Home
last modified time | relevance | path

Searched refs:dane (Results 1 – 17 of 17) sorted by relevance

/freebsd/crypto/openssl/include/internal/
H A Ddane.h79 #define DANETLS_ENABLED(dane) \ argument
80 ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
94 #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) argument
95 #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) argument
96 #define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) argument
97 #define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) argument
99 #define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) argument
100 #define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) argument
101 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) argument
102 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) argument
/freebsd/crypto/openssl/crypto/x509/
H A Dx509_vfy.c295 ret = DANETLS_ENABLED(ctx->dane) ? dane_verify(ctx) : verify_chain(ctx); in X509_verify_cert()
815 SSL_DANE *dane = ctx->dane; in check_trust() local
823 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust()
897 if (!DANETLS_ENABLED(dane)) in check_trust()
899 if (dane->pdpth < 0) in check_trust()
900 dane->pdpth = num_untrusted; in check_trust()
902 if (dane->mdpth >= 0) in check_trust()
2348 ctx->dane = NULL; in X509_STORE_CTX_init()
2647 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument
2649 ctx->dane = dane; in X509_STORE_CTX_set0_dane()
[all …]
/freebsd/crypto/openssl/ssl/
H A Dssl_lib.c170 static void dane_final(SSL_DANE *dane) in dane_final() argument
172 sk_danetls_record_pop_free(dane->trecs, tlsa_free); in dane_final()
173 dane->trecs = NULL; in dane_final()
175 sk_X509_pop_free(dane->certs, X509_free); in dane_final()
176 dane->certs = NULL; in dane_final()
178 X509_free(dane->mcert); in dane_final()
179 dane->mcert = NULL; in dane_final()
180 dane->mtlsa = NULL; in dane_final()
181 dane->mdpth = -1; in dane_final()
182 dane->pdpth = -1; in dane_final()
[all …]
H A Dssl_cert.c425 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain()
426 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
H A Dssl_local.h1133 struct dane_ctx_st dane; member
1446 SSL_DANE dane; member
/freebsd/contrib/ldns/
H A DMakefile.in92 LDNS_LOBJS = buffer.lo dane.lo dname.lo dnssec.lo dnssec_sign.lo dnssec_verify.lo dnssec_zone.lo du…
97 LDNS_HEADERS = buffer.h dane.h dname.h dnssec.h dnssec_sign.h dnssec_verify.h dnssec_zone.h duratio…
105 EXAMPLE_LOBJS = examples/ldns-chaos.lo examples/ldns-compare-zones.lo examples/ldns-dane.lo example…
107 EX_PROGS_BASENM = ldns-chaos ldns-compare-zones ldns-dane ldnsd ldns-dpa ldns-gen-zone ldns-key2ds …
108 EXAMPLE_PROGS_EX= ^examples/ldns-testpkts\.c|examples/ldns-testns\.c|examples/ldns-dane\.c|examples…
113 LDNS_DANE = examples/ldns-dane
114 LDNS_DANE_LOBJS = examples/ldns-dane.lo
191 …E_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) examples/ldns-dane.1 examples/ldns-ver…
221 examples/ldns-dane.1: $(srcdir)/examples/ldns-dane.1.in
222 $(edit) $(srcdir)/examples/ldns-dane.1.in > examples/ldns-dane.1
[all …]
H A Dconfigure.ac616 AC_ARG_ENABLE(dane, AC_HELP_STRING([--disable-dane], [Disable DANE support])) optenable
617 AC_ARG_ENABLE(dane-verify, AC_HELP_STRING([--disable-dane-verify], [Disable DANE verify support]))
618 AC_ARG_ENABLE(dane-ta-usage, AC_HELP_STRING([--disable-dane-ta-usage], [Disable DANE-TA usage type …
620 AC_ARG_ENABLE(full-dane,, [
625 AC_ARG_ENABLE(no-dane-ta-usage,, [
630 AC_ARG_ENABLE(no-dane-verify,, [
645 …C_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])])
663 …e upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usa…
988 …r=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDI…
995 …a-file, AC_HELP_STRING([--with-ca-file=CAFILE], [File containing CA certificates for ldns-dane]), [
[all …]
H A DChangelog195 * Let ldns-dane use SPKI as the default selector i.s.o. Cert
200 * bugfix #697: Double free with ldns-dane create
214 * bugfix: ldns-dane manpage correction
263 disabled with --disable-dane-ta-usage).
282 * Add --disable-dane option to configure and check availability of the
283 for dane needed X509_check_ca function in openssl.
292 * -T option for ldns-dane that has specific exit status for PKIX
305 * Use SNI with ldns-dane
316 * ldns-dane setup new ssl session for each new connect to prevent hangs
349 * DANE support (RFC6698), including ldns-dane example tool.
[all …]
H A Dconfigure1504 --disable-dane Disable DANE support
1505 --disable-dane-verify Disable DANE verify support
1506 --disable-dane-ta-usage Disable DANE-TA usage type support
/freebsd/contrib/sendmail/src/
H A Dtls.h148 # define CHK_DANE(dane) (DANEMODE((dane)) != DANE_NEVER) argument
H A Ddeliver.c63 # define DANE_SEC(dane) (DANE_SECURE == DANEMODE((dane))) argument
1739 # define CHK_DANE_RCPT(dane, rcpt) (CHK_DANE(dane) && \ argument
1740 (RCPT_MXSECURE(rcpt) || DANE_ALWAYS == DANEMODE(dane)))
/freebsd/lib/libldns/
H A DMakefile13 SRCS= buffer.c dane.c dname.c dnssec.c dnssec_sign.c dnssec_verify.c \
/freebsd/crypto/openssl/crypto/err/
H A Dopenssl.txt1311 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
1317 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
1318 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
1319 SSL_R_DANE_NOT_ENABLED:175:dane not enabled
1320 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
1321 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
1322 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
1323 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
1324 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
1325 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
[all …]
/freebsd/crypto/openssl/include/crypto/
H A Dx509.h278 SSL_DANE *dane; member
/freebsd/crypto/openssl/include/openssl/
H A Dx509_vfy.h789 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
H A Dx509_vfy.h.in692 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
/freebsd/contrib/unbound/doc/
H A DChangelog6152 - RR Type OPENPGPKEY support (draft-ietf-dane-openpgpkey-07).