OSSL_CMP_CTX_new.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man3/OSSL_CMP_CTX

Lines Matching refs:CMP
65 - functions for managing the CMP client context data structure
117  /* CMP message header and extra certificates: */
167 This is the context API for using CMP (Certificate Management Protocol) with
182 clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
186 All other field values (i.e., CMP options) are retained for potential reuse.
212         Number of seconds a CMP request-response message round trip
254         is provided as the newPkey or client's pkey component of the CMP context.
294         Send request or response messages without CMP-level protection.
309         validating signature-based protection in received CMP messages.
310         Else, 'digitalSignature' must be allowed by CMP signer certificates.
319         this way has not been authenticated (at least not at CMP level).
337 is similar to L<ERR_print_errors_cb(3)> but uses the CMP log callback function
338 if set in the I<ctx> for uniformity with CMP logging if given. Otherwise it uses
341 OSSL_CMP_CTX_set1_serverPath() sets the HTTP path of the CMP server on the host,
342 also known as "CMP alias".
348 OSSL_CMP_CTX_set_serverPort() sets the port of the CMP server to connect to.
353 the given CMP server unless overruled by any "no_proxy" settings (see below).
402 The callback should send the CMP request message it obtains via the I<req>
419 This pins the accepted CMP server and
424 as default value for the recipient of CMP requests
425 and as default value for the expected sender of CMP responses.
428 expected in the sender field of incoming CMP messages.
431 CMP message signer, and attackers are not able to use arbitrary certificates
432 of a trusted PKI hierarchy to fraudulently pose as CMP server.
438 sets in the CMP context I<ctx> the certificate store of type X509_STORE
447 extracts from the CMP context I<ctx> the pointer to the currently set
451 of intermediate CAs that may be useful for path construction for the own CMP
453 CMP protection certificates, and when verifying newly enrolled certificates.
459 OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate, also called protection
463 When using signature-based protection of CMP request messages
464 this CMP signer certificate will be included first in the extraCerts field.
472 OSSL_CMP_CTX_build_cert_chain() builds a certificate chain for the CMP signer
478 ignores any verification errors. Else the CMP signer certificate must be
487 CMP signer certificate set via OSSL_CMP_CTX_set1_cert().
503 CMP message headers can be determined (i.e., no CMP signer certificate
506 and the senderKID field of the CMP message header must be set.
508 the subjectKeyIdentifier of the CMP signer certificate as far as present.
513 PKIHeader of CMP request messages, i.e. the X509 name of the (CA) server.
515 The recipient field in the header of a CMP message is mandatory.
517 the subject of the CMP server certificate set using OSSL_CMP_CTX_set1_srvCert(),
520 the issuer of the CMP signer certificate,
524 added to the GeneralInfo field of the CMP PKIMessage header of a request
534 structure as the private or public key to be certified in the CMP context.
538 dependent on fields of the CMP context structure:
553 of outgoing CMP messages if no reference certificate is available.
579 It must be given for RR, else it defaults to the CMP signer certificate.
584 in CMP message headers.
585 Its issuer is used as default recipient in CMP message headers.
694 CMP is defined in RFC 4210 (and CRMF in RFC 4211).
732 Set up a CMP client context for sending requests and verifying responses:
754 Reset the transaction state of the CMP context and the credentials:
799 The OpenSSL CMP support was added in OpenSSL 3.0.