Home
last modified time | relevance | path

Searched refs:certificate (Results 1 – 25 of 555) sorted by relevance

12345678910>>...23

/netbsd-src/crypto/external/bsd/heimdal/dist/lib/hx509/
H A Dtest_ca.in58 ${hxtool} issue-certificate \
59 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
62 --certificate="FILE:cert-ee.pem" || exit 1
106 ${hxtool} issue-certificate \
107 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
111 --certificate="FILE:cert-ee.pem" || exit 1
114 ${hxtool} issue-certificate \
115 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \
120 --certificate="FILE:cert-ee.pem" || exit 1
123 ${hxtool} issue-certificate \
[all …]
H A Dhxtool-commands.in39 long = "certificate"
42 argument = "certificate-store"
43 help = "certificate stores to pull certificates from"
50 help = "certificate to sign with"
55 argument = "certificate-store"
61 argument = "certificate-pool"
62 help = "certificate store to pull certificates from"
115 help = "only embed leaf certificate"
128 argument = "certificate-store"
132 long = "certificate"
[all …]
H A Dtest_cms.in56 --certificate=FILE:$srcdir/data/secp256r2TestClient.pem \
70 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
84 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
106 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
128 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \
141 --certificate=FILE:$srcdir/data/test.combined.crt \
154 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
169 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
183 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
198 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \
[all …]
/netbsd-src/crypto/external/bsd/openssl/dist/doc/man3/
H A DX509_STORE_CTX_get_error.pod9 X509_verify_cert_error_string - get or set certificate verification status
30 These functions are typically called after certificate or chain verification
44 nonnegative integer representing where in the certificate chain the error
45 occurred. If it is zero it occurred in the end entity certificate, one if
46 it is the certificate which signed the end entity certificate and so on.
52 X509_STORE_CTX_get_current_cert() returns the current certificate in
53 I<ctx>. If an error occurred, the current certificate will be the one
55 certificate is relevant.
57 X509_STORE_CTX_set_current_cert() sets the certificate I<x> in I<ctx> which
64 If a callback wishes the save the certificate for use after it returns, it
[all …]
H A DSSL_CTX_set_client_cert_cb.pod5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
20 called when a client certificate is requested by a server and no certificate
29 set a certificate, a certificate/private key combination must be set
31 certificate will be installed into I<ssl>, see the NOTES and BUGS sections.
32 If no certificate should be set, "0" has to be returned and no certificate
42 During a handshake (or renegotiation) a server may request a certificate
43 from the client. A client certificate must only be sent, when the server
46 When a certificate was set using the
49 certificate is sent, if it matches the list of acceptable CAs sent by the
52 selection routine or to allow a user interaction to choose the certificate to
[all …]
H A DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
[all …]
H A DSSL_get_certificate.pod5 SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and
18 certificate used as the local peer's identity.
21 RSA and ECDSA certificates. The certificate which is returned by
28 If it is called before certificate selection has occurred, it returns the most
29 recently added certificate, or NULL if no certificate has been added.
33 After certificate selection has occurred, it returns the certificate which was
34 selected during the handshake, or NULL if no certificate was selected (for
35 example, on a client where no client certificate is in use).
41 will depend on whether that callback is made before or after certificate
45 L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate
[all …]
H A DX509_check_ca.pod5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
16 to sign other certificates). The certificate must be a complete certificate
21 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
22 CA certificate with B<basicConstraints> extension CA:TRUE,
23 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
26 extension telling that it is CA certificate.
30 Actually, any nonzero value means that this certificate could have been
H A DX509_get_extension_flags.pod15 X509_get_proxy_pathlen - retrieve certificate extension data
35 These functions retrieve information related to commonly used certificate extensions.
37 X509_get_pathlen() retrieves the path length extension from a certificate.
41 X509_get_extension_flags() retrieves general information about a certificate,
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
56 The certificate contains basic constraints and asserts the CA flag.
60 The certificate is a valid proxy certificate.
64 The certificate is self issued (that is subject and issuer names match).
73 The freshest CRL extension is present in the certificate.
[all …]
H A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
75 certificate, but only if B<x509> has already been loaded into B<ctx> using a
83 SSL_CTX_set_current_cert() changes the current certificate to a value based
[all …]
/netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man3/
H A DX509_STORE_CTX_get_error.pod9 X509_verify_cert_error_string - get or set certificate verification status
41 nonnegative integer representing where in the certificate chain the error
42 occurred. If it is zero it occurred in the end entity certificate, one if
43 it is the certificate which signed the end entity certificate and so on.
49 X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
50 caused the error or B<NULL> if no certificate is relevant.
52 X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which
59 If a callback wishes the save the certificate for use after it returns, it
61 Once such a I<saved> certificate is no longer needed it can be freed with
65 certificate being verified by the B<ctx>.
[all …]
H A DSSL_CTX_set_client_cert_cb.pod5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
21 called when a client certificate is requested by a server and no certificate
30 set a certificate, a certificate/private key combination must be set
32 certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
33 If no certificate should be set, "0" has to be returned and no certificate
43 During a handshake (or renegotiation) a server may request a certificate
44 from the client. A client certificate must only be sent, when the server
47 When a certificate was set using the
50 certificate is sent, if it matches the list of acceptable CAs sent by the
53 selection routine or to allow a user interaction to choose the certificate to
[all …]
H A DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
78 into B<ctx>. The formatting B<type> of the certificate must be specified
80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
86 be sorted starting with the subject's certificate (actual client or server
[all …]
H A DX509_get_extension_flags.pod15 X509_get_proxy_pathlen - retrieve certificate extension data
35 These functions retrieve information related to commonly used certificate extensions.
37 X509_get_pathlen() retrieves the path length extension from a certificate.
41 X509_get_extension_flags() retrieves general information about a certificate,
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
56 The certificate contains basic constraints and asserts the CA flag.
60 The certificate is a valid proxy certificate.
64 The certificate is self issued (that is subject and issuer names match).
73 The freshest CRL extension is present in the certificate.
[all …]
H A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
68 (i.e. server or client) certificate. This is the last certificate loaded or
72 certificate, but only if B<x509> has already been loaded into B<ctx> using a
80 SSL_CTX_set_current_cert() changes the current certificate to a value based
[all …]
H A DX509_check_ca.pod5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
20 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
21 CA certificate with B<basicConstraints> extension CA:TRUE,
22 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
25 extension telling that it is CA certificate.
27 Actually, any nonzero value means that this certificate could have been
/netbsd-src/crypto/external/bsd/openssl.old/dist/doc/HOWTO/
H A Dcertificates.txt13 This file is for users who wish to get a certificate of their own.
29 keys, so before you create a certificate or a certificate request, you
42 3. Creating a certificate request
44 To create a certificate, you need to start with a certificate request
45 (or, as some certificate authorities like to put it, "certificate
48 policies). A certificate request is sent to a certificate authority
49 to get it signed into a certificate. You can also sign the certificate
50 yourself if you have your own certificate authority or create a
51 self-signed certificate (typically for testing purpose).
53 The certificate request is created like this:
[all …]
/netbsd-src/crypto/external/bsd/openssl/dist/doc/man1/
H A Dopenssl-x509.pod.in84 This command is a multi-purposes certificate handling command.
85 It can be used to print certificate information,
86 convert certificates to various forms, edit certificate trust settings,
105 This specifies the input to read a certificate from
106 or the input file for reading a certificate request if the B<-req> flag is used.
113 The key and certificate file password source.
119 Generate a certificate from scratch, not using an input certificate
120 or certificate request. So the B<-in> option must not be used in this case.
128 Output a PKCS#10 certificate request (rather than a certificate).
132 X.509 extensions included in a certificate input are not copied by default.
[all …]
/netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man1/
H A Dverify.pod58 The B<verify> command verifies certificate chains.
77 form ("hash" is the hashed certificate subject name: see the B<-hash> option
102 the last certificate in a chain if the certificate is supposedly self-signed.
104 certificate with key usage restrictions not including the keyCertSign bit.
115 Attempt to download CRL information for this certificate.
119 Checks end entity certificate validity by attempting to look up a valid CRL.
148 supported by OpenSSL the certificate is rejected (as required by RFC5280).
176 trusted certificate that might not be self-signed.
186 Enables certificate policy processing.
194 The intended use for the certificate. If this option is not specified,
[all …]
H A Dx509.pod72 The B<x509> command is a multi purpose certificate utility. It can be
73 used to display certificate information, convert certificates to
74 various forms, sign certificate requests like a "mini CA" or edit
75 certificate trust settings.
93 certificate but this can change if other options such as B<-req> are
94 present. The DER format is the DER encoding of the certificate and PEM
105 This specifies the input filename to read a certificate from or standard input
144 When signing a certificate, preserve the "notBefore" and "notAfter" dates instead
158 Prints out the certificate in text form. Full details are output including the
164 Prints out the certificate extensions in text form. Extensions are specified
[all …]
/netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man7/
H A Dx509.pod5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
21 A related structure is a certificate request, defined in PKCS#10 from
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
27 a certificate attribute), X509_EXTENSION (to express a certificate
[all …]
/netbsd-src/crypto/external/bsd/openssl/dist/doc/man7/
H A Dx509.pod5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
21 A related structure is a certificate request, defined in PKCS#10 from
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
27 a certificate attribute), X509_EXTENSION (to express a certificate
[all …]
/netbsd-src/crypto/external/bsd/heimdal/dist/tests/kdc/
H A Dcheck-pkinit.in122 ${hxtool} issue-certificate \
127 --certificate="FILE:ca.crt" || exit 1
130 ${hxtool} issue-certificate \
131 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
135 --certificate="FILE:kdc.crt" || exit 1
138 ${hxtool} issue-certificate \
139 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
143 --certificate="FILE:pkinit.crt" || exit 1
146 ${hxtool} issue-certificate \
147 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \
[all …]
/netbsd-src/crypto/external/bsd/heimdal/dist/doc/
H A Dhx509.texi196 * Creating a CA certificate::
210 * Creating a CA certificate::
213 @c * Issuing a proxy certificate::
214 @c * Creating a user certificate::
215 @c * Validating a certificate::
216 @c * Validating a certificate path::
251 An optional system to which a CA delegates the publication of certificate revocation lists.
259 and basic certificate processing tasks, path construction, path
261 Encrypted (shared secret encrypted), CMS SignedData (certificate
262 signed), and CMS EnvelopedData (certificate encrypted).
[all …]
/netbsd-src/crypto/external/bsd/heimdal/dist/lib/hx509/data/
H A Dnist-data23 # 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate
5 # 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate
9 # 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is af…
11 # 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is afte…
17 # 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is befo…
19 # 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before…
21 …2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the c…
39 # 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined
41 # 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked.
43 # 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked
[all …]

12345678910>>...23