| /openssl/crypto/x509/ |
| H A D | x509_trust.c | 54 return (*a)->trust - (*b)->trust; in tr_cmp()
61 default_trust = trust; in X509_TRUST_set_default()
107 tmp.trust = id; in X509_TRUST_get_by_id()
116 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument
118 if (X509_TRUST_get_by_id(trust) < 0) { in X509_TRUST_set()
122 *t = trust; in X509_TRUST_set()
158 trtmp->trust = id; in X509_TRUST_add()
213 return xp->trust; in X509_TRUST_get_trust()
225 return obj_trust(trust->arg1, x, flags); in trust_1oidany()
236 return obj_trust(trust->arg1, x, flags); in trust_1oid()
[all …]
|
| H A D | x_x509a.c | 27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
114 if (aux->trust == NULL in X509_add1_trust_object()
115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object()
117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object()
149 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear()
150 x->aux->trust = NULL; in X509_trust_clear()
165 return x->aux->trust; in STACK_OF()
|
| H A D | x509_vfy.c | 915 int trust; in check_trust() local
935 trust = X509_check_trust(x, ctx->param->trust, 0); in check_trust()
971 trust = X509_check_trust(mx, ctx->param->trust, 0); in check_trust()
2401 if (trust == 0) in X509_STORE_CTX_purpose_inherit()
2402 trust = ptmp->trust; in X509_STORE_CTX_purpose_inherit()
2404 if (trust != 0) { in X509_STORE_CTX_purpose_inherit()
2414 if (ctx->param->trust == 0 && trust != 0) in X509_STORE_CTX_purpose_inherit()
2415 ctx->param->trust = trust; in X509_STORE_CTX_purpose_inherit()
3518 if (trust == X509_TRUST_TRUSTED || trust == X509_TRUST_REJECTED) in build_chain()
3525 return trust; in build_chain()
[all …]
|
| H A D | x509_vpm.c | 89 param->trust = X509_TRUST_DEFAULT; in X509_VERIFY_PARAM_new()
171 x509_verify_param_copy(trust, X509_TRUST_DEFAULT); in X509_VERIFY_PARAM_inherit()
304 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) in X509_VERIFY_PARAM_set_trust() argument
306 return X509_TRUST_set(¶m->trust, trust); in X509_VERIFY_PARAM_set_trust()
|
| H A D | t_x509.c | 319 STACK_OF(ASN1_OBJECT) *trust, *reject; in X509_aux_print()
325 trust = X509_get0_trust_objects(x); in X509_aux_print()
327 if (trust) { in X509_aux_print()
330 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { in X509_aux_print()
336 sk_ASN1_OBJECT_value(trust, i), 0); in X509_aux_print()
|
| H A D | v3_purp.c | 159 int X509_PURPOSE_add(int id, int trust, int flags, in X509_PURPOSE_add() argument
197 ptmp->trust = trust; in X509_PURPOSE_add()
259 return xp->trust; in X509_PURPOSE_get_trust()
|
| H A D | x509_local.h | 27 int trust; /* trust setting to check */ member
|
| /openssl/doc/man3/ |
| H A D | X509_STORE_CTX_new.pod | 60 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
62 int purpose, int trust);
202 can declare what purposes we trust different certificates for. This "trust"
235 being verified in the I<ctx>. Built-in available values for the I<trust>
253 argument can have the same trust values as described in
255 I<trust> values may also have the value 0 to indicate that the supplied
258 already set in I<ctx> before, and the trust is set from the I<trust> argument
259 unless the trust was already set in I<ctx> before.
260 If I<trust> is 0 then the trust value will be set from
261 the default trust value for I<purpose>. If the default trust value for the
[all …]
|
| H A D | OSSL_CMP_validate_msg.pod | 24 In the former case a suitable trust anchor must be given in the CMP context
35 (or the trust store contains a verification callback that overrides the verdict
41 using any trust store set via L<OSSL_CMP_CTX_set0_trusted(3)>.
46 as a trust anchor for the path verification of an 'acceptable' cert if it can be
52 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
|
| H A D | X509_VERIFY_PARAM_set_flags.pod | 38 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
95 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
96 B<trust>.
114 neither the end-entity certificate nor the trust-anchor count against this
118 intermediate CA certificate between the trust anchor and the end-entity
127 The signature algorithm security level is not enforced for the chain's I<trust
300 in L<X509_verify_cert(3)> searches the trust store for issuer certificates
304 This is especially important when some certificates in the trust store have
305 explicit trust settings (see "TRUST SETTINGS" in L<openssl-x509(1)>).
318 trust store to be treated as trust anchors, in the same way as self-signed
[all …]
|
| H A D | SSL_CTX_get0_param.pod | 21 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
22 int SSL_set_trust(SSL *ssl, int trust);
38 which set the trust parameter on the verification parameters object. These
|
| H A D | X509_verify_cert.pod | 24 Else the chain must reach a trust anchor contained in I<store>.
31 A self-signed trust anchor is included only if I<target> is the trust anchor
40 a set of certificates serving as trust anchors,
|
| H A D | OSSL_CMP_exec_certreq.pod | 60 In order to authenticate the server the client typically needs a trust store.
163 The trust placed in it cannot be stronger than the trust placed in
165 the weakest trust in any of the certificates in the trust store of I<ctx>.
192 trust, for instance via the caPubs field of a certificate response or using
|
| H A D | i2d_re_X509_tbs.pod | 25 consist of an X509 certificate followed by auxiliary trust information.
30 contains both the certificate and any auxiliary trust information.
|
| H A D | SSL_CTX_set_verify.pod | 160 number of certificates between the end-entity and trust-anchor certificates.
162 end-entity nor the trust-anchor certificates count against B<depth>. If the
168 trust-anchor).
171 a final trust anchor certificate.
|
| H A D | OSSL_CMP_CTX_new.pod | 345 Allow retrieving a trust anchor from extraCerts and using that
351 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
481 certificate store containing trust anchors etc., or an empty store if unset.
516 verifiable where the chain reaches a trust anchor contained in I<own_trusted>.
644 If the callback argument is not NULL it must point to a trust store.
646 verified using this trust store and untrusted certificates from the I<ctx>,
654 Also the trust anchor (the root certificate) is not included.
|
| H A D | OCSP_resp_find_status.pod | 128 certificates in I<st> as trust anchors.
141 trust for OCSP signing in the root CA certificate.
|
| /openssl/doc/man1/ |
| H A D | openssl-verification-options.pod | 50 is used for matching trust anchors during chain building.
63 explicitly stating trust for the listed purposes
64 and/or a set of negative trust attributes
79 is considered a trust anchor for the given use
86 It is an an element of the trust store.
104 and ending in a trust anchor.
190 that can be used as trust anchors for certain uses.
198 The certificates to add to the trust store
216 i.e., a trust store.
384 but is an element of the trust store.
[all …]
|
| H A D | openssl-x509.pod.in | 90 convert certificates to various forms, edit certificate trust settings,
235 any extensions present and any trust settings.
588 on the meaning of trust settings.
590 Future versions of OpenSSL will recognize trust settings on any
599 certificate is output and any trust settings are discarded.
601 certificate is automatically output if any trust settings are modified.
627 Adds a prohibited trust anchor purpose.
695 Don't print out certificate trust information.
787 -setalias "Steve's Class 1 CA" -out trust.pem
|
| H A D | openssl-cmp.pod.in | 438 Also the trust anchor (the root certificate) is not included.
602 The certificate(s), typically of root CAs, the client shall use as trust anchors
607 from which a chain to one of the given trust anchors can be constructed.
637 The specific CMP server certificate to expect and directly trust (even if it is
731 it is verified using the newWithNew certificate as the (only) trust anchor.
743 and the certificate provided with B<-oldwithold> as the (only) trust anchor,
748 The trust placed in it cannot be stronger than the trust placed in
750 the weakest trust placed in any of the B<-trusted> certificates.
838 is verified using the given certificates as trust anchors.
1295 trust, for instance via the C<caPubs> field of a certificate response
[all …]
|
| /openssl/crypto/cmp/ |
| H A D | cmp_genm.c | 189 STACK_OF(X509) *trust; in selfsigned_verify_cb()
203 trust = X509_STORE_get1_all_certs(X509_STORE_CTX_get0_store(store_ctx)); in selfsigned_verify_cb()
204 for (i = 0; i < sk_X509_num(trust); i++) { in selfsigned_verify_cb()
205 issuer = sk_X509_value(trust, i); in selfsigned_verify_cb()
212 sk_X509_pop_free(trust, X509_free); in selfsigned_verify_cb()
|
| /openssl/include/openssl/ |
| H A D | x509_vfy.h.in | 75 /* This is used for a table of trust checking functions */
77 int trust; member
88 /* standard trust ids */
105 /* No compat trust if self-signed, preempts "DO_SS" */
107 /* Compat trust if no explicit accepted trust EKUs */
117 int X509_TRUST_set(int *t, int trust);
136 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
411 int X509_STORE_set_trust(X509_STORE *xs, int trust);
679 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
681 int purpose, int trust);
[all …]
|
| /openssl/apps/ |
| H A D | x509.c | 277 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; in x509_main()
449 if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL) in x509_main()
456 sk_ASN1_OBJECT_push(trust, objtmp); in x509_main()
822 if (trust != NULL) { in x509_main()
823 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) in x509_main()
824 X509_add1_trust_object(x, sk_ASN1_OBJECT_value(trust, i)); in x509_main()
1129 sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); in x509_main()
|
| /openssl/external/perl/Text-Template-1.56/ |
| H A D | README | 46 if you don't trust the person who wrote the code in the template, you
|
| /openssl/doc/internal/man3/ |
| H A D | ossl_cmp_msg_protect.pod | 40 of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
|
