| /netbsd-src/crypto/external/bsd/openssl.old/dist/crypto/x509/ |
| H A D | x509_trs.c | 18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); 19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); 20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags); 54 return (*a)->trust - (*b)->trust; in tr_cmp() 57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, in X509_TRUST_set_default() 61 default_trust = trust; in X509_TRUST_set_default() 106 tmp.trust = id; in X509_TRUST_get_by_id() 113 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument 115 if (X509_TRUST_get_by_id(trust) == -1) { in X509_TRUST_set() 119 *t = trust; in X509_TRUST_set() [all …]
|
| H A D | x_x509a.c | 27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), 114 if (aux->trust == NULL in X509_add1_trust_object() 115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object() 117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object() 144 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear() 145 x->aux->trust = NULL; in X509_trust_clear() 160 return x->aux->trust; in STACK_OF()
|
| H A D | x509_vfy.c | 427 tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); in check_purpose() 784 int trust; in check_trust() local 791 switch (trust = check_dane_issuer(ctx, num_untrusted)) { in check_trust() 794 return trust; in check_trust() 806 trust = X509_check_trust(x, ctx->param->trust, 0); in check_trust() 808 if (trust == X509_TRUST_TRUSTED) in check_trust() 810 if (trust == X509_TRUST_REJECTED) in check_trust() 839 trust = X509_check_trust(mx, ctx->param->trust, 0); in check_trust() 840 if (trust == X509_TRUST_REJECTED) { in check_trust() 2177 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) in X509_STORE_CTX_set_trust() argument [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/crypto/x509/ |
| H A D | x509_trust.c | 18 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); 19 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); 20 static int trust_compat(X509_TRUST *trust, X509 *x, int flags); 54 return (*a)->trust - (*b)->trust; in tr_cmp() 57 int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, in X509_TRUST_set_default() 61 default_trust = trust; in X509_TRUST_set_default() 106 tmp.trust = id; in X509_TRUST_get_by_id() 113 int X509_TRUST_set(int *t, int trust) in X509_TRUST_set() argument 115 if (X509_TRUST_get_by_id(trust) < 0) { in X509_TRUST_set() 119 *t = trust; in X509_TRUST_set() [all …]
|
| H A D | x_x509a.c | 27 ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), 114 if (aux->trust == NULL in X509_add1_trust_object() 115 && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) in X509_add1_trust_object() 117 if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) in X509_add1_trust_object() 149 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); in X509_trust_clear() 150 x->aux->trust = NULL; in X509_trust_clear() 165 return x->aux->trust; in STACK_OF()
|
| H A D | x509_vfy.c | 424 tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); in check_purpose() 817 int trust; in check_trust() local 824 trust = check_dane_issuer(ctx, num_untrusted); in check_trust() 825 if (trust != X509_TRUST_UNTRUSTED) in check_trust() 826 return trust; in check_trust() 837 trust = X509_check_trust(x, ctx->param->trust, 0); in check_trust() 839 if (trust == X509_TRUST_TRUSTED) in check_trust() 841 if (trust == X509_TRUST_REJECTED) in check_trust() 873 trust = X509_check_trust(mx, ctx->param->trust, 0); in check_trust() 874 if (trust == X509_TRUST_REJECTED) { in check_trust() [all …]
|
| /netbsd-src/external/mpl/bind/dist/lib/dns/ |
| H A D | ncache.c | 40 * trust 138 dns_trust_t trust; in addoptout() 169 trust = 0xffff; in addoptout() 203 if (trust > rdataset->trust) { in addoptout() 204 trust = rdataset->trust; in addoptout() 226 (unsigned char)rdataset->trust); in addoptout() 260 if (trust == 0xffff) { in addoptout() 268 trust in addoptout() 130 dns_trust_t trust; addoptout() local 506 rdataset_settrust(dns_rdataset_t * rdataset,dns_trust_t trust) rdataset_settrust() argument 541 dns_trust_t trust = dns_trust_none; dns_ncache_getrdataset() local 615 dns_trust_t trust = dns_trust_none; dns_ncache_getsigrdataset() local 712 dns_trust_t trust; dns_ncache_current() local [all...] |
| H A D | rdataset.c | 44 dns_trust_totext(dns_trust_t trust) { in dns_trust_totext() argument 45 if (trust >= sizeof(trustnames) / sizeof(*trustnames)) { in dns_trust_totext() 48 return trustnames[trust]; in dns_trust_totext() 594 dns_rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) { in dns_rdataset_additionaldata() 599 (rdataset->methods->settrust)(rdataset, trust); in dns_rdataset_additionaldata() 601 rdataset->trust = trust; in dns_rdataset_additionaldata() 660 dns_rdataset_settrust(dns_rdataset_t * rdataset,dns_trust_t trust) dns_rdataset_settrust() argument
|
| H A D | validator.c | 195 * Mark the rdatasets in val->vstat with trust level "answer", in markanswer() 221 * Mark the RRsets in val->vstat with trust level secure. in validator_done() 429 validator_log(val, ISC_LOG_DEBUG(3), "%s with trust %s", in fetch_callback_dnskey() 432 dns_trust_totext(rdataset->trust)); in fetch_callback_dnskey() 437 rdataset->trust >= dns_trust_secure) in fetch_callback_dnskey() 460 * walking a trust chain, or an insecurity proof. in fetch_callback_dnskey() 473 * trust; false if we're attempting to prove insecurity. in fetch_callback_dnskey() 505 "dsset with trust %s", in fetch_callback_ds() 506 dns_trust_totext(rdataset->trust)); in fetch_callback_ds() 516 * chain of trust; no in fetch_callback_ds() [all...] |
| /netbsd-src/external/mpl/dhcp/bind/dist/lib/dns/ |
| H A D | ncache.c | 130 dns_trust_t trust; in addoptout() local 161 trust = 0xffff; in addoptout() 195 if (trust > rdataset->trust) { in addoptout() 196 trust = rdataset->trust; in addoptout() 218 (unsigned char)rdataset->trust); in addoptout() 252 if (trust == 0xffff) { in addoptout() 260 trust = dns_trust_authauthority; in addoptout() 262 trust = dns_trust_additional; in addoptout() 267 INSIST(trust != 0xffff); in addoptout() 274 if (!secure && trust > dns_trust_answer) { in addoptout() [all …]
|
| H A D | rdataset.c | 44 dns_trust_totext(dns_trust_t trust) { in dns_trust_totext() argument 45 if (trust >= sizeof(trustnames) / sizeof(*trustnames)) { in dns_trust_totext() 48 return (trustnames[trust]); in dns_trust_totext() 67 rdataset->trust = 0; in dns_rdataset_init() 95 rdataset->trust = 0; in dns_rdataset_invalidate() 121 rdataset->trust = 0; in dns_rdataset_disassociate() 661 dns_rdataset_settrust(dns_rdataset_t *rdataset, dns_trust_t trust) { in dns_rdataset_settrust() argument 666 (rdataset->methods->settrust)(rdataset, trust); in dns_rdataset_settrust() 668 rdataset->trust = trust; in dns_rdataset_settrust()
|
| H A D | validator.c | 425 dns_trust_totext(rdataset->trust)); in fetch_callback_dnskey() 430 rdataset->trust >= dns_trust_secure) in fetch_callback_dnskey() 546 dns_trust_totext(rdataset->trust)); in fetch_callback_ds() 666 dns_trust_totext(val->frdataset.trust)); in validator_callback_dnskey() 670 if (val->frdataset.trust >= dns_trust_secure) { in validator_callback_dnskey() 743 dns_trust_totext(val->frdataset.trust)); in validator_callback_ds() 810 dns_trust_totext(val->frdataset.trust)); in validator_callback_cname() 883 rdataset->trust == dns_trust_secure && in validator_callback_nsec() 1251 if ((DNS_TRUST_PENDING(val->frdataset.trust) || in seek_dnskey() 1252 DNS_TRUST_ANSWER(val->frdataset.trust)) && in seek_dnskey() [all …]
|
| /netbsd-src/external/bsd/unbound/dist/testdata/07-confroot.tdir/ |
| H A D | 07-confroot.test | 32 trust-anchor-file: "$subdir/trustanchor.conf" 33 trust-anchor-file: "/subdir/trustanchor.conf" 34 trust-anchor-file: "trustanchor.conf" 77 trust-anchor-file: "$subdir/trustanchor.conf" 78 trust-anchor-file: "/subdir/trustanchor.conf" 79 trust-anchor-file: "trustanchor.conf" 108 trust-anchor-file: "$subdir/trustanchor.conf" 109 trust-anchor-file: "/subdir/trustanchor.conf" 110 trust-anchor-file: "trustanchor.conf" 139 #trust-anchor-file: "$subdir/trustanchor.conf" [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man3/ |
| H A D | X509_STORE_CTX_new.pod | 51 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); 53 int purpose, int trust); 134 certificate itself. In addition the trust store containing trusted certificates 135 can declare what purposes we trust different certificates for. This "trust" 141 administrator might only trust it for the former. An X.509 certificate extension 158 purpose also has an associated default trust value which will also be set at the 159 same time. During verification this trust setting will be verified to check it 160 is consistent with the trust set by the system administrator for certificates in 163 X509_STORE_CTX_set_trust() sets the trust value for the target certificate 164 being verified in the I<ctx>. Built-in available values for the I<trust> [all …]
|
| H A D | X509_VERIFY_PARAM_set_flags.pod | 36 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); 89 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 90 B<trust>. 107 neither the end-entity certificate nor the trust-anchor count against this 110 directly by the trust-anchor, while with a B<depth> limit of 1 there can be one 111 intermediate CA certificate between the trust-anchor and the end-entity 120 The signature algorithm security level is not enforced for the chain's I<trust 278 in L<X509_verify_cert(3)> will search the trust store for issuer certificates 282 This is especially important when some certificates in the trust store have 283 explicit trust settings (see "TRUST SETTINGS" in L<x509(1)>). [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man3/ |
| H A D | X509_STORE_CTX_new.pod | 52 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); 54 int purpose, int trust); 169 certificate itself. In addition the trust store containing trusted certificates 170 can declare what purposes we trust different certificates for. This "trust" 176 administrator might only trust it for the former. An X.509 certificate extension 193 purpose also has an associated default trust value which will also be set at the 194 same time. During verification this trust setting will be verified to check it 195 is consistent with the trust set by the system administrator for certificates in 198 X509_STORE_CTX_set_trust() sets the trust value for the target certificate 199 being verified in the I<ctx>. Built-in available values for the I<trust> [all …]
|
| H A D | X509_VERIFY_PARAM_set_flags.pod | 38 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); 95 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to 96 B<trust>. 114 neither the end-entity certificate nor the trust-anchor count against this 117 directly by the trust anchor, while with a B<depth> limit of 1 there can be one 118 intermediate CA certificate between the trust anchor and the end-entity 127 The signature algorithm security level is not enforced for the chain's I<trust 300 in L<X509_verify_cert(3)> searches the trust store for issuer certificates 304 This is especially important when some certificates in the trust store have 305 explicit trust settings (see "TRUST SETTINGS" in L<openssl-x509(1)>). [all …]
|
| /netbsd-src/external/mpl/mozilla-certdata/share/ |
| H A D | Makefile | 17 $D_CERTS!= cat ${.CURDIR:Q}/$D.trust 58 # and commit certs/ and *.trust. 66 rm -f ${TRUSTDOMAINS:=.trust} 71 -v CODETRUST=code.trust \ 72 -v EMAILTRUST=email.trust \ 74 -v SERVERTRUST=server.trust \
|
| /netbsd-src/external/bsd/unbound/dist/services/cache/ |
| H A D | rrset.c | 140 if( newd->trust > cached->trust ) { in need_to_update_rrset() 152 if( newd->trust == cached->trust && !equal ) { in need_to_update_rrset() 389 if(updata->trust > cachedata->trust) in rrset_update_sec_status() 390 cachedata->trust = updata->trust; in rrset_update_sec_status() 437 if(cachedata->trust > updata->trust) in rrset_check_sec_status() 438 updata->trust = cachedata->trust; in rrset_check_sec_status()
|
| /netbsd-src/external/mpl/bind/dist/doc/arm/ |
| H A D | managed-keys.inc.rst | 17 BIND is able to maintain DNSSEC trust anchors using :rfc:`5011` key 25 To configure a validating resolver to use :rfc:`5011` to maintain a trust 26 anchor, configure the trust anchor using a :any:`trust-anchors` statement and 28 the :any:`trust-anchors` statement description. 33 To set up an authoritative zone for :rfc:`5011` trust anchor maintenance, 39 :rfc:`5011`-managed trust anchor takes note of the stand-by KSKs in the 43 trust anchor for the zone. Anytime after this 30-day acceptance timer 67 it appears, that key is never again accepted as a valid trust
|
| /netbsd-src/external/bsd/unbound/dist/testdata/ede.tdir/bogus/ |
| H A D | make-broken-zone.sh | 18 …S 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" > bogus/trust-anchors 23 cat $CSK.ds >> bogus/trust-anchors 47 cat $CSK.ds >> bogus/trust-anchors 58 cat $CSK.ds >> bogus/trust-anchors 69 cat $CSK.ds >> bogus/trust-anchors
|
| /netbsd-src/external/bsd/unbound/dist/testdata/ |
| H A D | autotrust_revtp.rpl | 6 trust-anchor-signaling: no 11 ; autotrust trust anchor file 24 SCENARIO_BEGIN Test autotrust with trust point revocation 113 ; autotrust trust anchor file 116 ; considered as if it has no trust anchors. 118 ; to restart the trust anchor, overwrite this file. 138 ; correct unsigned response works after trust point revocation.
|
| H A D | autotrust_revtp_use.rpl | 8 trust-anchor-signaling: no 13 ; autotrust trust anchor file 26 SCENARIO_BEGIN Test autotrust with trust point revocation and instant use 124 ; correct unsigned response works after trust point revocation. 138 ; autotrust trust anchor file 141 ; considered as if it has no trust anchors. 143 ; to restart the trust anchor, overwrite this file.
|
| H A D | autotrust_rollalgo_unknown.rpl | 6 trust-anchor-signaling: no 192 ; autotrust trust anchor file 210 ; autotrust trust anchor file 228 ; autotrust trust anchor file 246 ; autotrust trust anchor file 264 ; autotrust trust anchor file 283 ; autotrust trust anchor file 286 ; considered as if it has no trust anchors. 288 ; to restart the trust anchor, overwrite this file. 307 ; autotrust trust anchor file [all …]
|
| H A D | autotrust_revtp_read.rpl | 11 ; autotrust trust anchor file 14 ; considered as if it has no trust anchors. 16 ; to restart the trust anchor, overwrite this file. 30 SCENARIO_BEGIN Test autotrust with revoked trust point read back from config 98 ; correct unsigned response works after trust point revocation.
|