Home
last modified time | relevance | path

Searched refs:trust (Results 1 – 25 of 142) sorted by relevance

123456

/freebsd/crypto/openssl/crypto/x509/
H A Dx509_trust.c18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
54 return (*a)->trust - (*b)->trust; in tr_cmp()
57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, in X509_TRUST_set_default()
61 default_trust = trust; in X509_TRUST_set_default()
106 tmp.trust = id; in X509_TRUST_get_by_id()
113 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument
115 if (X509_TRUST_get_by_id(trust) < 0) { in X509_TRUST_set()
119 *t = trust; in X509_TRUST_set()
[all …]
H A Dx_x509a.c27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
114 if (aux->trust == NULL in X509_add1_trust_object()
115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object()
117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object()
149 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear()
150 x->aux->trust = NULL; in X509_trust_clear()
165 return x->aux->trust; in STACK_OF()
H A Dx509_vfy.c424 tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); in check_purpose()
817 int trust; in check_trust() local
824 trust = check_dane_issuer(ctx, num_untrusted); in check_trust()
825 if (trust != X509_TRUST_UNTRUSTED) in check_trust()
826 return trust; in check_trust()
837 trust = X509_check_trust(x, ctx->param->trust, 0); in check_trust()
839 if (trust == X509_TRUST_TRUSTED) in check_trust()
841 if (trust == X509_TRUST_REJECTED) in check_trust()
873 trust = X509_check_trust(mx, ctx->param->trust, 0); in check_trust()
874 if (trust == X509_TRUST_REJECTED) { in check_trust()
[all …]
H A Dx509_vpm.c91 param->trust = X509_TRUST_DEFAULT; in X509_VERIFY_PARAM_new()
173 x509_verify_param_copy(trust, X509_TRUST_DEFAULT); in X509_VERIFY_PARAM_inherit()
306 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) in X509_VERIFY_PARAM_set_trust() argument
308 return X509_TRUST_set(&param->trust, trust); in X509_VERIFY_PARAM_set_trust()
H A Dt_x509.c343 STACK_OF(ASN1_OBJECT) *trust, *reject; in X509_aux_print()
349 trust = X509_get0_trust_objects(x); in X509_aux_print()
351 if (trust) { in X509_aux_print()
354 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { in X509_aux_print()
360 sk_ASN1_OBJECT_value(trust, i), 0); in X509_aux_print()
/freebsd/lib/libsecureboot/
H A Dveta.c48 trust_file_add(const char *trust) in trust_file_add() argument
53 xcs = read_certificates(trust, &num); in trust_file_add()
58 else if (load_key_file(trust)) { in trust_file_add()
71 trust_dir_add(const char *trust) in trust_dir_add() argument
80 if (!(dh = opendir(trust))) in trust_dir_add()
85 sz = snprintf(fbuf, sizeof(fbuf), "%s/%s", trust, de->d_name); in trust_dir_add()
100 ve_trust_add(const char *trust) in ve_trust_add() argument
104 if (stat(trust, &st) < 0) in ve_trust_add()
107 return (trust_dir_add(trust)); in ve_trust_add()
108 return (trust_file_add(trust)); in ve_trust_add()
H A DREADME.rst6 To do that, the necessary trust anchors need to be available.
11 The makefile ``local.trust.mk`` is responsible for doing that.
16 provide access to the necessary trust anchors.
69 we want the trust anchor in a file named ``t*.asc``
98 certificate (trust anchor). This is expected to be in a file named
130 you need to provide a suitable file signed by each supported trust
134 have the same extension as the corresponding trust anchor.
140 signed by the corresponding trust anchor.
/freebsd/crypto/openssl/doc/man3/
H A DX509_STORE_CTX_new.pod52 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
54 int purpose, int trust);
156 Among others, the parameters determine the trust model and verification purpose.
176 certificate itself. In addition the trust store containing trusted certificates
177 can declare what purposes we trust different certificates for. This "trust"
183 administrator might only trust it for the former. An X.509 certificate extension
200 purpose also has an associated default trust value which will also be set at the
201 same time. During verification this trust setting will be verified to check it
202 is consistent with the trust set by the system administrator for certificates in
205 X509_STORE_CTX_set_trust() sets the trust value for the target certificate
[all …]
H A DX509_VERIFY_PARAM_set_flags.pod38 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
95 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
96 B<trust>.
114 neither the end-entity certificate nor the trust-anchor count against this
117 directly by the trust anchor, while with a B<depth> limit of 1 there can be one
118 intermediate CA certificate between the trust anchor and the end-entity
127 The signature algorithm security level is not enforced for the chain's I<trust
300 in L<X509_verify_cert(3)> searches the trust store for issuer certificates
304 This is especially important when some certificates in the trust store have
305 explicit trust settings (see "TRUST SETTINGS" in L<openssl-x509(1)>).
[all …]
H A DOSSL_CMP_validate_msg.pod24 In the former case a suitable trust anchor must be given in the CMP context
39 using any trust store set via L<OSSL_CMP_CTX_set0_trustedStore(3)>.
44 as a trust anchor for the path verification of an 'acceptable' cert if it can be
50 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
H A DSSL_CTX_get0_param.pod21 int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
22 int SSL_set_trust(SSL *ssl, int trust);
38 which set the trust parameter on the verification parameters object. These
H A DX509_verify_cert.pod24 Else the chain must reach a trust anchor contained in I<store>.
31 A self-signed trust anchor is included only if I<target> is the trust anchor
40 a set of certificates serving as trust anchors,
/freebsd/contrib/unbound/services/cache/
H A Drrset.c144 if( newd->trust > cached->trust ) { in need_to_update_rrset()
156 if( newd->trust == cached->trust && !equal ) { in need_to_update_rrset()
393 if(updata->trust > cachedata->trust) in rrset_update_sec_status()
394 cachedata->trust = updata->trust; in rrset_update_sec_status()
441 if(cachedata->trust > updata->trust) in rrset_check_sec_status()
442 updata->trust = cachedata->trust; in rrset_check_sec_status()
H A Ddns.c807 newd->trust = rrset_trust_ans_noAA; in synth_dname_msg()
861 if(d->trust == rrset_trust_add_noAA || in fill_any()
862 d->trust == rrset_trust_auth_noAA || in fill_any()
863 d->trust == rrset_trust_add_AA || in fill_any()
864 d->trust == rrset_trust_auth_AA) { in fill_any()
995 if(d->trust != rrset_trust_add_noAA && in dns_cache_lookup()
996 d->trust != rrset_trust_add_AA && in dns_cache_lookup()
998 (d->trust != rrset_trust_auth_noAA in dns_cache_lookup()
999 && d->trust != rrset_trust_auth_AA) )) { in dns_cache_lookup()
/freebsd/crypto/openssl/doc/man1/
H A Dopenssl-verification-options.pod40 In general, according to RFC 4158 and RFC 5280, a I<trust anchor> is
45 In practice, trust anchors are given in the form of certificates,
51 is used for matching trust anchors during chain building.
53 In the most simple and common case, trust anchors are by default
54 all self-signed "root" CA certificates that are placed in the I<trust store>,
56 This is akin to what is used in the trust stores of Mozilla Firefox,
59 From the OpenSSL perspective, a trust anchor is a certificate
61 uses of a target certificate the certificate may serve as a trust anchor.
63 Such a designation provides a set of positive trust attributes
64 explicitly stating trust for the listed purposes
[all …]
/freebsd/secure/caroot/
H A DMAca-bundle.pl215 my $trust = ($maytrust and not $distrust);
216 return ($serial, $cka_label, $trust);
240 my ($serial, $label, $trust) = grabtrust($inputfh);
244 $trusts{$label."\0".$serial} = $trust;
/freebsd/crypto/heimdal/doc/
H A Dwin2k.texi21 * Inter-Realm keys (trust) between Windows and a Heimdal KDC::
29 @node Configuring Windows to use a Heimdal KDC, Inter-Realm keys (trust) between Windows and a Heim…
86 @node Inter-Realm keys (trust) between Windows and a Heimdal KDC, Create account mappings, Configur…
88 @section Inter-Realm keys (trust) between Windows and a Heimdal KDC
95 By default the trust will be non-transitive. This means that only users
98 can also be used to add the trust between two realms.
112 Add on the appropriate trust windows and enter domain name and
122 netdom trust NT.REALM.EXAMPLE.COM /Domain:EXAMPLE.COM /add /realm /passwordt:TrustPassword
130 understand them. Otherwise, the trust will not works.
140 For Windows 2003RC2, to change the trust encryption type, you have to use the
[all …]
/freebsd/contrib/ntp/libntp/
H A Dauthkeys.c635 u_long trust in authtrust()
647 if (!trust && sk == NULL) in authtrust()
663 if (trust > 0) { in authtrust()
665 if (trust > 1) in authtrust()
666 sk->lifetime = current_time + trust; in authtrust()
679 if (trust > 1) { in authtrust()
680 lifetime = current_time + trust; in authtrust()
632 authtrust(keyid_t id,u_long trust) authtrust() argument
/freebsd/contrib/unbound/doc/
H A DFEATURES33 RFC 2181: completely, including the trust model, keeping rrsets together.
43 RFC 5011: update of trust anchors with timers.
76 draft-ietf-dnsop-dnssec-trust-anchor(-01): DS records can be configured
77 as trust anchors. Also DNSKEYs are allowed, by the way.
/freebsd/crypto/openssl/include/openssl/
H A Dx509_vfy.h.in75 /* This is used for a table of trust checking functions */
77 int trust; member
88 /* standard trust ids */
105 /* No compat trust if self-signed, preempts "DO_SS" */
107 /* Compat trust if no explicit accepted trust EKUs */
109 /* Accept "anyEKU" as a wildcard rejection OID and as a wildcard trust OID */
117 int X509_TRUST_set(int *t, int trust);
136 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
409 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
673 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
[all …]
/freebsd/contrib/bearssl/samples/
H A DREADME.txt11 certificate against two hardcoded trust anchors.
24 certificate chains link to the trust anchors that are hardcoded
/freebsd/crypto/openssl/apps/
H A Dx509.c268 STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL; in x509_main()
430 if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL) in x509_main()
437 sk_ASN1_OBJECT_push(trust, objtmp); in x509_main()
788 if (trust != NULL) { in x509_main()
789 for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) in x509_main()
790 X509_add1_trust_object(x, sk_ASN1_OBJECT_value(trust, i)); in x509_main()
1081 sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); in x509_main()
/freebsd/secure/caroot/trusted/
H A DD-TRUST_BR_Root_CA_1_2020.pem47 URI:http://crl.d-trust.net/crl/d-trust_br_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20BR%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
H A DD-TRUST_EV_Root_CA_1_2020.pem47 URI:http://crl.d-trust.net/crl/d-trust_ev_root_ca_1_2020.crl
49 …URI:ldap://directory.d-trust.net/CN=D-TRUST%20EV%20Root%20CA%201%202020,O=D-Trust%20GmbH,C=DE?cert…
/freebsd/contrib/bearssl/test/x509/
H A Dalltests.txt110 ; Intermediate CA 1 as trust anchor.
117 ; Intermediate CA 2 as trust anchor.
124 ; EE certificate as trust anchor (direct trust only).
142 ; Valid chain except that no trust anchor is provided; this should fail
175 ; Direct trust of EE.
470 ; use a direct trust model here.
482 ; use a direct trust model here.

123456