| /openssl/test/recipes/80-test_cmp_http_data/ |
| H A D | test_credentials.csv | 9 1,empty ref but correct cert, -section,, -ref,"""",BLANK,, -cert,signer.crt, -key,signer.p12, -keyp…
15 0,keypass missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,,BLANK,…
16 0,keypass empty string, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:,…
17 1,keypass no prefix, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,12345,BLA…
18 0,keypass prefix wrong, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,:12345…
19 0,wrong keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123456,B…
23 0,no keypass, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12,BLANK,,BLANK,,BLANK,,BLANK…
38 1,default sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,B…
39 1,digest sha256, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BL…
41 0,digest missing arg, -section,,BLANK,,BLANK,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123…
[all …]
|
| H A D | test_commands.csv | 107 1,profile, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,BLANK,, -pro…
108 0,profile wrong value, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:12345,…
109 0,profile missing argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:1…
110 0,profile extra argument, -section,, -cmd,cr,, -cert,signer.crt, -key,signer.p12, -keypass,pass:123…
112 1,geninfo int, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
113 1,geninfo str, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
114 1,geninfo empty str, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
116 0,geninfo missing argument, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
118 0,geninfo invalid OID number string, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
119 1,geninfo unknown OID number string, -section,, -cmd,cr,, -cert,signer.crt,, -key,signer.p12,, -ke…
[all …]
|
| H A D | test_verification.csv | 31 0,wrong srvcert and -trusted ignored, -section,, -recipient,"""",BLANK,, -srvcert,signer.crt,-trust…
38 …DN,BLANK,,BLANK,, -trusted,signer.crt,BLANK,,BLANK, -unprotected_errors,BLANK,,,,, -secret,"""", -…
|
| /openssl/crypto/ocsp/ |
| H A D | ocsp_vfy.c | 88 ret = OCSP_REQUEST_verify(req, skey, signer->libctx, signer->propq); in ocsp_verify()
90 ret = OCSP_BASICRESP_verify(bs, skey, signer->libctx, signer->propq); in ocsp_verify()
101 X509 *signer, *x; in OCSP_basic_verify() local
171 X509 *signer; in ocsp_find_signer() local
175 *psigner = signer; in ocsp_find_signer()
180 *psigner = signer; in ocsp_find_signer()
225 X509 *signer, *sca; in ocsp_check_issuer() local
388 X509 *signer; in OCSP_request_verify() local
425 X509 *signer; in ocsp_req_find_signer() local
429 if (signer != NULL) { in ocsp_req_find_signer()
[all …]
|
| H A D | ocsp_srv.c | 168 X509 *signer, EVP_MD_CTX *ctx, in OCSP_basic_sign_ctx() argument
180 if (pkey == NULL || !X509_check_private_key(signer, pkey)) { in OCSP_basic_sign_ctx()
186 if (!OCSP_basic_add1_cert(brsp, signer) in OCSP_basic_sign_ctx()
193 if (!OCSP_RESPID_set_by_key(rid, signer)) in OCSP_basic_sign_ctx()
195 } else if (!OCSP_RESPID_set_by_name(rid, signer)) { in OCSP_basic_sign_ctx()
216 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, in OCSP_basic_sign() argument
227 signer->libctx, signer->propq, key, NULL)) { in OCSP_basic_sign()
231 i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags); in OCSP_basic_sign()
|
| H A D | ocsp_cl.c | 81 X509 *signer, in OCSP_request_sign() argument
86 if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) in OCSP_request_sign()
92 if (!X509_check_private_key(signer, key)) { in OCSP_request_sign()
97 if (!OCSP_REQUEST_sign(req, key, dgst, signer->libctx, signer->propq)) in OCSP_request_sign()
102 if (!OCSP_request_add1_cert(req, signer) in OCSP_request_sign()
|
| /openssl/crypto/ts/ |
| H A D | ts_rsp_verify.c | 20 X509 *signer, STACK_OF(X509) **chain);
95 X509 *signer; in TS_RESP_verify_signature() local
128 signer = sk_X509_value(signers, 0); in TS_RESP_verify_signature()
136 if (!ts_verify_cert(store, untrusted, signer, &chain)) in TS_RESP_verify_signature()
146 j = PKCS7_signatureVerify(p7bio, token, si, signer); in TS_RESP_verify_signature()
153 *signer_out = signer; in TS_RESP_verify_signature()
154 X509_up_ref(signer); in TS_RESP_verify_signature()
172 X509 *signer, STACK_OF(X509) **chain) in ts_verify_cert() argument
295 X509 *signer = NULL; in int_ts_RESP_verify_token() local
338 && !ts_check_signer_name(ctx->tsa_name, signer)) { in int_ts_RESP_verify_token()
[all …]
|
| /openssl/test/ |
| H A D | ocspapitest.c | 115 X509 *signer = NULL, *tmp; in test_resp_signer() local
128 || !TEST_true(get_cert_and_key(&signer, &key)) in test_resp_signer()
129 || !TEST_true(sk_X509_push(extra_certs, signer)) in test_resp_signer()
130 || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), in test_resp_signer()
134 || !TEST_int_eq(X509_cmp(tmp, signer), 0)) in test_resp_signer()
142 || !TEST_true(OCSP_basic_sign(bs, signer, key, EVP_sha1(), in test_resp_signer()
146 || !TEST_int_eq(X509_cmp(tmp, signer), 0)) in test_resp_signer()
152 X509_free(signer); in test_resp_signer()
|
| /openssl/crypto/cms/ |
| H A D | cms_sd.c | 357 X509_check_purpose(signer, -1, -1); in CMS_add1_signer()
359 X509_up_ref(signer); in CMS_add1_signer()
364 si->signer = signer; in CMS_add1_signer()
613 if (si->signer != NULL) { in STACK_OF()
626 if (signer != NULL) { in CMS_SignerInfo_set1_signer_cert()
627 X509_up_ref(signer); in CMS_SignerInfo_set1_signer_cert()
631 X509_free(si->signer); in CMS_SignerInfo_set1_signer_cert()
632 si->signer = signer; in CMS_SignerInfo_set1_signer_cert()
664 if (si->signer != NULL) in CMS_set1_signers_certs()
700 if (signer != NULL) in CMS_SignerInfo_get0_algs()
[all …]
|
| /openssl/doc/man3/ |
| H A D | CMS_get0_SignerInfos.pod | 8 - CMS signedData signer functions
20 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
27 CMS_SignerInfo_get0_signer_id() retrieves the certificate signer identifier
37 CMS_SignerInfo_cert_cmp() compares the certificate B<cert> against the signer
42 B<signer>.
52 CMS. It will then obtain the signer certificate by some unspecified means
56 Once all signer certificates have been set CMS_verify() can be used.
|
| H A D | PKCS7_verify.pod | 21 in which to search for signer's certificates.
33 PKCS7_get0_signers() retrieves the signer's certificates from I<p7>, it does
50 An attempt is made to locate all the signer's certificates, first looking in
53 If any signer's certificates cannot be located the operation fails.
55 Each signer's certificate is chain verified using the B<smimesign> purpose and
75 searched when locating the signer's certificates.
85 If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
89 the signer's certificates) must be contained in the trusted store.
99 signer cannot be found.
109 signer it cannot be trusted without additional evidence (such as a trusted
[all …]
|
| H A D | OCSP_resp_find_status.pod | 40 int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
116 signed and that the signer certificate can be validated. It takes I<st> as
118 The function first tries to find the signer certificate of the response
121 It fails if the signer certificate cannot be found.
124 success if I<flags> contains B<OCSP_NOVERIFY> or if the signer certificate
126 Otherwise the function continues by validating the signer certificate.
133 and uses them for constructing the validation path for the signer certificate.
135 if the signer certificate contains the B<id-pkix-ocsp-no-check> extension.
138 Otherwise it verifies that the signer certificate meets the OCSP issuer
|
| H A D | PKCS7_sign_add_signer.pod | 19 PKCS7_sign_add_signer() adds a signer with certificate I<signcert> and private
45 digest value from the B<PKCS7> structure: to add a signer to an existing structure.
54 If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
55 B<PKCS7> structure, the signer's certificate must still be supplied in the
75 I<cert>, which may be an end-entity (signer) certificate
|
| H A D | CMS_add1_signer.pod | 5 CMS_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo signed data structure
19 CMS_add1_signer() adds a signer with certificate B<signcert> and private
51 digest value from the CMS_ContentInfo structure: to add a signer to an existing
61 If B<CMS_NOCERTS> is set the signer's certificate will not be included in the
62 CMS_ContentInfo structure, the signer's certificate must still be supplied in
|
| H A D | PKCS7_sign.pod | 38 If B<PKCS7_NOCERTS> is set the signer's certificate and the extra I<certs>
40 The signer's certificate must still be supplied in the I<signcert> parameter
41 though. This can reduce the size of the signatures if the signer's certificates
82 If a signer is specified it will use the default digest for the signing
|
| H A D | CMS_verify.pod | 102 If B<CMS_CADES> is set, each signer certificate is checked against the
112 in the I<certs> parameter. In this case if the signer certificate is not one
114 signer cannot be found.
119 can be achieved by setting and verifying the signer certificates manually
130 signer it cannot be trusted without additional evidence (such as a trusted
|
| H A D | OCSP_response_status.pod | 28 int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
31 int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, X509 *signer, EVP_MD_CTX *ctx,
76 OCSP_basic_sign() signs OCSP response I<brsp> using certificate I<signer>, private key
|
| /openssl/crypto/pkcs7/ |
| H A D | pk7_smime.c | 221 X509 *signer; in PKCS7_verify() local
288 signer = sk_X509_value(signers, k); in PKCS7_verify()
346 signer = sk_X509_value(signers, i); in PKCS7_verify()
347 j = PKCS7_signatureVerify(p7bio, p7, si, signer); in PKCS7_verify()
374 X509 *signer; in STACK_OF() local
405 signer = NULL; in STACK_OF()
407 signer = X509_find_by_issuer_and_serial(certs, in STACK_OF()
409 if (signer == NULL && (flags & PKCS7_NOINTERN) == 0) in STACK_OF()
410 signer = X509_find_by_issuer_and_serial(included_certs, in STACK_OF()
412 if (signer == NULL) { in STACK_OF()
[all …]
|
| /openssl/doc/man1/ |
| H A D | openssl-smime.pod.in | 23 [B<-signer> I<file>]
238 signer certificates and will be used for chain building.
242 =item B<-signer> I<file>
322 signer using the same message digest or this operation will fail.
370 -signer mycert.pem
375 -signer mycert.pem
386 -signer mycert.pem -signer othercert.pem
390 openssl smime -sign -in in.txt -text -signer mycert.pem \
406 openssl smime -sign -in ml.txt -signer my.pem -text \
438 Add a signer to an existing message:
[all …]
|
| H A D | openssl-cms.pod.in | 79 [B<-signer> I<file>]
93 [B<-signer> I<file>]
448 =item B<-signer> I<file>
451 used multiple times if more than one signer is required.
457 signer certificates and will be used for chain building.
515 =item B<-signer> I<file>
782 -signer mycert.pem
787 -signer mycert.pem
798 -signer mycert.pem -signer othercert.pem -keyid
818 openssl cms -sign -in ml.txt -signer my.pem -text \
[all …]
|
| /openssl/test/recipes/80-test_cmp_http_data/Mock/ |
| H A D | test.cnf | 32 newkey = signer.key
38 cert = signer.crt
39 key = signer.p12
|
| /openssl/apps/ |
| H A D | smime.c | 169 X509 *cert = NULL, *recip = NULL, *signer = NULL; in smime_main() local
606 signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); in smime_main()
607 if (signer == NULL) in smime_main()
613 if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags)) in smime_main()
615 X509_free(signer); in smime_main()
616 signer = NULL; in smime_main()
693 X509_free(signer); in smime_main()
|
| H A D | ts.c | 51 const EVP_MD *md, const char *signer, const char *chain,
57 const char *inkey, const EVP_MD *md, const char *signer,
169 char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; in ts_main() local
262 signer = opt_arg(); in ts_main()
335 password, inkey, md, signer, chain, policy, in ts_main()
592 const EVP_MD *md, const char *signer, const char *chain, in reply_command() argument
614 passin, inkey, md, signer, chain, policy); in reply_command()
700 const char *inkey, const EVP_MD *md, const char *signer, in create_response() argument
720 if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) in create_response()
|
| H A D | cms.c | 293 X509 *cert = NULL, *recip = NULL, *signer = NULL, *originator = NULL; in cms_main() local
867 if ((signer = load_cert(signerfile, FORMAT_UNDEF, in cms_main()
1056 srcms = CMS_sign_receipt(si, signer, key, other, flags); in cms_main()
1096 signer = load_cert(signerfile, FORMAT_UNDEF, "signer certificate"); in cms_main()
1097 if (signer == NULL) { in cms_main()
1113 si = CMS_add1_signer(cms, signer, key, sign_md, tflags); in cms_main()
1124 X509_free(signer); in cms_main()
1125 signer = NULL; in cms_main()
1292 X509_free(signer); in cms_main()
|
| /openssl/doc/internal/man3/ |
| H A D | ossl_cmp_msg_protect.pod | 35 If signature-based message protection is used it adds first the CMP signer cert
48 because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
|
