 unable to get CRL issuer certificate>
274 Unable to get CRL issuer certificate.
[all …]
|
| /openssl/crypto/ct/ |
| H A D | ct_policy.c | 63 X509_free(ctx->issuer); in CT_POLICY_EVAL_CTX_free()
76 int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer) in CT_POLICY_EVAL_CTX_set1_issuer() argument
78 if (!X509_up_ref(issuer)) in CT_POLICY_EVAL_CTX_set1_issuer()
80 ctx->issuer = issuer; in CT_POLICY_EVAL_CTX_set1_issuer()
102 return ctx->issuer; in CT_POLICY_EVAL_CTX_get0_issuer()
|
| /openssl/crypto/x509/ |
| H A D | v3_akid.c | 52 if (!X509V3_add_value((akeyid->issuer || akeyid->serial) ? "keyid" : NULL, in STACK_OF()
60 if (akeyid->issuer) { in STACK_OF()
61 tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); in STACK_OF()
100 char keyid = 0, issuer = 0; in v2i_AUTHORITY_KEYID() local
131 } else if (strcmp(cnf->name, "issuer") == 0 && issuer == 0) { in v2i_AUTHORITY_KEYID()
132 issuer = 1; in v2i_AUTHORITY_KEYID()
134 issuer = 2; in v2i_AUTHORITY_KEYID()
196 if (issuer == 2 || (issuer == 1 && !ss && ikeyid == NULL)) { in v2i_AUTHORITY_KEYID()
219 akeyid->issuer = gens; in v2i_AUTHORITY_KEYID()
|
| H A D | x509aset.c | 96 const X509_NAME *issuer) in OSSL_ISSUER_SERIAL_set1_issuer() argument
98 return replace_dirName(&isss->issuer, issuer); in OSSL_ISSUER_SERIAL_set1_issuer()
148 v2Form = x->acinfo->issuer.u.v2Form; in X509_ACERT_set1_issuerName()
157 x->acinfo->issuer.u.v2Form = v2Form; in X509_ACERT_set1_issuerName()
158 x->acinfo->issuer.type = X509_ACERT_ISSUER_V2; in X509_ACERT_set1_issuerName()
|
| H A D | v3_purp.c | 953 int X509_check_issued(X509 *issuer, X509 *subject) in X509_check_issued() argument
959 return ossl_x509_signing_allowed(issuer, subject); in X509_check_issued()
967 if (X509_NAME_cmp(X509_get_subject_name(issuer), in ossl_x509_likely_issued()
972 if (!ossl_x509v3_cache_extensions(issuer) in ossl_x509_likely_issued()
976 ret = X509_check_akid(issuer, subject->akid); in ossl_x509_likely_issued()
994 if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) in ossl_x509_signing_allowed()
996 } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) { in ossl_x509_signing_allowed()
1008 if (akid->keyid && issuer->skid && in X509_check_akid()
1016 if (akid->issuer) { in X509_check_akid()
1022 GENERAL_NAMES *gens = akid->issuer; in X509_check_akid()
[all …]
|
| H A D | x509_local.h | 70 const ASN1_INTEGER *ser, const X509_NAME *issuer);
127 int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
129 int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
158 int ossl_x509_likely_issued(X509 *issuer, X509 *subject);
159 int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject);
|
| H A D | x509_cmp.c | 33 return X509_NAME_cmp(ai->issuer, bi->issuer); in X509_issuer_and_serial_cmp()
47 f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); in X509_issuer_and_serial_hash()
77 return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer); in X509_issuer_name_cmp()
87 return X509_NAME_cmp(a->crl.issuer, b->crl.issuer); in X509_CRL_cmp()
105 return a->cert_info.issuer; in X509_get_issuer_name()
110 return X509_NAME_hash_ex(x->cert_info.issuer, NULL, NULL, NULL); in X509_issuer_name_hash()
116 return X509_NAME_hash_old(x->cert_info.issuer); in X509_issuer_name_hash_old()
358 x.cert_info.issuer = (X509_NAME *)name; /* won't modify it */ in X509_find_by_issuer_and_serial()
|
| H A D | x509_vfy.c | 388 X509 *candidate, *issuer = NULL; in get0_best_issuer_sk() local
407 if (issuer == NULL in get0_best_issuer_sk()
410 issuer = candidate; in get0_best_issuer_sk()
413 return issuer; in get0_best_issuer_sk()
432 if (*issuer != NULL) in X509_STORE_CTX_get1_issuer()
460 if (*issuer == NULL) in get1_best_issuer_other_sk()
1586 X509 *issuer = NULL; in get_crl_delta() local
1626 X509 *issuer = NULL; in check_crl() local
1645 if (!ctx->check_issued(ctx, issuer, issuer) && in check_crl()
1650 if (issuer == NULL) in check_crl()
[all …]
|
| H A D | x_crl.c | 31 const X509_NAME *issuer);
70 ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
119 rev->issuer = gens;
412 if (!rev->issuer) { in crl_revoked_issuer_match()
423 for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { in crl_revoked_issuer_match()
424 GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); in crl_revoked_issuer_match()
436 const X509_NAME *issuer) in def_crl_lookup() argument
463 if (crl_revoked_issuer_match(crl, issuer, rev)) { in def_crl_lookup()
487 const X509_NAME *issuer), in X509_CRL_METHOD_new() argument
|
| H A D | x509_acert.c | 30 ASN1_SEQUENCE_OF(OSSL_ISSUER_SERIAL, issuer, GENERAL_NAME),
55 ASN1_EMBED(X509_ACERT_INFO, issuer, X509_ACERT_ISSUER),
108 return get_dirName(isss->issuer); in OSSL_ISSUER_SERIAL_get0_issuer()
158 if (x->acinfo->issuer.type != X509_ACERT_ISSUER_V2 in X509_ACERT_get0_issuerName()
159 || x->acinfo->issuer.u.v2Form == NULL) in X509_ACERT_get0_issuerName()
162 return get_dirName(x->acinfo->issuer.u.v2Form->issuerName); in X509_ACERT_get0_issuerName()
|
| /openssl/demos/certs/ |
| H A D | ocspquery.sh | 18 opensslcmd ocsp -issuer intca.pem -cert client.pem -CAfile root.pem \
20 opensslcmd ocsp -issuer intca.pem -cert server.pem -CAfile root.pem \
22 opensslcmd ocsp -issuer intca.pem -cert rev.pem -CAfile root.pem \
26 opensslcmd ocsp -issuer intca.pem \
|
| /openssl/crypto/cms/ |
| H A D | cms_kari.c | 59 X509_NAME **issuer, in CMS_RecipientInfo_kari_get0_orig_id() argument
69 if (issuer) in CMS_RecipientInfo_kari_get0_orig_id()
70 *issuer = NULL; in CMS_RecipientInfo_kari_get0_orig_id()
80 if (issuer) in CMS_RecipientInfo_kari_get0_orig_id()
81 *issuer = oik->d.issuerAndSerialNumber->issuer; in CMS_RecipientInfo_kari_get0_orig_id()
117 X509_NAME **issuer, ASN1_INTEGER **sno) in CMS_RecipientEncryptedKey_get0_id() argument
122 if (issuer) in CMS_RecipientEncryptedKey_get0_id()
123 *issuer = rid->d.issuerAndSerialNumber->issuer; in CMS_RecipientEncryptedKey_get0_id()
139 if (issuer) in CMS_RecipientEncryptedKey_get0_id()
140 *issuer = NULL; in CMS_RecipientEncryptedKey_get0_id()
|
| /openssl/crypto/ess/ |
| H A D | ess_lib.c | 105 if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) { in ESS_CERT_ID_new_init()
230 if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) { in ESS_CERT_ID_V2_new_init()
252 GENERAL_NAME *issuer; in ess_issuer_serial_cmp() local
254 if (is == NULL || cert == NULL || sk_GENERAL_NAME_num(is->issuer) != 1) in ess_issuer_serial_cmp()
257 issuer = sk_GENERAL_NAME_value(is->issuer, 0); in ess_issuer_serial_cmp()
258 if (issuer->type != GEN_DIRNAME in ess_issuer_serial_cmp()
259 || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)) != 0) in ess_issuer_serial_cmp()
|
| /openssl/crypto/crmf/ |
| H A D | crmf_lib.c | 177 OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer, in IMPLEMENT_CRMF_CTRL_FUNC()
182 if (issuer == NULL || serial == NULL) { in IMPLEMENT_CRMF_CTRL_FUNC()
190 if (!X509_NAME_set(&cid->issuer->d.directoryName, issuer)) in IMPLEMENT_CRMF_CTRL_FUNC()
192 cid->issuer->type = GEN_DIRNAME; in IMPLEMENT_CRMF_CTRL_FUNC()
566 return tmpl != NULL ? tmpl->issuer : NULL; in OSSL_CRMF_CERTTEMPLATE_get0_issuer()
577 return cid != NULL && cid->issuer->type == GEN_DIRNAME ? in OSSL_CRMF_CERTID_get0_issuer()
578 cid->issuer->d.directoryName : NULL; in OSSL_CRMF_CERTID_get0_issuer()
594 const X509_NAME *issuer, in OSSL_CRMF_CERTTEMPLATE_fill() argument
603 if (issuer != NULL && !X509_NAME_set((X509_NAME **)&tmpl->issuer, issuer)) in OSSL_CRMF_CERTTEMPLATE_fill()
|
| /openssl/doc/man1/ |
| H A D | openssl-crl.pod.in | 28 [B<-issuer>]
117 Output a hash of the issuer name. This can be use to lookup CRLs in
118 a directory by issuer name.
122 Outputs the "hash" of the CRL issuer name using the older algorithm
125 =item B<-issuer>
127 Output the issuer name.
|
| /openssl/apps/ |
| H A D | storeutl.c | 82 X509_NAME *subject = NULL, *issuer = NULL; in storeutl_main() local
175 if (issuer != NULL) { in storeutl_main()
180 issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1, "issuer"); in storeutl_main()
181 if (issuer == NULL) in storeutl_main()
278 if (issuer == NULL || serial == NULL) { in storeutl_main()
284 if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial)) in storeutl_main()
325 X509_NAME_free(issuer); in storeutl_main()
|
| /openssl/crypto/ocsp/ |
| H A D | ocsp_lib.c | 23 const X509 *issuer) in OCSP_cert_to_id() argument
35 iname = X509_get_subject_name(issuer); in OCSP_cert_to_id()
38 ikey = X509_get0_pubkey_bitstr(issuer); in OCSP_cert_to_id()
|
