Home
last modified time | relevance | path

Searched full:trust (Results 1 – 25 of 614) sorted by relevance

12345678910>>...25

/freebsd/contrib/unbound/validator/
H A Dval_anchor.h2 * validator/val_anchor.h - validator trust anchor storage.
39 * This file contains storage for the trust anchors for the validator.
54 * Trust anchor store.
58 * on a trust anchor and look it up again to delete it.
75 * Trust anchor key
89 * A trust anchor in the trust anchor store.
97 /** name of this trust anchor */
106 * List of DS or DNSKEY rrs that form the trust anchor.
119 /** class of the trust anchor */
124 * Create trust anchor storage
[all …]
H A Dautotrust.h2 * validator/autotrust.h - RFC5011 trust anchor management for unbound.
65 * Autotrust metadata for one trust anchor key.
87 * Autotrust metadata for a trust point.
91 /** file to store the trust point in. chrootdir already applied. */
120 /** true if the trust point has been revoked */
147 * @param anchors: the trust anchors structure.
148 * @return number of autotrust trust anchors
156 * If 0, then there is no next probe anymore (trust points deleted).
174 * @param tp: trust point to write.
181 * @param tp: trust point to delete.
[all …]
H A Dvalidator.h57 * This is the TTL to use when a trust anchor fails to prime. A trust anchor
59 * dnssec-stripped is off and the trust anchor fails.
65 * trust the entire zone for that name is blacked out for this TTL.
136 /** find the proper keys for validation, follow trust chain */
162 /** The blacklist saved for chain of trust elements */
192 /** trust anchor name */
194 /** trust anchor labels */
196 /** trust anchor length */
218 /** true if this state is waiting to prime a trust anchor */
H A Dautotrust.c2 * validator/autotrust.c - RFC5011 trust anchor management for unbound.
101 /* time is equal, sort on trust point identity */ in probetree_cmp()
135 * @param ta: trust anchor key with DNSKEY data.
162 * @param ta: trust key autotrust metadata
359 log_err("trust anchor for '%s' presented twice", buf); in autr_tp_create()
370 log_err("trust anchor for '%s' in probetree twice", buf); in autr_tp_create()
418 /** find or add a new trust point for autotrust */
442 /** Add trust anchor from RR */
464 * Add new trust anchor from a string in file.
467 * @param tp: trust point returned.
[all …]
H A Dval_anchor.c2 * validator/val_anchor.c - validator trust anchor storage.
39 * This file contains storage for the trust anchors for the validator.
219 /** create new trust anchor object */
291 * This routine adds a new RR to a trust anchor. The trust anchor may not
295 * @param name: name of trust anchor (wireformat)
301 * @return: NULL on error, else the trust anchor.
313 log_err("Bad type for trust anchor"); in anchor_store_new_key()
354 * @return NULL on error, else the trust anchor.
378 * @return NULL on error, Else last trust anchor point
406 log_err("error parsing trust anchor %s: at %d: %s", in anchor_store_str()
[all …]
/freebsd/crypto/openssl/crypto/x509/
H A Dx509_trust.c18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
26 * WARNING: the following table should be kept in order of trust and without
27 * any gaps so we can just subtract the minimum trust value to get an index
54 return (*a)->trust - (*b)->trust; in tr_cmp()
57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, in X509_TRUST_set_default()
61 default_trust = trust; in X509_TRUST_set_default()
106 tmp.trust = id; in X509_TRUST_get_by_id()
113 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument
[all …]
H A Dx509_vfy.c202 * except those of the trust anchor at index num-1. in check_auth_level()
397 * auxiliary trust can be used to override EKU-restrictions.
406 * For trusted certificates we want to see whether any auxiliary trust in check_purpose()
409 * This is complicated by the fact that the trust ordinals in in check_purpose()
410 * ctx->param->trust are entirely independent of the purpose ordinals in in check_purpose()
415 * related values of both param->trust and param->purpose. It is however in check_purpose()
416 * typically possible to infer associated trust values from a purpose value in check_purpose()
419 * Therefore, we can only check for trust overrides when the purpose we're in check_purpose()
420 * checking is the same as ctx->param->purpose and ctx->param->trust is in check_purpose()
424 tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); in check_purpose()
[all …]
H A Dx_x509a.c27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
114 if (aux->trust == NULL in X509_add1_trust_object()
115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object()
117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object()
149 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear()
150 x->aux->trust = NULL; in X509_trust_clear()
165 return x->aux->trust; in STACK_OF()
/freebsd/crypto/openssl/doc/man3/
H A DX509_STORE_CTX_new.pod52 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
54 int purpose, int trust);
169 certificate itself. In addition the trust store containing trusted certificates
170 can declare what purposes we trust different certificates for. This "trust"
176 administrator might only trust it for the former. An X.509 certificate extension
193 purpose also has an associated default trust value which will also be set at the
194 same time. During verification this trust setting will be verified to check it
195 is consistent with the trust set by the system administrator for certificates in
198 X509_STORE_CTX_set_trust() sets the trust value for the target certificate
199 being verified in the I<ctx>. Built-in available values for the I<trust>
[all …]
H A DX509_VERIFY_PARAM_set_flags.pod38 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
95 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
96 B<trust>.
114 neither the end-entity certificate nor the trust-anchor count against this
117 directly by the trust anchor, while with a B<depth> limit of 1 there can be one
118 intermediate CA certificate between the trust anchor and the end-entity
127 The signature algorithm security level is not enforced for the chain's I<trust
300 in L<X509_verify_cert(3)> searches the trust store for issuer certificates
304 This is especially important when some certificates in the trust store have
305 explicit trust settings (see "TRUST SETTINGS" in L<openssl-x509(1)>).
[all …]
/freebsd/lib/libsecureboot/
H A Dveta.c27 * @file veta.c - add to trust anchors
42 * @brief add trust anchors from a file
48 trust_file_add(const char *trust) in trust_file_add() argument
53 xcs = read_certificates(trust, &num); in trust_file_add()
58 else if (load_key_file(trust)) { in trust_file_add()
66 * @brief add trust anchors from a directory
71 trust_dir_add(const char *trust) in trust_dir_add() argument
80 if (!(dh = opendir(trust))) in trust_dir_add()
85 sz = snprintf(fbuf, sizeof(fbuf), "%s/%s", trust, de->d_name); in trust_dir_add()
97 * @brief add trust anchors
[all …]
H A DREADME.rst6 To do that, the necessary trust anchors need to be available.
11 The makefile ``local.trust.mk`` is responsible for doing that.
16 provide access to the necessary trust anchors.
69 we want the trust anchor in a file named ``t*.asc``
98 certificate (trust anchor). This is expected to be in a file named
130 you need to provide a suitable file signed by each supported trust
134 have the same extension as the corresponding trust anchor.
140 signed by the corresponding trust anchor.
/freebsd/secure/lib/libcrypto/man/man3/
H A DX509_STORE_CTX_new.3187 \& int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
189 \& int purpose, int trust);
306 certificate itself. In addition the trust store containing trusted certificates
307 can declare what purposes we trust different certificates for. This \*(L"trust\*(R"
313 administrator might only trust it for the former. An X.509 certificate extension
330 purpose also has an associated default trust value which will also be set at the
331 same time. During verification this trust setting will be verified to check it
332 is consistent with the trust set by the system administrator for certificates in
335 \&\fBX509_STORE_CTX_set_trust()\fR sets the trust value for the target certificate
336 being verified in the \fIctx\fR. Built-in available values for the \fItrust\fR
[all …]
H A DX509_VERIFY_PARAM_set_flags.3173 \& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
230 \&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to
249 neither the end-entity certificate nor the trust-anchor count against this
252 directly by the trust anchor, while with a \fBdepth\fR limit of 1 there can be one
253 intermediate \s-1CA\s0 certificate between the trust anchor and the end-entity
262 The signature algorithm security level is not enforced for the chain's \fItrust
433 in \fBX509_verify_cert\fR\|(3) searches the trust store for issuer certificates
437 This is especially important when some certificates in the trust store have
438 explicit trust settings (see \*(L"\s-1TRUST SETTINGS\*(R"\s0 in \fBopenssl\-x509\fR\|(1)).
445 with certificates from the trust store to see if an alternative chain can be
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-verification-options.pod37 =head2 Trust Anchors
39 In general, according to RFC 4158 and RFC 5280, a I<trust anchor> is
44 In practice, trust anchors are given in the form of certificates,
50 is used for matching trust anchors during chain building.
52 In the most simple and common case, trust anchors are by default
53 all self-signed "root" CA certificates that are placed in the I<trust store>,
55 This is akin to what is used in the trust stores of Mozilla Firefox,
58 From the OpenSSL perspective, a trust anchor is a certificate
60 uses of a target certificate the certificate may serve as a trust anchor.
62 Such a designation provides a set of positive trust attributes
[all …]
/freebsd/secure/usr.bin/openssl/man/
H A Dopenssl-verification-options.1169 .SS "Trust Anchors"
170 .IX Subsection "Trust Anchors"
171 In general, according to \s-1RFC 4158\s0 and \s-1RFC 5280,\s0 a \fItrust anchor\fR is
176 In practice, trust anchors are given in the form of certificates,
182 is used for matching trust anchors during chain building.
184 In the most simple and common case, trust anchors are by default
185 all self-signed \*(L"root\*(R" \s-1CA\s0 certificates that are placed in the \fItrust store\fR,
187 This is akin to what is used in the trust stores of Mozilla Firefox,
190 From the OpenSSL perspective, a trust anchor is a certificate
192 uses of a target certificate the certificate may serve as a trust anchor.
[all …]
/freebsd/contrib/ldns/ldns/
H A Ddnssec_verify.h73 * DNSSEC data that is needed to derive the trust tree later
100 * data_chain when there is still a trust tree derived from
145 * There is no deep free; all data in the trust tree
153 * returns the depth of the trust tree
168 * \param[in] tree The trust tree to print
186 * \param[in] tree The trust tree to print
197 * Adds a trust tree as a parent for the given trust tree
218 * \param[in] *data_chain The chain to derive the trust tree from
233 * \param[in] *data_chain The chain to derive the trust tree from
245 * \param[in] new_tree The trust tree that we are building
[all …]
/freebsd/crypto/openssl/test/recipes/
H A D25-test_verify.t36 "accept compat trust");
42 "fail server trust non-ca root");
44 "fail wildcard trust non-ca root");
59 # Explicit trust/purpose combinations
66 "accept server trust");
68 "accept server trust with server purpose");
70 "accept server trust with client purpose");
71 # Wildcard trust
73 "accept wildcard trust");
75 "accept wildcard trust with server purpose");
[all …]
/freebsd/secure/caroot/trusted/
H A DD-TRUST_BR_Root_CA_1_2020.pem2 ## D-TRUST BR Root CA 1 2020
20 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 1 2020
24 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 1 2020
47 URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
H A DD-TRUST_EV_Root_CA_1_2020.pem2 ## D-TRUST EV Root CA 1 2020
20 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 1 2020
24 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 1 2020
47 URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20EV%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
H A DD-TRUST_Root_Class_3_CA_2_2009.pem2 ## D-TRUST Root Class 3 CA 2 2009
19 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
23 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
56 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=…
58 URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl
H A DD-TRUST_Root_Class_3_CA_2_EV_2009.pem2 ## D-TRUST Root Class 3 CA 2 EV 2009
19 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
23 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
56 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20Gm…
58 URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl
/freebsd/crypto/heimdal/doc/
H A Dwin2k.texi21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
29 @node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heim…
86 @node Inter-Realm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configur…
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
95 By default the trust will be non-transitive. This means that only users
98 can also be used to add the trust between two realms.
111 Right click on Properties of your domain, select the Trust tab. Press
112 Add on the appropriate trust windows and enter domain name and
122 netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
130 understand them. Otherwise, the trust will not works.
[all …]
/freebsd/secure/caroot/untrusted/
H A DD-TRUST_Root_CA_3_2013.pem2 ## D-TRUST Root CA 3 2013
17 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
21 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
54 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20CA%203%202013,O=D-Trust%20GmbH,C=DE?certifica…
56 URI:http://crl.d-trust.net/crl/d-trust_root_ca_3_2013.crl
/freebsd/secure/caroot/
H A DMAca-bundle.pl204 confess "Unknown trust setting on line $.:\n"
212 print STDERR "line $.: no explicit trust/distrust found for $cka_label\n";
215 my $trust = ($maytrust and not $distrust);
216 return ($serial, $cka_label, $trust);
240 my ($serial, $label, $trust) = grabtrust($inputfh);
242 warn "Trust for $label duplicated!\n";
244 $trusts{$label."\0".$serial} = $trust;
261 warn "Found trust for nonexistent certificate $labels{$it}\n" if $debug;
280 die "Found certificate without trust block,\naborting";

12345678910>>...25