openssl-verification-options.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man1/openssl-verification-options.pod

Lines Matching refs:trust
40 In general, according to RFC 4158 and RFC 5280, a I<trust anchor> is
45 In practice, trust anchors are given in the form of certificates,
51 is used for matching trust anchors during chain building.
53 In the most simple and common case, trust anchors are by default
54 all self-signed "root" CA certificates that are placed in the I<trust store>,
56 This is akin to what is used in the trust stores of Mozilla Firefox,
59 From the OpenSSL perspective, a trust anchor is a certificate
61 uses of a target certificate the certificate may serve as a trust anchor.
63 Such a designation provides a set of positive trust attributes
64 explicitly stating trust for the listed purposes
65 and/or a set of negative trust attributes
80 is considered a trust anchor for the given use
87 It is an an element of the trust store.
91 It does not have a negative trust attribute rejecting the given use.
95 It has a positive trust attribute accepting the given use
105 and ending in a trust anchor.
116 In this case it must fully match a trust anchor, otherwise chain building fails.
142 The lookup first searches for issuer certificates in the trust store.
166 The third step is to check the trust settings on the last certificate
170 with no trust attributes is considered to be valid for all uses.
192 that can be used as trust anchors for certain uses.
193 As mentioned, a collection of such certificates is called a I<trust store>.
195 Note that OpenSSL does not provide a default set of trust anchors.  Many
197 to that.  Mozilla maintains an influential trust store that can be found at
200 The certificates to add to the trust store
209 PEM-encoded certificates may also have trust attributes set.
218 i.e., a trust store.
373 I<trust anchor>, which is either directly trusted or validated by means
385 (because it has no matching positive trust attributes and is not self-signed)
386 but is an element of the trust store.
417 Each of them qualifies as trusted if has a suitable positive trust attribute
421 only certificates specified using the B<-trusted> option are trust anchors.
429 construct a certificate chain from the target certificate to a trust anchor.
479 end-entity certificate nor the trust-anchor certificate count against the
502 These mimic the combinations of purpose and trust settings used in SSL/(D)TLS,
505 The verification parameters include the trust model, various flags that can
509 The trust model determines which auxiliary trust or reject OIDs are applicable
603 Moreover, it does these checks even for trust anchor certificates.