Home
last modified time | relevance | path

Searched full:trust (Results 1 – 25 of 669) sorted by relevance

12345678910>>...27

/freebsd/contrib/unbound/validator/
H A Dval_anchor.h2 * validator/val_anchor.h - validator trust anchor storage.
39 * This file contains storage for the trust anchors for the validator.
54 * Trust anchor store.
58 * on a trust anchor and look it up again to delete it.
75 * Trust anchor key
89 * A trust anchor in the trust anchor store.
97 /** name of this trust anchor */
106 * List of DS or DNSKEY rrs that form the trust anchor.
119 /** class of the trust ancho
[all...]
H A Dautotrust.h2 * validator/autotrust.h - RFC5011 trust anchor management for unbound.
65 * Autotrust metadata for one trust anchor key.
87 * Autotrust metadata for a trust point.
91 /** file to store the trust point in. chrootdir already applied. */
120 /** true if the trust point has been revoked */
147 * @param anchors: the trust anchors structure.
148 * @return number of autotrust trust anchors
156 * If 0, then there is no next probe anymore (trust points deleted).
174 * @param tp: trust point to write.
181 * @param tp: trust point to delete.
[all …]
H A Dvalidator.h58 * This is the TTL to use when a trust anchor fails to prime. A trust anchor
60 * dnssec-stripped is off and the trust anchor fails.
66 * trust the entire zone for that name is blacked out for this TTL.
137 /** find the proper keys for validation, follow trust chain */
163 /** The blacklist saved for chain of trust elements */
193 /** trust anchor name */
195 /** trust anchor labels */
197 /** trust anchor length */
219 /** true if this state is waiting to prime a trust ancho
[all...]
/freebsd/crypto/openssl/crypto/x509/
H A Dx509_trust.c18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
26 * WARNING: the following table should be kept in order of trust and without
27 * any gaps so we can just subtract the minimum trust value to get an index
54 return (*a)->trust - (*b)->trust; in tr_cmp()
57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, in X509_TRUST_set_default()
61 default_trust = trust; in X509_TRUST_set_default()
107 tmp.trust = id; in X509_TRUST_get_by_id()
116 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument
[all …]
H A Dx509_vfy.c207 * except those of the trust anchor at index num-1. in check_auth_level()
406 /* yet better not check key usage for trust anchors */ in get0_best_issuer_sk()
523 * auxiliary trust can be used to override EKU-restrictions.
532 * For trusted certificates we want to see whether any auxiliary trust in check_purpose()
535 * This is complicated by the fact that the trust ordinals in in check_purpose()
536 * ctx->param->trust are entirely independent of the purpose ordinals in in check_purpose()
541 * related values of both param->trust and param->purpose. It is however in check_purpose()
542 * typically possible to infer associated trust values from a purpose value in check_purpose()
545 * Therefore, we can only check for trust overrides when the purpose we're in check_purpose()
546 * checking is the same as ctx->param->purpose and ctx->param->trust is in check_purpose()
[all …]
H A Dx_x509a.c27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
114 if (aux->trust == NULL in X509_add1_trust_object()
115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object()
117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object()
149 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear()
150 x->aux->trust = NULL; in X509_trust_clear()
165 return x->aux->trust; in STACK_OF()
/freebsd/secure/lib/libcrypto/man/man3/
H A DX509_STORE_CTX_new.3119 \& int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
121 \& int purpose, int trust);
244 Among others, the parameters determine the trust model and verification purpose.
266 certificate itself. In addition the trust store containing trusted certificates
267 can declare what purposes we trust different certificates for. This "trust"
273 administrator might only trust it for the former. An X.509 certificate extension
292 CA certificates along the chain, including any given trust anchor certificate.
294 Every purpose also has an associated default trust value, which will also be set
295 at the same time. During verification, this trust setting will be verified
296 to check whether it is consistent with the trust set by the system administrator
[all …]
H A DX509_VERIFY_PARAM_set_flags.399 \& int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
158 \&\fBX509_VERIFY_PARAM_set_trust()\fR sets the trust setting in \fBparam\fR to
177 neither the end-entity certificate nor the trust-anchor count against this
180 directly by the trust anchor, while with a \fBdepth\fR limit of 1 there can be one
181 intermediate CA certificate between the trust anchor and the end-entity
190 The signature algorithm security level is not enforced for the chain's \fItrust
364 in \fBX509_verify_cert\fR\|(3) searches the trust store for issuer certificates
368 This is especially important when some certificates in the trust store have
369 explicit trust settings (see "TRUST SETTINGS" in \fBopenssl\-x509\fR\|(1)).
376 with certificates from the trust store to see if an alternative chain can be
[all …]
H A DOSSL_CMP_validate_msg.383 In the former case a suitable trust anchor must be given in the CMP context
94 (or the trust store contains a verification callback that overrides the verdict
100 using any trust store set via \fBOSSL_CMP_CTX_set0_trusted\fR\|(3).
105 as a trust anchor for the path verification of an 'acceptable' cert if it can be
111 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
/freebsd/lib/libsecureboot/
H A Dveta.c27 * @file veta.c - add to trust anchors
42 * @brief add trust anchors from a file
48 trust_file_add(const char *trust) in trust_file_add() argument
53 xcs = read_certificates(trust, &num); in trust_file_add()
58 else if (load_key_file(trust)) { in trust_file_add()
66 * @brief add trust anchors from a directory
71 trust_dir_add(const char *trust) in trust_dir_add() argument
80 if (!(dh = opendir(trust))) in trust_dir_add()
85 sz = snprintf(fbuf, sizeof(fbuf), "%s/%s", trust, de->d_name); in trust_dir_add()
97 * @brief add trust anchors
[all …]
H A DREADME.rst6 To do that, the necessary trust anchors need to be available.
11 The makefile ``local.trust.mk`` is responsible for doing that.
16 provide access to the necessary trust anchors.
69 we want the trust anchor in a file named ``t*.asc``
98 certificate (trust anchor). This is expected to be in a file named
130 you need to provide a suitable file signed by each supported trust
134 have the same extension as the corresponding trust anchor.
140 signed by the corresponding trust anchor.
/freebsd/crypto/openssl/doc/man3/
H A DX509_STORE_CTX_new.pod60 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
62 int purpose, int trust);
185 Among others, the parameters determine the trust model and verification purpose.
205 certificate itself. In addition the trust store containing trusted certificates
206 can declare what purposes we trust different certificates for. This "trust"
212 administrator might only trust it for the former. An X.509 certificate extension
231 CA certificates along the chain, including any given trust anchor certificate.
233 Every purpose also has an associated default trust value, which will also be set
234 at the same time. During verification, this trust setting will be verified
235 to check whether it is consistent with the trust set by the system administrator
[all …]
H A DX509_VERIFY_PARAM_set_flags.pod40 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
99 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
100 B<trust>.
118 neither the end-entity certificate nor the trust-anchor count against this
121 directly by the trust anchor, while with a B<depth> limit of 1 there can be one
122 intermediate CA certificate between the trust anchor and the end-entity
131 The signature algorithm security level is not enforced for the chain's I<trust
307 in L<X509_verify_cert(3)> searches the trust store for issuer certificates
311 This is especially important when some certificates in the trust store have
312 explicit trust settings (see "TRUST SETTINGS" in L<openssl-x509(1)>).
[all …]
H A DOSSL_CMP_validate_msg.pod24 In the former case a suitable trust anchor must be given in the CMP context
35 (or the trust store contains a verification callback that overrides the verdict
41 using any trust store set via L<OSSL_CMP_CTX_set0_trusted(3)>.
46 as a trust anchor for the path verification of an 'acceptable' cert if it can be
52 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
/freebsd/secure/usr.bin/openssl/man/
H A Dopenssl-verification-options.194 .SS "Trust Anchors"
95 .IX Subsection "Trust Anchors"
96 In general, according to RFC 4158 and RFC 5280, a \fItrust anchor\fR is
101 In practice, trust anchors are given in the form of certificates,
107 is used for matching trust anchors during chain building.
109 In the most simple and common case, trust anchors are by default
110 all self-signed "root" CA certificates that are placed in the \fItrust store\fR,
112 This is akin to what is used in the trust stores of Mozilla Firefox,
115 From the OpenSSL perspective, a trust anchor is a certificate
117 uses of a target certificate the certificate may serve as a trust anchor.
[all …]
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-verification-options.pod38 =head2 Trust Anchors
40 In general, according to RFC 4158 and RFC 5280, a I<trust anchor> is
45 In practice, trust anchors are given in the form of certificates,
51 is used for matching trust anchors during chain building.
53 In the most simple and common case, trust anchors are by default
54 all self-signed "root" CA certificates that are placed in the I<trust store>,
56 This is akin to what is used in the trust stores of Mozilla Firefox,
59 From the OpenSSL perspective, a trust anchor is a certificate
61 uses of a target certificate the certificate may serve as a trust anchor.
63 Such a designation provides a set of positive trust attributes
[all …]
/freebsd/contrib/ldns/ldns/
H A Ddnssec_verify.h73 * DNSSEC data that is needed to derive the trust tree later
100 * data_chain when there is still a trust tree derived from
145 * There is no deep free; all data in the trust tree
153 * returns the depth of the trust tree
168 * \param[in] tree The trust tree to print
186 * \param[in] tree The trust tree to print
197 * Adds a trust tree as a parent for the given trust tree
218 * \param[in] *data_chain The chain to derive the trust tree from
233 * \param[in] *data_chain The chain to derive the trust tree from
245 * \param[in] new_tree The trust tree that we are building
[all …]
/freebsd/crypto/openssl/test/recipes/
H A D25-test_verify.t37 "accept compat trust");
43 "fail server trust non-ca root");
45 "fail wildcard trust non-ca root");
60 # Explicit trust/purpose combinations
65 "fail client purpose"); # beware, questionable non-standard EKU check on trust anchor
67 "accept server trust");
69 "accept server trust with server purpose");
71 "accept server trust with client purpose");
72 # Wildcard trust
74 "accept wildcard trust");
[all …]
/freebsd/secure/caroot/trusted/
H A DD-TRUST_BR_Root_CA_1_2020.pem2 ## D-TRUST BR Root CA 1 2020
20 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 1 2020
24 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST BR Root CA 1 2020
47 URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
H A DD-TRUST_EV_Root_CA_1_2020.pem2 ## D-TRUST EV Root CA 1 2020
20 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 1 2020
24 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST EV Root CA 1 2020
47 URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20EV%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
H A DD-TRUST_Root_Class_3_CA_2_2009.pem2 ## D-TRUST Root Class 3 CA 2 2009
19 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
23 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
56 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=…
58 URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl
H A DD-TRUST_Root_Class_3_CA_2_EV_2009.pem2 ## D-TRUST Root Class 3 CA 2 EV 2009
19 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
23 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
56 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20Gm…
58 URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl
/freebsd/crypto/heimdal/doc/
H A Dwin2k.texi21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
29 @node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heim…
86 @node Inter-Realm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configur…
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
95 By default the trust will be non-transitive. This means that only users
98 can also be used to add the trust between two realms.
111 Right click on Properties of your domain, select the Trust tab. Press
112 Add on the appropriate trust windows and enter domain name and
122 netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
130 understand them. Otherwise, the trust will not works.
[all …]
/freebsd/secure/caroot/untrusted/
H A DD-TRUST_Root_CA_3_2013.pem2 ## D-TRUST Root CA 3 2013
17 Issuer: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
21 Subject: C = DE, O = D-Trust GmbH, CN = D-TRUST Root CA 3 2013
54 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20CA%203%202013,O=D-Trust%20GmbH,C=DE?certifica…
56 URI:http://crl.d-trust.net/crl/d-trust_root_ca_3_2013.crl
/freebsd/contrib/unbound/testcode/
H A Dunitzonemd.c356 "verify DNSKEY RRset with trust anchor failed: have trust anchor, but zone has no DNSKEY"); in zonemd_verify_tests()
363 /* no trust anchor, so it succeeds for zone with a correct ZONEMD */ in zonemd_verify_tests()
369 /* trust anchor for another zone, so it is indeterminate */ in zonemd_verify_tests()
376 /* load a DNSSEC signed zone, but no trust anchor */ in zonemd_verify_tests()
384 /* load a DNSSEC zone with NSEC3, but no trust anchor */ in zonemd_verify_tests()
392 /* valid zonemd, in dnssec signed zone, no trust anchor*/ in zonemd_verify_tests()
400 /* valid zonemd, in dnssec NSEC3 zone, no trust anchor*/ in zonemd_verify_tests()
407 /* load a DNSSEC signed zone with a trust anchor, valid ZONEMD */ in zonemd_verify_tests()
413 /* load a DNSSEC NSEC3 signed zone with a trust anchor, valid ZONEMD */ in zonemd_verify_tests()
498 "verify DNSKEY RRset with trust anchor failed: signature crypto failed" in zonemd_verify_tests()
[all …]

12345678910>>...27