| /netbsd-src/crypto/external/bsd/openssl/dist/include/internal/ |
| H A D | dane.h | 79 #define DANETLS_ENABLED(dane) \ argument 80 ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) 94 #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) argument 95 #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) argument 96 #define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) argument 97 #define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) argument 99 #define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) argument 100 #define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) argument 101 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) argument 102 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) argument
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/include/internal/ |
| H A D | dane.h | 78 #define DANETLS_ENABLED(dane) \ argument 79 ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) 93 #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) argument 94 #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) argument 95 #define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) argument 96 #define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) argument 98 #define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) argument 99 #define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) argument 100 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) argument 101 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) argument
|
| /netbsd-src/external/ibm-public/postfix/dist/src/tls/ |
| H A D | tls_dane.c | 288 TLS_DANE *dane = (TLS_DANE *) mymalloc(sizeof(*dane)); in tls_dane_alloc() local 290 dane->tlsa = 0; in tls_dane_alloc() 291 dane->base_domain = 0; in tls_dane_alloc() 292 dane->flags = 0; in tls_dane_alloc() 293 dane->expires = 0; in tls_dane_alloc() 294 dane->refs = 1; in tls_dane_alloc() 295 return (dane); in tls_dane_alloc() 313 void tls_dane_free(TLS_DANE *dane) in tls_dane_free() argument 315 if (--dane->refs > 0) in tls_dane_free() 317 if (dane->base_domain) in tls_dane_free() [all …]
|
| H A D | tls_proxy_client_scan.c | 332 if (props->dane) in tls_proxy_client_start_free() 333 tls_dane_free((TLS_DANE *) props->dane); in tls_proxy_client_start_free() 389 TLS_DANE *dane = 0; in tls_proxy_client_dane_scan() local 402 dane = tls_dane_alloc(); in tls_proxy_client_dane_scan() 407 &dane->tlsa), in tls_proxy_client_dane_scan() 411 dane->base_domain = vstring_export(base_domain); in tls_proxy_client_dane_scan() 414 tls_dane_free(dane); in tls_proxy_client_dane_scan() 415 dane = 0; in tls_proxy_client_dane_scan() 418 *(TLS_DANE **) ptr = dane; in tls_proxy_client_dane_scan() 453 props->dane = 0; /* scan_fn may return early */ in tls_proxy_client_start_scan() [all …]
|
| H A D | tls_proxy_client_print.c | 223 const TLS_DANE *dane = (const TLS_DANE *) ptr; in tls_proxy_client_dane_print() local 227 SEND_ATTR_INT(TLS_ATTR_DANE, dane != 0), in tls_proxy_client_dane_print() 230 msg_info("tls_proxy_client_dane_print dane=%d", dane != 0); in tls_proxy_client_dane_print() 232 if (ret == 0 && dane != 0) { in tls_proxy_client_dane_print() 236 STRING_OR_EMPTY(dane->base_domain)), in tls_proxy_client_dane_print() 238 (const void *) dane->tlsa), in tls_proxy_client_dane_print() 286 (const void *) props->dane), in tls_proxy_client_start_print()
|
| H A D | tls_client.c | 551 sni = props->dane->base_domain; in tls_auth_enable() 568 if (TLScontext->dane != 0 && TLScontext->dane->tlsa != 0) { in tls_auth_enable() 972 TLScontext->dane = props->dane; in tls_client_start() 1018 if (TLScontext->dane && TLScontext->dane->tlsa) { in tls_client_start()
|
| H A D | tls.h | 172 #define tls_dane_unusable(dane) ((dane)->flags & TLS_DANE_FLAG_EMPTY) argument 173 #define tls_dane_notfound(dane) ((dane)->flags & TLS_DANE_FLAG_NORRS) argument 258 const TLS_DANE *dane; /* DANE TLSA digests */ member 489 const TLS_DANE *dane; /* DANE TLSA verification */ member
|
| H A D | tls_fprint.c | 292 && props->dane && props->dane->tlsa) { in tls_serverid_digest() 293 CHECK_OK_AND(tls_digest_tlsa(mdctx, props->dane->tlsa)); in tls_serverid_digest()
|
| /netbsd-src/external/ibm-public/postfix/dist/src/smtp/ |
| H A D | smtp_tls_policy.c | 339 if (!tls->dane) in tls_policy_lookup_one() 340 tls->dane = tls_dane_alloc(); in tls_policy_lookup_one() 341 tls_dane_add_fpt_digests(tls->dane, val, "|", smtp_mode); in tls_policy_lookup_one() 375 if (!tls->dane) in tls_policy_lookup_one() 376 tls->dane = tls_dane_alloc(); in tls_policy_lookup_one() 377 if (!tls_dane_load_trustfile(tls->dane, val)) { in tls_policy_lookup_one() 430 static int load_tas(TLS_DANE *dane, const char *files) in load_tas() argument 439 ret = tls_dane_load_trustfile(dane, file); in load_tas() 620 if (tls->dane == 0) in policy_create() 621 tls->dane = tls_dane_alloc(); in policy_create() [all …]
|
| H A D | smtp.h | 109 TLS_DANE *dane; /* DANE TLSA digests */ member 144 _tls_policy_init_tmp->dane = 0; \
|
| H A D | smtp_proto.c | 946 dane = state->tls->dane); in smtp_start_tls() 1068 dane = state->tls->dane); in smtp_start_tls()
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/crypto/x509/ |
| H A D | x509_vfy.c | 256 SSL_DANE *dane = ctx->dane; in X509_verify_cert() local 300 if (DANETLS_ENABLED(dane)) in X509_verify_cert() 782 SSL_DANE *dane = ctx->dane; in check_trust() local 790 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust() 864 if (!DANETLS_ENABLED(dane)) in check_trust() 866 if (dane->pdpth < 0) in check_trust() 867 dane->pdpth = num_untrusted; in check_trust() 869 if (dane->mdpth >= 0) in check_trust() 2292 ctx->dane = NULL; in X509_STORE_CTX_init() 2588 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/crypto/x509/ |
| H A D | x509_vfy.c | 295 ret = DANETLS_ENABLED(ctx->dane) ? dane_verify(ctx) : verify_chain(ctx); in X509_verify_cert() 815 SSL_DANE *dane = ctx->dane; in check_trust() local 823 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust() 897 if (!DANETLS_ENABLED(dane)) in check_trust() 899 if (dane->pdpth < 0) in check_trust() 900 dane->pdpth = num_untrusted; in check_trust() 902 if (dane->mdpth >= 0) in check_trust() 2348 ctx->dane = NULL; in X509_STORE_CTX_init() 2647 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument 2649 ctx->dane = dane; in X509_STORE_CTX_set0_dane() [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/ssl/ |
| H A D | ssl_lib.c | 191 static void dane_final(SSL_DANE *dane) in dane_final() argument 193 sk_danetls_record_pop_free(dane->trecs, tlsa_free); in dane_final() 194 dane->trecs = NULL; in dane_final() 196 sk_X509_pop_free(dane->certs, X509_free); in dane_final() 197 dane->certs = NULL; in dane_final() 199 X509_free(dane->mcert); in dane_final() 200 dane->mcert = NULL; in dane_final() 201 dane->mtlsa = NULL; in dane_final() 202 dane->mdpth = -1; in dane_final() 203 dane->pdpth = -1; in dane_final() [all …]
|
| H A D | ssl_cert.c | 406 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain() 407 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
|
| /netbsd-src/external/ibm-public/postfix/dist/src/posttls-finger/ |
| H A D | posttls-finger.c | 496 TLS_DANE *dane; /* DANE TLSA validation structure */ member 827 dane = state->ddane ? in starttls() 828 state->ddane : state->dane); in starttls() 924 dane = state->ddane ? state->ddane : state->dane); in starttls() 1811 if (state->dane) in cleanup() 1812 tls_dane_free(state->dane); in cleanup() 2135 state->dane = tls_dane_alloc(); in parse_match() 2137 tls_dane_add_fpt_digests((TLS_DANE *) state->dane, *argv++, "", in parse_match() 2164 state->dane = tls_dane_alloc(); in parse_tas() 2166 if (!tls_dane_load_trustfile((TLS_DANE *) state->dane, *file)) in parse_tas()
|
| /netbsd-src/crypto/external/bsd/openssl/dist/crypto/err/ |
| H A D | openssl.txt | 1309 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled 1315 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled 1316 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full 1317 SSL_R_DANE_NOT_ENABLED:175:dane not enabled 1318 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate 1319 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage 1320 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length 1321 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length 1322 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type 1323 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/include/crypto/ |
| H A D | x509.h | 255 SSL_DANE *dane; member
|
| /netbsd-src/external/ibm-public/postfix/dist/proto/ |
| H A D | stop.double-cc | 260 DNS at the dane dane only and half dane security levels or be
|
| /netbsd-src/external/ibm-public/postfix/dist/ |
| H A D | RELEASE_NOTES-3.4 | 151 It supports all Postfix TLS security levels including dane and 152 dane-only.
|
| H A D | RELEASE_NOTES-2.11 | 30 This feature introduces new TLS security levels called "dane" and 31 "dane-only" (DNS-based Authentication of Named Entities) that use
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/crypto/err/ |
| H A D | openssl.txt | 2672 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled 2677 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled 2678 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full 2679 SSL_R_DANE_NOT_ENABLED:175:dane not enabled 2680 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate 2681 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage 2682 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length 2683 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length 2684 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type 2685 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/include/crypto/ |
| H A D | x509.h | 278 SSL_DANE *dane; member
|
| /netbsd-src/crypto/external/bsd/openssl/dist/ssl/ |
| H A D | ssl_cert.c | 425 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain() 426 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
|
| /netbsd-src/external/ibm-public/postfix/dist/conf/ |
| H A D | postfix-tls-script | 588 …https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certifi…
|