OSSL_CMP_CTX_new.pod - OpenGrok cross reference for /freebsd-src/crypto/openssl/doc/man3/OSSL_CMP_CTX

Lines Matching +full:pre +full:- +full:verified
65 - functions for managing the CMP client context data structure
173 It initializes the remaining fields to their default values - for instance,
176 and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE.
212         Number of seconds a CMP request-response message round trip
245             OSSL_CRMF_POPO_NONE       - ProofOfPossession field omitted
246             OSSL_CRMF_POPO_RAVERIFIED - assert that the RA has already
247                                         verified the PoPo
248             OSSL_CRMF_POPO_SIGNATURE  - sign a value with private key,
250             OSSL_CRMF_POPO_KEYENC     - decrypt the encrypted certificate
253         Note that a signature-based POPO can only be produced if a private key
259         for signature-based message protection and Proof-of-Possession (POPO).
263         The NID of the digest algorithm to be used as one-way function (OWF)
264         for MAC-based message protection with password-based MAC (PBM).
270         Default is HMAC-SHA1 as per RFC 4210.
275         values: 0..10 (RFC 5210, 5.3.1) or -1 for none, which is the default.
294         Send request or response messages without CMP-level protection.
309         validating signature-based protection in received CMP messages.
320         Taking it over as a trust anchor implements trust-on-first-use (TOFU).
442 used for signature-based peer authentication.
450 OSSL_CMP_CTX_set1_untrusted() sets up a list of non-trusted certificates
460 certificate, related to the private key for signature-based message protection.
463 When using signature-based protection of CMP request messages
481 for inclusion in the extraCerts field of signature-protected messages.
488 This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG)
494 I<len> to use as pre-shared secret, or clears it if the I<sec> argument is NULL.
495 If present, this secret is used to create MAC-based authentication and integrity
496 protection (rather than applying signature-based protection)
498 messages that have MAC-based protection (protectionAlg = C<MSG_MAC_ALG>).
505 then the sender field will contain the NULL-DN
507 When signature-based protection is used the senderKID will be set to
509 If not present or when MAC-based protection is used
521 as far as any of those is present, else the NULL-DN as last resort.
572 a Subject Alternative Name extension, else 0 or -1 on error.
597 verified using this trust store and untrusted certificates from the I<ctx>,
613 overrule the pre-decision given in the I<fail_info> and I<*txt> parameters.
620 Typically, the callback will check at least that the certificate can be verified
663 or -1 if no such response was received or OSSL_CMP_CTX_reinit() has been called.
667 OSSL_CMP_CTX_FAILINFO_badAlg. Returns -1 if the failInfoCode field is unset.
718 return the intended value as described above or -1 on error.
740 Set up symmetric credentials for MAC-based message protection such as PBM:
777 the id-it-signKeyPairTypes OID and prints info on the General Response contents:
805 Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.