| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man3/ |
| H A D | SSL_CTX_load_verify_locations.pod | 7 default locations for trusted CA certificates
25 which CA certificates for verification purposes are located. The certificates
29 which CA certificates are loaded should be used. There is one default directory
30 and one default file. The default CA certificates directory is called "certs" in
32 variable can be defined to override this location. The default CA certificates
46 If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
47 format. The file can contain several CA certificates identified by
53 sequences. Before, between, and after the certificates text is allowed
54 which can be used e.g. for descriptions of the certificates.
59 If B<CApath> is not NULL, it points to a directory containing CA certificates
[all …]
|
| H A D | X509_STORE_add_cert.pod | 36 holding information about X.509 certificates and CRLs, and constructing
37 and validating chains of certificates terminating in trusted roots.
39 with large numbers of certificates, and a great deal of flexibility in
43 no information about trusted certificates or where such certificates
45 certificates will be added to the B<X509_STORE> to prepare it for use,
53 certificate to be verified and an additional set of untrusted certificates
55 certificates included in the B<X509_STORE> are certificates that represent
57 OpenSSL represents these trusted certificates internally as B<X509> objects
60 The public interfaces that operate on such trusted certificates still
82 to specify just a file, just a directory, or both paths. The certificates
[all …]
|
| H A D | SSL_CTX_add_extra_chain_cert.pod | 6 extra chain certificates
18 certificates associated with B<ctx>. Several certificates can be added one
21 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
28 When sending a certificate chain, extra chain certificates are sent in order
32 available CA certificates in the trusted CA storage, see
41 Only one set of extra chain certificates can be specified per SSL_CTX
42 structure. Different chains for different certificates (for example if both
43 RSA and DSA certificates are specified by the same server) or different SSL
|
| H A D | PKCS7_verify.pod | 20 The optional I<certs> parameter refers to a set of certificates
21 in which to search for signer's certificates.
22 I<p7> may contain extra untrusted CA certificates that may be used for
31 PKCS7_get0_signers() retrieves the signer's certificates from I<p7>, it does
48 An attempt is made to locate all the signer's certificates, first looking in
50 certificates contained in the I<p7> structure unless B<PKCS7_NOINTERN> is set.
51 If any signer's certificates cannot be located the operation fails.
55 Any internal certificates in the message, which may have been added using
72 If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
73 searched when locating the signer's certificates.
[all …]
|
| H A D | SSL_load_client_CA_file.pod | 23 SSL_load_client_CA_file() reads certificates from I<file> and returns
26 SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
29 SSL_add_dir_cert_subjects_to_stack() reads certificates from every
35 SSL_load_client_CA_file() reads a file of PEM formatted certificates and
36 extracts the X509_NAMES of the certificates found. While the name suggests
39 it is not limited to CA certificates.
53 Pointer to the subject names of the successfully read certificates.
|
| H A D | CMS_verify.pod | 21 The optional I<certs> parameter refers to a set of certificates
22 in which to search for signing certificates.
23 I<cms> may contain extra untrusted CA certificates that may be used for
45 certificates contained in the I<cms> structure unless B<CMS_NOINTERN> is set.
50 Any internal certificates in the message, which may have been added using
65 If B<CMS_NOINTERN> is set the certificates in the message itself are not
67 This means that all the signing certificates must be in the I<certs> parameter.
76 If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
87 a small number of certificates. The acceptable certificates would be passed
89 of the certificates supplied in I<certs> then the verify will fail because the
[all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man3/ |
| H A D | SSL_CTX_load_verify_locations.pod | 9 - set default locations for trusted CA certificates
32 locations for B<ctx>, at which CA certificates for verification purposes
33 are located. The certificates available via B<CAfile>, B<CApath> and
40 which CA certificates are loaded should be used. There is one default directory,
42 The default CA certificates directory is called F<certs> in the default OpenSSL
46 The default CA certificates file is called F<cert.pem> in the default
65 If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
66 format. The file can contain several CA certificates identified by
72 sequences. Before, between, and after the certificates text is allowed
73 which can be used e.g. for descriptions of the certificates.
[all …]
|
| H A D | SSL_CTX_add_extra_chain_cert.pod | 9 - add, get or clear extra chain certificates
23 certificates associated with B<ctx>. Several certificates can be added one
26 SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
31 SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
35 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
42 When sending a certificate chain, extra chain certificates are sent in order
46 available CA certificates in the trusted CA storage, see
55 Only one set of extra chain certificates can be specified per SSL_CTX
56 structure. Different chains for different certificates (for example if both
57 RSA and DSA certificates are specified by the same server) or different SSL
|
| H A D | PKCS7_verify.pod | 20 The optional I<certs> parameter refers to a set of certificates
21 in which to search for signer's certificates.
22 I<p7> may contain extra untrusted CA certificates that may be used for
31 PKCS7_get0_signers() retrieves the signer's certificates from I<p7>, it does
48 An attempt is made to locate all the signer's certificates, first looking in
50 certificates contained in the I<p7> structure unless B<PKCS7_NOINTERN> is set.
51 If any signer's certificates cannot be located the operation fails.
55 Any internal certificates in the message, which may have been added using
72 If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
73 searched when locating the signer's certificates.
[all …]
|
| H A D | X509_STORE_add_cert.pod | 50 holding information about X.509 certificates and CRLs, and constructing
51 and validating chains of certificates terminating in trusted roots.
53 with large numbers of certificates, and a great deal of flexibility in
61 no information about trusted certificates or where such certificates
63 certificates will be added to the B<X509_STORE> to prepare it for use,
71 certificate to be verified and an additional set of untrusted certificates
73 certificates included in the B<X509_STORE> are certificates that represent
75 OpenSSL represents these trusted certificates internally as B<X509> objects
78 The public interfaces that operate on such trusted certificates still
107 The certificates in the directory must be in hashed form, as
[all …]
|
| H A D | SSL_load_client_CA_file.pod | 29 SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
36 SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
39 SSL_add_dir_cert_subjects_to_stack() reads certificates from every
43 SSL_add_store_cert_subjects_to_stack() loads certificates from the
49 SSL_load_client_CA_file() reads a file of PEM formatted certificates and
50 extracts the X509_NAMES of the certificates found. While the name suggests
53 it is not limited to CA certificates.
68 Pointer to the subject names of the successfully read certificates.
|
| H A D | CMS_verify.pod | 21 The optional I<certs> parameter refers to a set of certificates
22 in which to search for signing certificates.
23 I<cms> may contain extra untrusted CA certificates that may be used for
45 certificates contained in the I<cms> structure unless B<CMS_NOINTERN> is set.
50 Any internal certificates in the message, which may have been added using
65 If B<CMS_NOINTERN> is set the certificates in the message itself are not
67 This means that all the signing certificates must be in the I<certs> parameter.
76 If B<CMS_NO_SIGNER_CERT_VERIFY> is set the signing certificates are not
91 a small number of certificates. The acceptable certificates would be passed
93 of the certificates supplied in I<certs> then the verify will fail because the
[all …]
|
| H A D | X509_LOOKUP_hash_dir.pod | 38 Internally loading of certificates and CRLs is implemented via functions
42 B<FILETYPE_DEFAULT>. They load certificates and/or CRLs from specified
69 The B<X509_LOOKUP_file> method loads all the certificates or CRLs
73 File format is ASCII text which contains concatenated PEM certificates
82 certificates and CRLs on demand, and caches them in memory once
91 applied to the subject name for certificates or issuer name for CRLs.
103 certificates with same subject name hash value.
104 For example, it is possible to have in the store several certificates with same
109 loaded, hash_dir lookup method checks only for certificates with
122 certificates and CRLs through any loader supported by
[all …]
|
| H A D | X509_add_cert.pod | 32 the reference counts of those certificates added successfully are increased.
34 If B<X509_ADD_FLAG_PREPEND> is set then the certificates are prepended to I<sk>.
36 In both cases the original order of the added certificates is preserved.
38 If B<X509_ADD_FLAG_NO_DUP> is set then certificates already contained in I<sk>,
41 If B<X509_ADD_FLAG_NO_SS> is set then certificates that are marked self-signed,
53 the ownership is transferred to the list of certificates I<sk>.
|
| /netbsd-src/crypto/external/bsd/openssl/dist/demos/certs/ |
| H A D | README.txt | 1 There is often a need to generate test certificates automatically using
3 CA certificates, obsolete V1 certificates or duplicate serial numbers.
6 The mkcerts.sh script is an example of how to generate certificates
8 signed by the root and several certificates signed by the intermediate CA.
11 certificates and generates a CRL. Then one certificate is revoked and a
15 client certificates.
17 The script ocspquery.sh queries the status of the certificates using the
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/demos/certs/ |
| H A D | README | 1 There is often a need to generate test certificates automatically using
3 CA certificates, obsolete V1 certificates or duplicate serial numbers.
6 The mkcerts.sh script is an example of how to generate certificates
8 signed by the root and several certificates signed by the intermediate CA.
11 certificates and generates a CRL. Then one certificate is revoked and a
15 client certificates.
17 The script ocspquery.sh queries the status of the certificates using the
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man1/ |
| H A D | openssl-crl2pkcs7.pod.in | 6 openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
23 certificates and converts them into a PKCS#7 degenerate "certificates
56 Specifies a filename containing one or more certificates in B<PEM> format.
57 All certificates in the file will be added to the PKCS#7 structure. This
58 option can be used more than once to read certificates from multiple
77 different certificates:
85 just certificates and an optional CRL.
87 This command can be used to send certificates and CAs to Netscape as part of
92 install user certificates and CAs in MSIE using the Xenroll control.
|
| H A D | openssl-pkcs12.pod.in | 128 No certificates will be output.
147 and the default encryption algorithm for both certificates and private keys is
172 The filename to write certificates and private keys to, standard output by
186 Only output client certificates (not CA certificates).
190 Only output CA certificates (not client certificates).
244 With the B<-export> option this is a file with certificates and a key,
248 certificates are present they will also be included in the PKCS#12 output file.
261 An input file with extra certificates to be added to the PKCS#12 output
278 as well as any untrusted CA certificates given with the B<-untrusted> option.
282 An input file of untrusted certificates that may be used
[all …]
|
| H A D | openssl-nseq.pod.in | 20 sequence and prints out the certificates contained in it or takes a
21 file of certificates and converts it into a Netscape certificate
26 format when several certificates are sent to the browser, for example during
49 is the certificates contained in it. With the B<-toseq> option the
51 a file of certificates.
59 Output the certificates in a Netscape certificate sequence
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man1/ |
| H A D | crl2pkcs7.pod | 6 crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
22 certificates and converts them into a PKCS#7 degenerate "certificates
57 Specifies a filename containing one or more certificates in B<PEM> format.
58 All certificates in the file will be added to the PKCS#7 structure. This
59 option can be used more than once to read certificates from multiple
76 different certificates:
84 just certificates and an optional CRL.
86 This utility can be used to send certificates and CAs to Netscape as part of
91 install user certificates and CAs in MSIE using the Xenroll control.
|
| H A D | verify.pod | 6 verify - Utility to verify certificates
54 [certificates]
70 A B<file> of trusted certificates.
71 The file should contain one or more certificates in PEM format.
75 A directory of trusted certificates. The certificates should have names
79 create symbolic links to a directory of certificates.
83 Do not load the trusted CA certificates from the default file location.
87 Do not load the trusted CA certificates from the default directory location.
91 Allow the verification of proxy certificates.
124 Checks the validity of B<all> certificates in the chain by attempting
[all …]
|
| H A D | pkcs12.pod | 75 The filename to write certificates and private keys to, standard output by
95 This option inhibits output of the keys and certificates to the output file
100 Only output client certificates (not CA certificates).
104 Only output CA certificates (not client certificates).
108 No certificates at all will be output.
176 The filename to read certificates and private keys from, standard input by
179 certificates are present they will also be included in the PKCS#12 file.
195 A filename to read additional certificates from.
199 This specifies the "friendly name" for other certificates. This option may be
200 used multiple times to specify names for all certificates in the order they
[all …]
|
| H A D | nseq.pod | 19 sequence and prints out the certificates contained in it or takes a
20 file of certificates and converts it into a Netscape certificate
43 is the certificates contained in it. With the B<-toseq> option the
45 a file of certificates.
51 Output the certificates in a Netscape certificate sequence
68 certificates are sent to the browser: for example during certificate enrollment.
|
| /netbsd-src/crypto/external/bsd/heimdal/dist/doc/ |
| H A D | hx509.texi | 197 * Issuing certificates::
209 @c * Issuing certificates::
211 * Issuing certificates::
253 A system or collection of distributed systems that stores certificates and CRLs
254 and serves as a means of distributing these certificates and CRLs to end entities
287 @section Type of certificates
295 Trust anchors are strictly not certificates, but commonly stored in a
297 the keys that an end entity would trust to validate other certificates.
301 @item End Entity (EE) certificates
303 End entity certificates are the most common types of certificates. End
[all …]
|
| /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hx509/ |
| H A D | hxtool-commands.in | 43 help = "certificate stores to pull certificates from"
62 help = "certificate store to pull certificates from"
110 help = "don't embed certificates"
136 help = "certificate store to pull certificates from"
216 help = "certificates used to receive the data"
262 help = "allow proxy certificates"
305 help = "print the content of the certificates"
319 help = "Print certificates"
332 help = "Validate content of certificates"
350 argument="in-certificates-1 ... out-certificate"
[all …]
|