Home
last modified time | relevance | path

Searched refs:certificate (Results 1 – 25 of 218) sorted by relevance

123456789

/openssl-master/doc/man3/
A DX509_STORE_CTX_get_error.pod46 it is the certificate which signed the end entity certificate and so on.
110 The issuer certificate of a locally looked up certificate could not be found.
191 The passed certificate is self-signed and the same certificate cannot be found
195 self-signed certificate in certificate chain>
204 The issuer certificate could not be found: this occurs if the issuer certificate
252 certificate.
259 the current certificate.
391 certificate chain.
396 EE certificate key too weak.
442 the subject's certificate.
[all …]
A DSSL_CTX_set_client_cert_cb.pod20 called when a client certificate is requested by a server and no certificate
29 set a certificate, a certificate/private key combination must be set
32 If no certificate should be set, "0" has to be returned and no certificate
42 During a handshake (or renegotiation) a server may request a certificate
46 When a certificate was set using the
57 If the callback function returns a certificate, the OpenSSL library
58 will try to load the private key and certificate data into the SSL
60 Thus it will permanently install the certificate and key for this SSL
63 a certificate.
79 certificate store for the SSL_CTX object (resulting in having to add
[all …]
A DX509_check_ca.pod5 X509_check_ca - check if given certificate is CA certificate
15 This function checks if given certificate is CA certificate (can be used
16 to sign other certificates). The certificate must be a complete certificate
21 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
22 CA certificate with B<basicConstraints> extension CA:TRUE,
23 3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
26 extension telling that it is CA certificate.
30 Actually, any nonzero value means that this certificate could have been
A DSSL_CTX_use_certificate.pod16 - load certificate and key data
66 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
68 certificates needed to form the complete certificate chain can be
84 SSL_CTX_use_certificate_chain_file() loads a certificate chain from
89 similar except it loads the certificate chain into B<ssl>.
96 to the certificate an error is returned. To change a certificate, private
102 certificate B<x>, private key B<key>, and certificate B<chain> onto the
141 key/certificate pairs at a time. The certificate used depends on the
146 one certificate or private key, consequently
153 certificate chain store for all certificate types, OpenSSL 1.0.2 and later
[all …]
A DX509_get_extension_flags.pod15 X509_get_proxy_pathlen - retrieve certificate extension data
48 The certificate is an obsolete version 1 certificate.
52 The certificate contains a basic constraints extension.
60 The certificate is a valid proxy certificate.
73 The freshest CRL extension is present in the certificate.
77 The certificate contains an unhandled critical extension.
81 Some certificate extension values are invalid or inconsistent.
82 The certificate should be rejected.
95 inconsistent. The certificate should be rejected.
155 given certificate B<x> if it is a proxy certificate.
[all …]
A DSSL_CTX_add1_chain_cert.pod11 chain certificate processing
42 associated with the current certificate of B<ctx> to B<sk>.
45 certificate B<x509> to the chain associated with the current certificate of
49 certificate of B<ctx>.
52 current certificate of B<ctx>. (This is implemented by calling
55 SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
71 (i.e. server or client) certificate. This is the last certificate loaded or
86 certificate after the current certificate. These two operations can be
91 this option sets that certificate to the current certificate and returns 1.
94 is not a server or a certificate has not been sent 0 is returned and
[all …]
A DSSL_get_peer_certificate.pod7 SSL_get1_peer_certificate - get the X509 certificate of the peer
19 These functions return a pointer to the X509 certificate the
20 peer presented. If the peer did not present a certificate, NULL is returned.
25 certificate, if present. A client will only send a certificate when
30 That a certificate is returned does not indicate information about the
36 containing the peer certificate is freed. The X509 object must be explicitly
52 No certificate was presented by the peer or no connection was established.
54 =item Pointer to an X509 certificate
56 The return value points to the certificate presented by the peer.
A DSSL_get_peer_cert_chain.pod5 SSL_get_peer_cert_chain, SSL_get0_verified_chain - get the X509 certificate
18 forming the certificate chain sent by the peer. If called on the client side,
19 the stack also contains the peer's certificate; if called on the server
20 side, the peer's certificate must be obtained separately using
22 If the peer did not present a certificate, NULL is returned.
28 SSL_get0_verified_chain() returns the B<verified> certificate chain
29 of the peer including the peer's end entity certificate. It must be called
40 The reference count of each certificate in the returned STACK_OF(X509) object
54 No certificate was presented by the peer or no connection was established
55 or the certificate chain is no longer available when a session is reused.
[all …]
A DSSL_CTX_set_verify.pod12 - set various SSL/TLS parameters for peer certificate verification
57 sent. A certificate callback will need to be set via
74 client, so the client will not send a certificate.
110 connection. Do not ask for a client certificate again during
147 The depth count is "level 0:peer certificate", "level 1: CA certificate",
153 a final trust anchor certificate.
158 the certificate in question was passed (preverify_ok=1) or not
160 for the certificate chain verification.
163 (the root CA certificate) and worked upward to the peer's certificate.
190 certificate or certificate callback to its configuration before it can
[all …]
A DSSL_check_chain.pod5 SSL_check_chain - check certificate chain suitability
15 SSL_check_chain() checks whether certificate B<x>, private key B<pk> and
16 certificate chain B<chain> is suitable for use with the current session
25 If this flag is B<not> set then the certificate will never be used even
31 B<CERT_PKEY_EE_SIGNATURE>: the signature algorithm of the EE certificate is
37 B<CERT_PKEY_EE_PARAM>: the parameters of the end entity certificate are
42 B<CERT_PKEY_EXPLICIT_SIGN>: the end entity certificate algorithm
49 B<CERT_PKEY_CERT_TYPE>: the certificate type is acceptable. Only meaningful
57 clients after a certificate request message. It will typically be called
58 in the certificate callback.
[all …]
A DSSL_CTX_set_max_cert_list.pod5 …set_max_cert_list, SSL_get_max_cert_list - manipulate allowed size for the peer's certificate chain
20 certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
27 certificate chain for B<ssl> to be <size> bytes. This setting stays valid
34 During the handshake process, the peer may send a certificate chain.
35 The TLS/SSL standard does not give any maximum size of the certificate chain.
38 received from a faulty or malicious peer, a maximum size for the certificate
41 The default value for the maximum certificate chain size is 100kB (30kB
42 on the 16-bit DOS platform). This should be sufficient for usual certificate
47 For special applications it can be necessary to extend the maximum certificate
57 If the maximum certificate chain size allowed is exceeded, the handshake will
A DOSSL_CMP_exec_certreq.pod55 OSSL_CMP_exec_IR_ses() requests an initial certificate from the given PKI.
57 OSSL_CMP_exec_CR_ses() requests an additional certificate.
61 OSSL_CMP_exec_KUR_ses() obtains an updated certificate.
63 These four types of certificate enrollment are implemented as macros
68 For IR, CR, and KUR, the certificate template to be used in the request
79 When called for the first time (with no certificate request in progress for
85 If the requested certificate is available the function returns 1 and the
87 If no error occurred but no certificate is available yet then
96 to see whether meanwhile the requested certificate is available.
101 OSSL_CMP_exec_RR_ses() requests the revocation of the certificate
[all …]
A DSSL_alert_type_string.pod40 non-fatal errors are certificate errors ("certificate expired",
99 =item "NC"/"no certificate"
101 A client, that was asked to send a certificate, does not send a certificate
104 =item "BC"/"bad certificate"
109 =item "UC"/"unsupported certificate"
113 =item "CR"/"certificate revoked"
115 A certificate was revoked by its signer.
117 =item "CE"/"certificate expired"
121 =item "CU"/"certificate unknown"
124 certificate, rendering it unacceptable.
[all …]
A DSSL_CTX_set1_verify_cert_store.pod8 SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate
28 set the certificate store used for certificate verification to B<st>.
31 set the certificate store used for certificate chain building to B<st>.
49 The verification store is used to verify the certificate chain sent by the
51 the server's certificate chain and a SSL/TLS server will use it to verify
52 any client certificate chain.
54 The chain store is used to build the certificate chain.
59 If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
A DOSSL_CRMF_MSG_get0_tmpl.pod44 OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
47 given certificate template I<tmpl>.
50 given certificate template I<tmpl>.
53 given certificate template I<tmpl>.
56 of the given certificate template I<tmpl>, or NULL if not present.
64 OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given
68 The function returns the decrypted certificate as a copy, leaving its ownership
76 OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a
A DX509_check_host.pod21 The certificate matching functions are used to check whether a
22 certificate matches a given hostname, email address, or IP address.
23 The validity of the certificate and its trust level has to be checked by
26 X509_check_host() checks if the certificate Subject Alternative
40 with a dot (e.g. ".example.com"), it will be matched by a certificate
44 When the certificate is matched, and B<peername> is not NULL, a
45 pointer to a copy of the matching SAN or CN from the peer certificate
50 X509_check_email() checks if the certificate matches the specified
118 in the peer certificate, to only match direct child sub-domains.
121 but would not match a peer certificate with a DNS name of
[all …]
A DSSL_SESSION_get0_peer.pod6 - get details about peer's certificate for a session
16 SSL_SESSION_get0_peer() returns the peer certificate associated with the session
17 B<s> or NULL if no peer certificate is available. The caller should not free the
22 SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if
23 no peer certificate is available.
/openssl-master/doc/HOWTO/
A Dcertificates.txt29 keys, so before you create a certificate or a certificate request, you
42 3. Creating a certificate request
44 To create a certificate, you need to start with a certificate request
45 (or, as some certificate authorities like to put it, "certificate
48 policies). A certificate request is sent to a certificate authority
49 to get it signed into a certificate. You can also sign the certificate
53 The certificate request is created like this:
73 4. Creating a self-signed test certificate
77 certificate for yourself. This is similar to creating a certificate
78 request, but creates a certificate instead of a certificate request.
[all …]
/openssl-master/doc/man7/
A Dx509.pod5 x509 - X.509 certificate handling
13 An X.509 certificate is a structured grouping of information about
15 (certificate revocation list) is a tool to help determine if a
16 certificate is still valid. The exact definition of those can be
18 In OpenSSL, the type X509 is used to express such a certificate, and
23 X509_REQ is used to express such a certificate request.
25 To handle some complex parts of a certificate, there are the types
27 a certificate attribute), X509_EXTENSION (to express a certificate
31 certificate and a corresponding private key.
40 functions handle PKCS#10 certificate requests.
[all …]
A Dproxy-certificates.pod14 operations on behalf of the owner of the EE (End Entity) certificate.
16 The requirements for a valid proxy certificate are:
23 another proxy certificate.
41 =head2 Enabling proxy certificate verification
61 # A proxy certificate MUST NEVER be a CA certificate.
65 # The extension which marks this certificate as a proxy
119 You can also create a proxy certificate using another proxy
136 user certificate and CA certificates.
139 application and the certificate validation procedure.
151 certificate is checked.
[all …]
/openssl-master/doc/man1/
A Dopenssl-x509.pod.in119 Generate a certificate from scratch, not using an input certificate
128 Output a PKCS#10 certificate request (rather than a certificate).
169 certificate request.
394 in the certificate.
403 to create a certificate even without providing an input certificate
419 When transforming a certificate to a new certificate
422 When transforming a certificate or certificate request,
521 A B<trusted certificate> is an ordinary certificate which has several
552 Sets the "alias" of the certificate. This will allow the certificate
714 Convert a certificate to a certificate request:
[all …]
A Dopenssl-verification-options.pod60 uses of a target certificate the certificate may serve as a trust anchor.
78 A certificate, which may be CA certificate or an end-entity certificate,
103 First, a certificate chain is built up starting from the target certificate
117 A candidate issuer certificate matches a subject certificate
135 The certificate signature algorithm used to sign the subject certificate
367 public key strength when verifying certificate chains. For a certificate
390 the last certificate in a chain if the certificate is supposedly self-signed.
427 construct a certificate chain from the target certificate to a trust anchor.
474 end-entity certificate nor the trust-anchor certificate count against the
513 end-entity certificate.
[all …]
A Dopenssl-nseq.pod.in6 openssl-nseq - create or examine a Netscape certificate sequence
19 This command takes a file containing a Netscape certificate
21 file of certificates and converts it into a Netscape certificate
24 A Netscape certificate sequence is an old Netscape-specific format that
27 certificate enrollment. It was also used by Netscape certificate server.
48 Normally a Netscape certificate sequence will be input and the output
50 situation is reversed: a Netscape certificate sequence is created from
59 Output the certificates in a Netscape certificate sequence
63 Create a Netscape certificate sequence
A Dopenssl-verify.pod.in6 openssl-verify - certificate verification command
24 [I<certificate> ...]
28 This command verifies certificate chains. If a certificate chain has multiple
51 Display information about the certificate chain that has been built (if
96 certificate files. This is useful if the first certificate filename begins
99 =item I<certificate> ...
102 given, this command will attempt to read a single certificate from standard
113 error 24 at 1 depth lookup:invalid CA certificate
117 and the depth. The depth is number of the certificate being verified when a
119 itself then 1 for the CA that signed the target certificate and so on.
[all …]
A Dopenssl-ca.pod.in204 certificate appears among the entries in the certificate database
207 self-signed certificate.
285 else a V3 certificate is created.
302 in the resulting certificate.
383 A filename containing a certificate to add a Valid certificate entry.
477 =item B<certificate>
480 certificate. Mandatory.
496 a certificate for.
652 Sign a certificate request:
656 Sign an SM2 certificate request:
[all …]

Completed in 39 milliseconds

123456789