Lines Matching full:s0

302 This is the context \s-1API\s0 for using \s-1CMP\s0 (Certificate Management Protocol) with
305 \&\fBOSSL_CMP_CTX_new()\fR allocates an \fB\s-1OSSL_CMP_CTX\s0\fR structure associated with
307 both of which may be \s-1NULL\s0 to select the defaults.
309 the logging verbosity is set to \s-1OSSL_CMP_LOG_INFO,\s0
311 and the proof-of-possession method is set to \s-1OSSL_CRMF_POPO_SIGNATURE.\s0
313 \&\fBOSSL_CMP_CTX_free()\fR deallocates an \s-1OSSL_CMP_CTX\s0 structure.
316 clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo,
320 All other field values (i.e., \s-1CMP\s0 options) are retained for potential reuse.
323 (e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure.
326 .IP "\fB\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0\fR" 4
333 .IP "\fB\s-1OSSL_CMP_OPT_KEEP_ALIVE\s0\fR" 4
343 .IP "\fB\s-1OSSL_CMP_OPT_MSG_TIMEOUT\s0\fR" 4
351 .IP "\fB\s-1OSSL_CMP_OPT_TOTAL_TIMEOUT\s0\fR" 4
359 .IP "\fB\s-1OSSL_CMP_OPT_VALIDITY_DAYS\s0\fR" 4
364 .IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR" 4
370 .IP "\fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL\s0\fR" 4
375 .IP "\fB\s-1OSSL_CMP_OPT_POLICIES_CRITICAL\s0\fR" 4
380 .IP "\fB\s-1OSSL_CMP_OPT_POPO_METHOD\s0\fR" 4
396 .IP "\fB\s-1OSSL_CMP_OPT_DIGEST_ALGNID\s0\fR" 4
403s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) for MAC-b…
406s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used for message protection with \s-1PBM.\s…
408 .IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4
415 .IP "\fB\s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0\fR" 4
423 .IP "\fB\s-1OSSL_CMP_OPT_DISABLE_CONFIRM\s0\fR" 4
432 .IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_SEND\s0\fR" 4
437 .IP "\fB\s-1OSSL_CMP_OPT_UNPROTECTED_ERRORS\s0\fR" 4
448 .IP "\fB\s-1OSSL_CMP_OPT_IGNORE_KEYUSAGE\s0\fR" 4
455 .IP "\fB\s-1OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR\s0\fR" 4
463 (e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) from the given \s-1OSSL_CMP_CTX\s0 structure.
467 When \fIcb\fR is \s-1NULL\s0 errors are printed to \s-1STDERR\s0 (if available, else ignored)
469 Alternatively, \fBOSSL_CMP_log_open\fR\|(3) may be used to direct logging to \s-1STDOUT.\s0
472 \&\s-1OSSL_CMP_OPT_LOG_VERBOSITY\s0 context option to the given level.
475 is similar to \fBERR_print_errors_cb\fR\|(3) but uses the \s-1CMP\s0 log callback function
476 if set in the \fIctx\fR for uniformity with \s-1CMP\s0 logging if given. Otherwise it uses
477 \&\fBERR_print_errors\fR\|(3) to print to \s-1STDERR\s0 (unless \s-1OPENSSL_NO_STDIO\s0 is defined).
479 \&\fBOSSL_CMP_CTX_set1_serverPath()\fR sets the \s-1HTTP\s0 path of the \s-1CMP\s0 server on the ho…
480 also known as \*(L"\s-1CMP\s0 alias\*(R".
484 (which may be a hostname or \s-1IP\s0 address or \s-1NULL\s0) in the given \fIctx\fR.
486 \&\fBOSSL_CMP_CTX_set_serverPort()\fR sets the port of the \s-1CMP\s0 server to connect to.
488 the default port applies, which is 80 for \s-1HTTP\s0 and 443 for \s-1HTTPS.\s0
490 \&\fBOSSL_CMP_CTX_set1_proxy()\fR sets the \s-1HTTP\s0 proxy to be used for connecting to
491 the given \s-1CMP\s0 server unless overruled by any \*(L"no_proxy\*(R" settings (see below).
492 If \s-1TLS\s0 is not used this defaults to the value of
501 an \s-1HTTP\s0 proxy for. The names may be separated by commas and/or whitespace.
504 \&\fBOSSL_CMP_CTX_set_http_cb()\fR sets the optional \s-1BIO\s0 connect/disconnect callback
513 stored in the \s-1OSSL_CMP_CTX\s0 by means of \fBOSSL_CMP_CTX_set_http_cb_arg()\fR.
516 argument being 1 if \s-1HTTPS\s0 is requested, i.e., \s-1SSL/TLS\s0 should be enabled. On
518 For instance, on connect the function may prepend a \s-1TLS BIO\s0 to implement \s-1HTTPS\s0;
520 The function should return \s-1NULL\s0 to indicate failure.
521 After disconnect the modified \s-1BIO\s0 will be deallocated using \fBBIO_free_all()\fR.
527 needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry.
531 \&\fBOSSL_CMP_CTX_set_http_cb_arg()\fR or \s-1NULL\s0 if unset.
543 Default is \s-1NULL,\s0 which implies the use of \fBOSSL_CMP_MSG_http_perform\fR\|(3).
544 The callback should send the \s-1CMP\s0 request message it obtains via the \fIreq\fR
545 parameter and on success return the response, else it must return \s-1NULL.\s0
553 needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry.
557 \&\fBOSSL_CMP_CTX_set_transfer_cb_arg()\fR or \s-1NULL\s0 if unset.
561 This pins the accepted \s-1CMP\s0 server and
564 The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry.
566 as default value for the recipient of \s-1CMP\s0 requests
567 and as default value for the expected sender of \s-1CMP\s0 responses.
569 \&\fBOSSL_CMP_CTX_set1_expected_sender()\fR sets the Distinguished Name (\s-1DN\s0)
570 expected in the sender field of incoming \s-1CMP\s0 messages.
573 \&\s-1CMP\s0 message signer, and attackers are not able to use arbitrary certificates
574 of a trusted \s-1PKI\s0 hierarchy to fraudulently pose as \s-1CMP\s0 server.
580 sets in the \s-1CMP\s0 context \fIctx\fR the certificate store of type X509_STORE
586 When given a \s-1NULL\s0 parameter the entry is cleared.
589 extracts from the \s-1CMP\s0 context \fIctx\fR the pointer to the currently set
593 of intermediate CAs that may be useful for path construction for the own \s-1CMP\s0
594 signer certificate, for the own \s-1TLS\s0 certificate (if any), when verifying peer
595 \&\s-1CMP\s0 protection certificates, and when verifying newly enrolled certificates.
598 OSSL_CMP_CTX_get0_untrusted(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the
601 \&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate, also called protection
605 When using signature-based protection of \s-1CMP\s0 request messages
606 this \s-1CMP\s0 signer certificate will be included first in the extraCerts field.
612 The \fIcert\fR argument may be \s-1NULL\s0 to clear the entry.
614 \&\fBOSSL_CMP_CTX_build_cert_chain()\fR builds a certificate chain for the \s-1CMP\s0 signer
616 a list of intermediate \s-1CA\s0 certs that may already constitute the targeted chain,
619 If \fIown_trusted\fR is \s-1NULL\s0 it builds the chain as far down as possible and
620 ignores any verification errors. Else the \s-1CMP\s0 signer certificate must be
626 with the \fIcandidates\fR and \fIown_trusted\fR arguments being \s-1NULL.\s0
629 \&\s-1CMP\s0 signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR.
630 This key is used create signature-based protection (protectionAlg = \s-1MSG_SIG_ALG\s0)
633 The \fIpkey\fR argument may be \s-1NULL\s0 to clear the entry.
636 \&\fIlen\fR to use as pre-shared secret, or clears it if the \fIsec\fR argument is \s-1NULL.\s0
643 length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is \s-1NULL.\s0
644 According to \s-1RFC 4210\s0 section 5.1.1, if no value for the sender field in
645 \&\s-1CMP\s0 message headers can be determined (i.e., no \s-1CMP\s0 signer certificate
646 and no subject \s-1DN\s0 is set via \fBOSSL_CMP_CTX_set1_subjectName()\fR
648 and the senderKID field of the \s-1CMP\s0 message header must be set.
650 the subjectKeyIdentifier of the \s-1CMP\s0 signer certificate as far as present.
655 PKIHeader of \s-1CMP\s0 request messages, i.e. the X509 name of the (\s-1CA\s0) server.
657 The recipient field in the header of a \s-1CMP\s0 message is mandatory.
659 the subject of the \s-1CMP\s0 server certificate set using \fBOSSL_CMP_CTX_set1_srvCert()\fR,
662 the issuer of the \s-1CMP\s0 signer certificate,
666 added to the GeneralInfo field of the \s-1CMP\s0 PKIMessage header of a request
675 \&\fBOSSL_CMP_CTX_set0_newPkey()\fR can be used to explicitly set the given \s-1EVP_PKEY\s0
676 structure as the private or public key to be certified in the \s-1CMP\s0 context.
680 dependent on fields of the \s-1CMP\s0 context structure:
684 private component then \s-1NULL\s0 is returned.
687 will be set in the CertTemplate, i.e., the X509 name of the \s-1CA\s0 server.
689 \&\fBOSSL_CMP_CTX_set1_subjectName()\fR sets the subject \s-1DN\s0 that will be used in
691 (\s-1KUR\s0), it defaults to the subject \s-1DN\s0 of the reference certificate,
693 Requests (\s-1IR\s0) and Certification Requests (\s-1CR\s0) only if no SANs are set.
695 of outgoing \s-1CMP\s0 messages if no reference certificate is available.
701 By default, unless \fB\s-1OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT\s0\fR has been set,
704 If set and the subject \s-1DN\s0 is not set with \fBOSSL_CMP_CTX_set1_subjectName()\fR then
705 the certificate template of an \s-1IR\s0 and \s-1CR\s0 will not be filled with the default
706 subject \s-1DN\s0 from the reference certificate.
707 If a subject \s-1DN\s0 is desired it needs to be set explicitly with
711 \&\s-1IR/CR/KUR.\s0
720 Key Update Requests (\s-1KUR\s0) or to be revoked in Revocation Requests (\s-1RR\s0).
721 It must be given for \s-1RR,\s0 else it defaults to the \s-1CMP\s0 signer certificate.
723 deriving default subject \s-1DN,\s0 public key, Subject Alternative Names, and the
724 default issuer entry in the requested certificate template of \s-1IR/CR/KUR.\s0
726 in \s-1CMP\s0 message headers.
727 Its issuer is used as default recipient in \s-1CMP\s0 message headers.
729 \&\fBOSSL_CMP_CTX_set1_p10CSR()\fR sets the PKCS#10 \s-1CSR\s0 to use in P10CR messages.
730 If such a \s-1CSR\s0 is provided, its subject, public key, and extension fields are
731 also used as fallback values for the certificate template of \s-1IR/CR/KUR\s0 messages.
737 If the callback argument is not \s-1NULL\s0 it must point to a trust store.
742 If the callback argument is \s-1NULL\s0 the function tries building an approximate
766 It also could compare the subject \s-1DN\s0 and other fields of the newly
772 needed any more. \fIarg\fR may be \s-1NULL\s0 to clear the entry.
776 \&\fBOSSL_CMP_CTX_set_certConf_cb_arg()\fR, or \s-1NULL\s0 if unset.
780 =item \fBOSSL_CMP_PKISTATUS_accepted\fR on successful receipt of a \s-1GENP\s0 message:
783 if an \s-1IR/CR/KUR/RR/GENM\s0 request message could not be produced,
796 CertRepMessage or Revocation Response or error message, or \s-1NULL\s0 if unset.
803 The flags start with \s-1OSSL_CMP_CTX_FAILINFO,\s0 for example:
807 certificate in case it is available, else \s-1NULL.\s0
811 been called) on the last received certificate response message \s-1IP/CP/KUP.\s0
815 response message (of type \s-1IP, CP,\s0 or \s-1KUP\s0),
823 \&\fBOSSL_CMP_CTX_set1_transactionID()\fR sets the given transaction \s-1ID\s0 in the given
824 \&\s-1OSSL_CMP_CTX\s0 structure.
830 \&\s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0).
847 return the intended pointer value as described above or \s-1NULL\s0 on error.
866 Set up a \s-1CMP\s0 client context for sending requests and verifying responses:
876 Set up symmetric credentials for MAC-based message protection such as \s-1PBM:\s0
896 Reset the transaction state of the \s-1CMP\s0 context and the credentials:
925 the id-it-signKeyPairTypes \s-1OID\s0 and prints info on the General Response contents:
947 The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0.
956 in the file \s-1LICENSE\s0 in the source distribution or at