| /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hx509/ |
| H A D | test_ca.in | 58 ${hxtool} issue-certificate \ 59 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 62 --certificate="FILE:cert-ee.pem" || exit 1 106 ${hxtool} issue-certificate \ 107 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 111 --certificate="FILE:cert-ee.pem" || exit 1 114 ${hxtool} issue-certificate \ 115 --ca-certificate=FILE:$srcdir/data/ca.crt,$srcdir/data/ca.key \ 120 --certificate="FILE:cert-ee.pem" || exit 1 123 ${hxtool} issue-certificate \ [all …]
|
| H A D | hxtool-commands.in | 39 long = "certificate" 42 argument = "certificate-store" 43 help = "certificate stores to pull certificates from" 50 help = "certificate to sign with" 55 argument = "certificate-store" 61 argument = "certificate-pool" 62 help = "certificate store to pull certificates from" 115 help = "only embed leaf certificate" 128 argument = "certificate-store" 132 long = "certificate" [all …]
|
| H A D | test_cms.in | 56 --certificate=FILE:$srcdir/data/secp256r2TestClient.pem \ 70 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 84 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 106 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 128 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test-pw.key \ 141 --certificate=FILE:$srcdir/data/test.combined.crt \ 154 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 169 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 183 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ 198 --certificate=FILE:$srcdir/data/test.crt,$srcdir/data/test.key \ [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man3/ |
| H A D | X509_STORE_CTX_get_error.pod | 9 X509_verify_cert_error_string - get or set certificate verification status 30 These functions are typically called after certificate or chain verification 44 nonnegative integer representing where in the certificate chain the error 45 occurred. If it is zero it occurred in the end entity certificate, one if 46 it is the certificate which signed the end entity certificate and so on. 52 X509_STORE_CTX_get_current_cert() returns the current certificate in 53 I<ctx>. If an error occurred, the current certificate will be the one 55 certificate is relevant. 57 X509_STORE_CTX_set_current_cert() sets the certificate I<x> in I<ctx> which 64 If a callback wishes the save the certificate for use after it returns, it [all …]
|
| H A D | SSL_CTX_set_client_cert_cb.pod | 5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function 20 called when a client certificate is requested by a server and no certificate 29 set a certificate, a certificate/private key combination must be set 31 certificate will be installed into I<ssl>, see the NOTES and BUGS sections. 32 If no certificate should be set, "0" has to be returned and no certificate 42 During a handshake (or renegotiation) a server may request a certificate 43 from the client. A client certificate must only be sent, when the server 46 When a certificate was set using the 49 certificate is sent, if it matches the list of acceptable CAs sent by the 52 selection routine or to allow a user interaction to choose the certificate to [all …]
|
| H A D | SSL_CTX_use_certificate.pod | 16 - load certificate and key data 66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>, 68 certificates needed to form the complete certificate chain can be 73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from 75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>. 77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file> 78 into B<ctx>. The formatting B<type> of the certificate must be specified 80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>. 84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from 86 be sorted starting with the subject's certificate (actual client or server [all …]
|
| H A D | SSL_get_certificate.pod | 5 SSL_get_certificate, SSL_get_privatekey - retrieve TLS/SSL certificate and 18 certificate used as the local peer's identity. 21 RSA and ECDSA certificates. The certificate which is returned by 28 If it is called before certificate selection has occurred, it returns the most 29 recently added certificate, or NULL if no certificate has been added. 33 After certificate selection has occurred, it returns the certificate which was 34 selected during the handshake, or NULL if no certificate was selected (for 35 example, on a client where no client certificate is in use). 41 will depend on whether that callback is made before or after certificate 45 L<SSL_CTX_set_tlsext_status_cb(3)>. This callback occurs after certificate [all …]
|
| H A D | X509_check_ca.pod | 5 X509_check_ca - check if given certificate is CA certificate 15 This function checks if given certificate is CA certificate (can be used 16 to sign other certificates). The certificate must be a complete certificate 21 Function return 0, if it is not CA certificate, 1 if it is proper X509v3 22 CA certificate with B<basicConstraints> extension CA:TRUE, 23 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with 26 extension telling that it is CA certificate. 30 Actually, any nonzero value means that this certificate could have been
|
| H A D | X509_get_extension_flags.pod | 15 X509_get_proxy_pathlen - retrieve certificate extension data 35 These functions retrieve information related to commonly used certificate extensions. 37 X509_get_pathlen() retrieves the path length extension from a certificate. 41 X509_get_extension_flags() retrieves general information about a certificate, 48 The certificate is an obsolete version 1 certificate. 52 The certificate contains a basic constraints extension. 56 The certificate contains basic constraints and asserts the CA flag. 60 The certificate is a valid proxy certificate. 64 The certificate is self issued (that is subject and issuer names match). 73 The freshest CRL extension is present in the certificate. [all …]
|
| H A D | SSL_CTX_add1_chain_cert.pod | 11 chain certificate processing 41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain 42 associated with the current certificate of B<ctx> to B<sk>. 45 certificate B<x509> to the chain associated with the current certificate of 49 certificate of B<ctx>. 52 current certificate of B<ctx>. (This is implemented by calling 55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>. 71 (i.e. server or client) certificate. This is the last certificate loaded or 75 certificate, but only if B<x509> has already been loaded into B<ctx> using a 83 SSL_CTX_set_current_cert() changes the current certificate to a value based [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man3/ |
| H A D | X509_STORE_CTX_get_error.pod | 9 X509_verify_cert_error_string - get or set certificate verification status 41 nonnegative integer representing where in the certificate chain the error 42 occurred. If it is zero it occurred in the end entity certificate, one if 43 it is the certificate which signed the end entity certificate and so on. 49 X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which 50 caused the error or B<NULL> if no certificate is relevant. 52 X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which 59 If a callback wishes the save the certificate for use after it returns, it 61 Once such a I<saved> certificate is no longer needed it can be freed with 65 certificate being verified by the B<ctx>. [all …]
|
| H A D | SSL_CTX_set_client_cert_cb.pod | 5 SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function 21 called when a client certificate is requested by a server and no certificate 30 set a certificate, a certificate/private key combination must be set 32 certificate will be installed into B<ssl>, see the NOTES and BUGS sections. 33 If no certificate should be set, "0" has to be returned and no certificate 43 During a handshake (or renegotiation) a server may request a certificate 44 from the client. A client certificate must only be sent, when the server 47 When a certificate was set using the 50 certificate is sent, if it matches the list of acceptable CAs sent by the 53 selection routine or to allow a user interaction to choose the certificate to [all …]
|
| H A D | SSL_CTX_use_certificate.pod | 16 - load certificate and key data 66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>, 68 certificates needed to form the complete certificate chain can be 73 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from 75 SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>. 77 SSL_CTX_use_certificate_file() loads the first certificate stored in B<file> 78 into B<ctx>. The formatting B<type> of the certificate must be specified 80 SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>. 84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from 86 be sorted starting with the subject's certificate (actual client or server [all …]
|
| H A D | X509_get_extension_flags.pod | 15 X509_get_proxy_pathlen - retrieve certificate extension data 35 These functions retrieve information related to commonly used certificate extensions. 37 X509_get_pathlen() retrieves the path length extension from a certificate. 41 X509_get_extension_flags() retrieves general information about a certificate, 48 The certificate is an obsolete version 1 certificate. 52 The certificate contains a basic constraints extension. 56 The certificate contains basic constraints and asserts the CA flag. 60 The certificate is a valid proxy certificate. 64 The certificate is self issued (that is subject and issuer names match). 73 The freshest CRL extension is present in the certificate. [all …]
|
| H A D | SSL_CTX_add1_chain_cert.pod | 11 chain certificate processing 41 SSL_CTX_set0_chain() and SSL_CTX_set1_chain() set the certificate chain 42 associated with the current certificate of B<ctx> to B<sk>. 45 certificate B<x509> to the chain associated with the current certificate of 49 certificate of B<ctx>. 52 current certificate of B<ctx>. (This is implemented by calling 55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally 68 (i.e. server or client) certificate. This is the last certificate loaded or 72 certificate, but only if B<x509> has already been loaded into B<ctx> using a 80 SSL_CTX_set_current_cert() changes the current certificate to a value based [all …]
|
| H A D | X509_check_ca.pod | 5 X509_check_ca - check if given certificate is CA certificate 15 This function checks if given certificate is CA certificate (can be used 20 Function return 0, if it is not CA certificate, 1 if it is proper X509v3 21 CA certificate with B<basicConstraints> extension CA:TRUE, 22 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with 25 extension telling that it is CA certificate. 27 Actually, any nonzero value means that this certificate could have been
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/HOWTO/ |
| H A D | certificates.txt | 13 This file is for users who wish to get a certificate of their own. 29 keys, so before you create a certificate or a certificate request, you 42 3. Creating a certificate request 44 To create a certificate, you need to start with a certificate request 45 (or, as some certificate authorities like to put it, "certificate 48 policies). A certificate request is sent to a certificate authority 49 to get it signed into a certificate. You can also sign the certificate 50 yourself if you have your own certificate authority or create a 51 self-signed certificate (typically for testing purpose). 53 The certificate request is created like this: [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man1/ |
| H A D | openssl-x509.pod.in | 84 This command is a multi-purposes certificate handling command. 85 It can be used to print certificate information, 86 convert certificates to various forms, edit certificate trust settings, 105 This specifies the input to read a certificate from 106 or the input file for reading a certificate request if the B<-req> flag is used. 113 The key and certificate file password source. 119 Generate a certificate from scratch, not using an input certificate 120 or certificate request. So the B<-in> option must not be used in this case. 128 Output a PKCS#10 certificate request (rather than a certificate). 132 X.509 extensions included in a certificate input are not copied by default. [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man1/ |
| H A D | verify.pod | 58 The B<verify> command verifies certificate chains. 77 form ("hash" is the hashed certificate subject name: see the B<-hash> option 102 the last certificate in a chain if the certificate is supposedly self-signed. 104 certificate with key usage restrictions not including the keyCertSign bit. 115 Attempt to download CRL information for this certificate. 119 Checks end entity certificate validity by attempting to look up a valid CRL. 148 supported by OpenSSL the certificate is rejected (as required by RFC5280). 176 trusted certificate that might not be self-signed. 186 Enables certificate policy processing. 194 The intended use for the certificate. If this option is not specified, [all …]
|
| H A D | x509.pod | 72 The B<x509> command is a multi purpose certificate utility. It can be 73 used to display certificate information, convert certificates to 74 various forms, sign certificate requests like a "mini CA" or edit 75 certificate trust settings. 93 certificate but this can change if other options such as B<-req> are 94 present. The DER format is the DER encoding of the certificate and PEM 105 This specifies the input filename to read a certificate from or standard input 144 When signing a certificate, preserve the "notBefore" and "notAfter" dates instead 158 Prints out the certificate in text form. Full details are output including the 164 Prints out the certificate extensions in text form. Extensions are specified [all …]
|
| /netbsd-src/crypto/external/bsd/openssl.old/dist/doc/man7/ |
| H A D | x509.pod | 5 x509 - X.509 certificate handling 13 An X.509 certificate is a structured grouping of information about 15 (certificate revocation list) is a tool to help determine if a 16 certificate is still valid. The exact definition of those can be 18 In OpenSSL, the type X509 is used to express such a certificate, and 21 A related structure is a certificate request, defined in PKCS#10 from 23 X509_REQ is used to express such a certificate request. 25 To handle some complex parts of a certificate, there are the types 26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express 27 a certificate attribute), X509_EXTENSION (to express a certificate [all …]
|
| /netbsd-src/crypto/external/bsd/openssl/dist/doc/man7/ |
| H A D | x509.pod | 5 x509 - X.509 certificate handling 13 An X.509 certificate is a structured grouping of information about 15 (certificate revocation list) is a tool to help determine if a 16 certificate is still valid. The exact definition of those can be 18 In OpenSSL, the type X509 is used to express such a certificate, and 21 A related structure is a certificate request, defined in PKCS#10 from 23 X509_REQ is used to express such a certificate request. 25 To handle some complex parts of a certificate, there are the types 26 X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express 27 a certificate attribute), X509_EXTENSION (to express a certificate [all …]
|
| /netbsd-src/crypto/external/bsd/heimdal/dist/tests/kdc/ |
| H A D | check-pkinit.in | 122 ${hxtool} issue-certificate \ 127 --certificate="FILE:ca.crt" || exit 1 130 ${hxtool} issue-certificate \ 131 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ 135 --certificate="FILE:kdc.crt" || exit 1 138 ${hxtool} issue-certificate \ 139 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ 143 --certificate="FILE:pkinit.crt" || exit 1 146 ${hxtool} issue-certificate \ 147 --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ [all …]
|
| /netbsd-src/crypto/external/bsd/heimdal/dist/doc/ |
| H A D | hx509.texi | 196 * Creating a CA certificate:: 210 * Creating a CA certificate:: 213 @c * Issuing a proxy certificate:: 214 @c * Creating a user certificate:: 215 @c * Validating a certificate:: 216 @c * Validating a certificate path:: 251 An optional system to which a CA delegates the publication of certificate revocation lists. 259 and basic certificate processing tasks, path construction, path 261 Encrypted (shared secret encrypted), CMS SignedData (certificate 262 signed), and CMS EnvelopedData (certificate encrypted). [all …]
|
| /netbsd-src/crypto/external/bsd/heimdal/dist/lib/hx509/data/ |
| H A D | nist-data2 | 3 # 4.1.2 Invalid CA Signature Test2 - Reject - Invalid signature on intermediate certificate 5 # 4.1.3 Invalid EE Signature Test3 - Reject - Invalid signature on end entity certificate 9 # 4.2.1 Invalid CA notBefore Date Test1 - Reject - notBefore date in intermediate certificate is af… 11 # 4.2.2 Invalid EE notBefore Date Test2 - Reject - notBefore date in end entity certificate is afte… 17 # 4.2.5 Invalid CA notAfter Date Test5 - Reject - notAfter date in intermediate certificate is befo… 19 # 4.2.6 Invalid EE notAfter Date Test6 - Reject - notAfter date in end entity certificate is before… 21 …2000 UTC EE notAfter Date Test7 - Reject - notAfter date in end entity certificate is before the c… 39 # 4.4.1 Missing CRL Test1 - Reject or Warn - status of end entity certificate can not be determined 41 # 4.4.2 Invalid Revoked CA Test2 - Reject - an intermediate certificate has been revoked. 43 # 4.4.3 Invalid Revoked EE Test3 - Reject - the end entity certificate has been revoked [all …]
|