Home
last modified time | relevance | path

Searched refs:dane (Results 1 – 25 of 39) sorted by relevance

12

/netbsd-src/crypto/external/bsd/openssl/dist/include/internal/
H A Ddane.h79 #define DANETLS_ENABLED(dane) \ argument
80 ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
94 #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) argument
95 #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) argument
96 #define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) argument
97 #define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) argument
99 #define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) argument
100 #define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) argument
101 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) argument
102 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) argument
/netbsd-src/crypto/external/bsd/openssl.old/dist/include/internal/
H A Ddane.h78 #define DANETLS_ENABLED(dane) \ argument
79 ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
93 #define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) argument
94 #define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) argument
95 #define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) argument
96 #define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) argument
98 #define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) argument
99 #define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) argument
100 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) argument
101 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) argument
/netbsd-src/external/ibm-public/postfix/dist/src/tls/
H A Dtls_dane.c288 TLS_DANE *dane = (TLS_DANE *) mymalloc(sizeof(*dane)); in tls_dane_alloc() local
290 dane->tlsa = 0; in tls_dane_alloc()
291 dane->base_domain = 0; in tls_dane_alloc()
292 dane->flags = 0; in tls_dane_alloc()
293 dane->expires = 0; in tls_dane_alloc()
294 dane->refs = 1; in tls_dane_alloc()
295 return (dane); in tls_dane_alloc()
313 void tls_dane_free(TLS_DANE *dane) in tls_dane_free() argument
315 if (--dane->refs > 0) in tls_dane_free()
317 if (dane->base_domain) in tls_dane_free()
[all …]
H A Dtls_proxy_client_scan.c332 if (props->dane) in tls_proxy_client_start_free()
333 tls_dane_free((TLS_DANE *) props->dane); in tls_proxy_client_start_free()
389 TLS_DANE *dane = 0; in tls_proxy_client_dane_scan() local
402 dane = tls_dane_alloc(); in tls_proxy_client_dane_scan()
407 &dane->tlsa), in tls_proxy_client_dane_scan()
411 dane->base_domain = vstring_export(base_domain); in tls_proxy_client_dane_scan()
414 tls_dane_free(dane); in tls_proxy_client_dane_scan()
415 dane = 0; in tls_proxy_client_dane_scan()
418 *(TLS_DANE **) ptr = dane; in tls_proxy_client_dane_scan()
453 props->dane = 0; /* scan_fn may return early */ in tls_proxy_client_start_scan()
[all …]
H A Dtls_proxy_client_print.c223 const TLS_DANE *dane = (const TLS_DANE *) ptr; in tls_proxy_client_dane_print() local
227 SEND_ATTR_INT(TLS_ATTR_DANE, dane != 0), in tls_proxy_client_dane_print()
230 msg_info("tls_proxy_client_dane_print dane=%d", dane != 0); in tls_proxy_client_dane_print()
232 if (ret == 0 && dane != 0) { in tls_proxy_client_dane_print()
236 STRING_OR_EMPTY(dane->base_domain)), in tls_proxy_client_dane_print()
238 (const void *) dane->tlsa), in tls_proxy_client_dane_print()
286 (const void *) props->dane), in tls_proxy_client_start_print()
H A Dtls_client.c551 sni = props->dane->base_domain; in tls_auth_enable()
568 if (TLScontext->dane != 0 && TLScontext->dane->tlsa != 0) { in tls_auth_enable()
972 TLScontext->dane = props->dane; in tls_client_start()
1018 if (TLScontext->dane && TLScontext->dane->tlsa) { in tls_client_start()
H A Dtls.h172 #define tls_dane_unusable(dane) ((dane)->flags & TLS_DANE_FLAG_EMPTY) argument
173 #define tls_dane_notfound(dane) ((dane)->flags & TLS_DANE_FLAG_NORRS) argument
258 const TLS_DANE *dane; /* DANE TLSA digests */ member
489 const TLS_DANE *dane; /* DANE TLSA verification */ member
H A Dtls_fprint.c292 && props->dane && props->dane->tlsa) { in tls_serverid_digest()
293 CHECK_OK_AND(tls_digest_tlsa(mdctx, props->dane->tlsa)); in tls_serverid_digest()
/netbsd-src/external/ibm-public/postfix/dist/src/smtp/
H A Dsmtp_tls_policy.c339 if (!tls->dane) in tls_policy_lookup_one()
340 tls->dane = tls_dane_alloc(); in tls_policy_lookup_one()
341 tls_dane_add_fpt_digests(tls->dane, val, "|", smtp_mode); in tls_policy_lookup_one()
375 if (!tls->dane) in tls_policy_lookup_one()
376 tls->dane = tls_dane_alloc(); in tls_policy_lookup_one()
377 if (!tls_dane_load_trustfile(tls->dane, val)) { in tls_policy_lookup_one()
430 static int load_tas(TLS_DANE *dane, const char *files) in load_tas() argument
439 ret = tls_dane_load_trustfile(dane, file); in load_tas()
620 if (tls->dane == 0) in policy_create()
621 tls->dane = tls_dane_alloc(); in policy_create()
[all …]
H A Dsmtp.h109 TLS_DANE *dane; /* DANE TLSA digests */ member
144 _tls_policy_init_tmp->dane = 0; \
H A Dsmtp_proto.c946 dane = state->tls->dane); in smtp_start_tls()
1068 dane = state->tls->dane); in smtp_start_tls()
/netbsd-src/crypto/external/bsd/openssl.old/dist/crypto/x509/
H A Dx509_vfy.c256 SSL_DANE *dane = ctx->dane; in X509_verify_cert() local
300 if (DANETLS_ENABLED(dane)) in X509_verify_cert()
782 SSL_DANE *dane = ctx->dane; in check_trust() local
790 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust()
864 if (!DANETLS_ENABLED(dane)) in check_trust()
866 if (dane->pdpth < 0) in check_trust()
867 dane->pdpth = num_untrusted; in check_trust()
869 if (dane->mdpth >= 0) in check_trust()
2292 ctx->dane = NULL; in X509_STORE_CTX_init()
2588 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument
[all …]
/netbsd-src/crypto/external/bsd/openssl/dist/crypto/x509/
H A Dx509_vfy.c295 ret = DANETLS_ENABLED(ctx->dane) ? dane_verify(ctx) : verify_chain(ctx); in X509_verify_cert()
815 SSL_DANE *dane = ctx->dane; in check_trust() local
823 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust()
897 if (!DANETLS_ENABLED(dane)) in check_trust()
899 if (dane->pdpth < 0) in check_trust()
900 dane->pdpth = num_untrusted; in check_trust()
902 if (dane->mdpth >= 0) in check_trust()
2348 ctx->dane = NULL; in X509_STORE_CTX_init()
2647 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument
2649 ctx->dane = dane; in X509_STORE_CTX_set0_dane()
[all …]
/netbsd-src/crypto/external/bsd/openssl.old/dist/ssl/
H A Dssl_lib.c191 static void dane_final(SSL_DANE *dane) in dane_final() argument
193 sk_danetls_record_pop_free(dane->trecs, tlsa_free); in dane_final()
194 dane->trecs = NULL; in dane_final()
196 sk_X509_pop_free(dane->certs, X509_free); in dane_final()
197 dane->certs = NULL; in dane_final()
199 X509_free(dane->mcert); in dane_final()
200 dane->mcert = NULL; in dane_final()
201 dane->mtlsa = NULL; in dane_final()
202 dane->mdpth = -1; in dane_final()
203 dane->pdpth = -1; in dane_final()
[all …]
H A Dssl_cert.c406 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain()
407 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
/netbsd-src/external/ibm-public/postfix/dist/src/posttls-finger/
H A Dposttls-finger.c496 TLS_DANE *dane; /* DANE TLSA validation structure */ member
827 dane = state->ddane ? in starttls()
828 state->ddane : state->dane); in starttls()
924 dane = state->ddane ? state->ddane : state->dane); in starttls()
1811 if (state->dane) in cleanup()
1812 tls_dane_free(state->dane); in cleanup()
2135 state->dane = tls_dane_alloc(); in parse_match()
2137 tls_dane_add_fpt_digests((TLS_DANE *) state->dane, *argv++, "", in parse_match()
2164 state->dane = tls_dane_alloc(); in parse_tas()
2166 if (!tls_dane_load_trustfile((TLS_DANE *) state->dane, *file)) in parse_tas()
/netbsd-src/crypto/external/bsd/openssl/dist/crypto/err/
H A Dopenssl.txt1309 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
1315 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
1316 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
1317 SSL_R_DANE_NOT_ENABLED:175:dane not enabled
1318 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
1319 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
1320 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
1321 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
1322 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
1323 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
[all …]
/netbsd-src/crypto/external/bsd/openssl.old/dist/include/crypto/
H A Dx509.h255 SSL_DANE *dane; member
/netbsd-src/external/ibm-public/postfix/dist/proto/
H A Dstop.double-cc260 DNS at the dane dane only and half dane security levels or be
/netbsd-src/external/ibm-public/postfix/dist/
H A DRELEASE_NOTES-3.4151 It supports all Postfix TLS security levels including dane and
152 dane-only.
H A DRELEASE_NOTES-2.1130 This feature introduces new TLS security levels called "dane" and
31 "dane-only" (DNS-based Authentication of Named Entities) that use
/netbsd-src/crypto/external/bsd/openssl.old/dist/crypto/err/
H A Dopenssl.txt2672 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
2677 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
2678 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
2679 SSL_R_DANE_NOT_ENABLED:175:dane not enabled
2680 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
2681 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
2682 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
2683 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
2684 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
2685 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
[all …]
/netbsd-src/crypto/external/bsd/openssl/dist/include/crypto/
H A Dx509.h278 SSL_DANE *dane; member
/netbsd-src/crypto/external/bsd/openssl/dist/ssl/
H A Dssl_cert.c425 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain()
426 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
/netbsd-src/external/ibm-public/postfix/dist/conf/
H A Dpostfix-tls-script588 …https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certifi…

12