openssl-verification-options.1 - OpenGrok cross reference for /freebsd-src/secure/usr.bin/openssl/man/openssl-verification-options.1

Lines Matching full:trust
169 .SS "Trust Anchors"
170 .IX Subsection "Trust Anchors"
171 In general, according to \s-1RFC 4158\s0 and \s-1RFC 5280,\s0 a \fItrust anchor\fR is
176 In practice, trust anchors are given in the form of certificates,
182 is used for matching trust anchors during chain building.
184 In the most simple and common case, trust anchors are by default
185 all self-signed \*(L"root\*(R" \s-1CA\s0 certificates that are placed in the \fItrust store\fR,
187 This is akin to what is used in the trust stores of Mozilla Firefox,
190 From the OpenSSL perspective, a trust anchor is a certificate
192 uses of a target certificate the certificate may serve as a trust anchor.
194 Such a designation provides a set of positive trust attributes
195 explicitly stating trust for the listed purposes
196 and/or a set of negative trust attributes
211 is considered a trust anchor for the given use
214 It is an an element of the trust store.
216 It does not have a negative trust attribute rejecting the given use.
218 It has a positive trust attribute accepting the given use
225 and ending in a trust anchor.
236 In this case it must fully match a trust anchor, otherwise chain building fails.
252 The lookup first searches for issuer certificates in the trust store.
274 The third step is to check the trust settings on the last certificate
278 with no trust attributes is considered to be valid for all uses.
299 that can be used as trust anchors for certain uses.
300 As mentioned, a collection of such certificates is called a \fItrust store\fR.
302 Note that OpenSSL does not provide a default set of trust anchors.  Many
304 to that.  Mozilla maintains an influential trust store that can be found at
307 The certificates to add to the trust store
313 PEM-encoded certificates may also have trust attributes set.
320 i.e., a trust store.
444 (because it has no matching positive trust attributes and is not self-signed)
445 but is an element of the trust store.
471 Each of them qualifies as trusted if has a suitable positive trust attribute
475 only certificates specified using the \fB\-trusted\fR option are trust anchors.
482 construct a certificate chain from the target certificate to a trust anchor.
521 end-entity certificate nor the trust-anchor certificate count against the
537 Use default verification policies like trust model and required certificate
539 The trust model determines which auxiliary trust or reject OIDs are applicable
545 These mimics the combinations of purpose and trust settings used in \s-1SSL, CMS\s0
547 As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not