| /openbsd-current/usr.sbin/acme-client/ |
| H A D | parse.h | 52 char *cert; member in struct:domain_c
|
| /openbsd-current/lib/libcrypto/cms/ |
| H A D | cms_lib.c | 530 CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert) argument
542 if (!X509_cmp(cch->d.certificate, cert)) {
552 cch->d.certificate = cert;
559 CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) argument
563 r = CMS_add0_cert(cms, cert);
565 X509_up_ref(cert);
711 cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) argument
715 ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
719 return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
723 cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) argument
734 cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) argument
758 cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) argument
[all...] |
| H A D | cms_smime.c | 669 X509 *cert)
680 if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
687 return cert == NULL ? 0 : -1;
694 CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) argument
716 r = cms_kari_set1_pkey(cms, ri, pk, cert);
723 * If we have a cert try matching RecipientInfo otherwise try them
726 else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
731 if (cert) {
668 cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_PKEY *pk, X509 *cert) argument
831 CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont, BIO *out, unsigned int flags) argument
[all...] |
| H A D | cms_local.h | 173 /* Set to 1 if we have no cert and need extra safety measures for MMA */
195 /* Recipient Key and cert */
419 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
422 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
428 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
429 int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
430 int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
431 int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
|
| /openbsd-current/regress/usr.sbin/syslogd/ |
| H A D | args-tls-cafile-default.pl | 4 # The cafile is the system default which has no matching cert.
20 qr{NAMI "/etc/ssl/cert.pem"} => 1,
23 qr{CAfile /etc/ssl/cert.pem} => 1,
|
| /openbsd-current/regress/usr.bin/ssh/ |
| H A D | agent.sh | 42 ${SSHKEYGEN} -qs $OBJ/user_ca_key -I "$t cert" \
61 cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
143 (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
149 -oCertificateFile=$OBJ/$t-agent-cert.pub \
202 check_key_present ssh-ed25519-cert-v01@openssh.com
203 # Put key/cert back.
208 trace "delete key/cert by file"
211 check_key_absent ssh-ed25519-cert-v01@openssh.com
212 # Put key/cert bac
[all...] |
| H A D | cert-file.sh | 1 # $OpenBSD: cert-file.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
32 mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_1.pub
36 mv $OBJ/user_key1-cert.pub $OBJ/cert_user_key1_2.pub
49 echo "cert-authority $(cat $OBJ/user_ca_key1.pub)" > $OBJ/authorized_keys_$USER
57 # Key with no .pub should work - finding the equivalent *-cert.pub.
58 verbose "identity cert with no plain public file"
66 -oCertificateFile=$OBJ/user_key3-cert.pub \
78 # Keys with untrusted cert should fail.
79 verbose "untrusted cert"
84 fail "ssh succeeded with bad cert"
[all...] |
| /openbsd-current/usr.sbin/rpki-client/ |
| H A D | geofeed.c | 108 struct cert *cert = NULL; local
248 if ((cert = cert_parse_ee_cert(fn, talid, *x509)) == NULL)
252 warnx("%s: inherit elements not allowed in EE cert", fn);
256 if (cert->asz > 0) {
261 geofeed->valid = valid_geofeed(fn, cert, geofeed);
271 cert_free(cert);
|
| /openbsd-current/regress/lib/libtls/keypair/ |
| H A D | keypairtest.c | 88 const uint8_t *cert, *key, *ocsp_staple; local
94 load_file(cert_file, &cert, &cert_len);
104 fprintf(stderr, "FAIL: failed to load cert file: %s\n",
118 if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
140 if (tls_keypair_set_cert_mem(kp, &err, cert, cert_len) == -1) {
141 fprintf(stderr, "FAIL: failed to load cert: %s\n", err.msg);
153 if (compare_mem("certificate", cert, cert_len, kp->cert_mem,
186 free((uint8_t *)cert);
|
| /openbsd-current/usr.bin/ssh/ |
| H A D | auth2-hostbased.c | 111 (key->cert == NULL || key->cert->signature_type == NULL) ?
112 "(null)" : key->cert->signature_type);
234 if ((fp = sshkey_fingerprint(key->cert->signature_key,
238 "%s CA %s from %s@%s", key->cert->key_id,
239 sshkey_type(key->cert->signature_key), fp,
|
| H A D | auth2-pubkey.c | 166 (key->cert == NULL || key->cert->signature_type == NULL) ?
167 "(null)" : key->cert->signature_type);
177 ca_s = format_key(key->cert->signature_key);
316 struct sshkey_cert *cert, struct sshauthopt **authoptsp)
330 success = auth_process_principals(f, file, cert, authoptsp);
345 const struct sshkey_cert *cert = key->cert; local
393 if ((ca_fp = sshkey_fingerprint(cert->signature_key,
403 if ((r = sshkey_to_base64(cert
315 match_principals_file(struct passwd *pw, char *file, struct sshkey_cert *cert, struct sshauthopt **authoptsp) argument
[all...] |
| H A D | authfile.c | 305 if (asprintf(&file, "%s-cert.pub", filename) == -1)
319 struct sshkey *key = NULL, *cert = NULL; local
341 (r = sshkey_load_cert(filename, &cert)) != 0)
345 if (sshkey_equal_public(key, cert) == 0) {
351 (r = sshkey_cert_copy(cert, key)) != 0)
360 sshkey_free(cert);
419 sshkey_compare(key->cert->signature_key, pub))) {
|
| /openbsd-current/lib/libssl/test/ |
| H A D | testssl | 9 cert=../apps/server.pem
11 cert="$2"
13 ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
15 if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
152 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
158 ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
| /openbsd-current/usr.sbin/relayd/ |
| H A D | ca.c | 75 hash_x509(X509 *cert, char *hash, size_t hashlen) argument
82 if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1)
105 struct relay_cert *cert; local
109 TAILQ_FOREACH(cert, env->sc_certs, cert_entry) {
110 if (cert->cert_fd == -1 || cert->cert_key_fd == -1)
113 if ((buf = relay_load_fd(cert->cert_fd, &len)) == NULL)
114 fatal("ca_launch: cert relay_load_fd");
117 fatalx("ca_launch: cert BIO_new_mem_buf");
121 fatalx("ca_launch: cert PEM_read_bio_X50
[all...] |
| H A D | relayd.c | 554 struct relay_cert *cert, *tmpcert; local
597 TAILQ_FOREACH_SAFE(cert, env->sc_certs, cert_entry, tmpcert) {
598 if (rlay->rl_conf.id != cert->cert_relayid)
600 if (cert->cert_fd != -1)
601 close(cert->cert_fd);
602 if (cert->cert_key_fd != -1)
603 close(cert->cert_key_fd);
604 if (cert->cert_ocsp_fd != -1)
605 close(cert->cert_ocsp_fd);
606 if (cert
1259 struct relay_cert *cert; local
1285 struct relay_cert *cert; local
1329 struct relay_cert *cert; local
[all...] |
| /openbsd-current/lib/libcrypto/ts/ |
| H A D | ts_conf.c | 96 BIO *cert = NULL; local
99 if ((cert = BIO_new_file(file, "r")) == NULL)
101 x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
106 BIO_free(cert);
211 TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, argument
217 if (!cert)
218 cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
219 if (!cert) {
223 if (!(cert_obj = TS_CONF_load_cert(cert)))
|
| /openbsd-current/regress/lib/libcrypto/x509/bettertls/ |
| H A D | verify.c | 104 STACK_OF(X509) *roots = NULL, *bundle = NULL, *cert = NULL;
118 if (!certs_from_file(cert_file, &cert))
119 errx(1, "failed to load cert from '%s'", cert_file);
120 if (sk_X509_num(cert) < 1)
121 errx(1, "no certs in cert bundle %s", cert_file);
122 leaf = sk_X509_shift(cert);
187 sk_X509_pop_free(cert, X509_free);
|
| H A D | check.perl | 75 my $cert = $id + 1;
79 print STDERR "$cert DNS expected $expecteddns[$id] known $knowndns[$id] result $outdns[$id]";
89 print STDERR "$cert IP expected $expectedip[$id] known $knownip[$id] result $outip[$id]";
|
| /openbsd-current/regress/usr.bin/ssh/unittests/sshkey/ |
| H A D | mktestdata.sh | 202 ssh-keygen -lf rsa_1-cert.pub | awk '{print $2}' > rsa_1-cert.fp
203 ssh-keygen -lf dsa_1-cert.pub | awk '{print $2}' > dsa_1-cert.fp
204 ssh-keygen -lf ecdsa_1-cert.pub | awk '{print $2}' > ecdsa_1-cert.fp
205 ssh-keygen -lf ed25519_1-cert.pub | awk '{print $2}' > ed25519_1-cert.fp
206 ssh-keygen -lf ecdsa_sk1-cert.pub | awk '{print $2}' > ecdsa_sk1-cert
[all...] |
| /openbsd-current/lib/libssl/ |
| H A D | ssl_lib.c | 227 ctx->cert);
267 if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
567 ssl_cert_free(s->cert);
914 X509 *cert; local
919 if ((cert = s->session->peer_cert) == NULL)
922 X509_up_ref(cert);
924 return cert;
975 tmp = t->cert;
976 if (f->cert !
[all...] |
| /openbsd-current/sbin/isakmpd/ |
| H A D | ike_auth.c | 49 #include "cert.h"
564 void *cert = 0; local
615 cert = handler->cert_get(rawcert, rawcertlen);
616 if (!cert)
620 if (!handler->cert_get_key(cert, &key)) {
623 handler->cert_free(cert);
627 "rsa_sig_decode_hash: using cert "
629 exchange->recv_cert = cert;
632 cert);
662 cert
[all...] |
| /openbsd-current/usr.sbin/ldapd/ |
| H A D | parse.y | 188 char *cert;
197 cert = ($6 != NULL) ? $6 : $3;
200 load_certfile(conf, cert, F_SCERT, $5) < 0) {
201 yyerror("cannot load certificate: %s", cert);
207 if (! interface($3, cert, &conf->listeners,
209 if (host($3, cert, &conf->listeners,
1016 host_dns(const char *s, const char *cert,
1049 if (cert != NULL)
1050 (void)strlcpy(h->ssl_cert_name, cert, sizeof(h->ssl_cert_name));
1073 host(const char *s, const char *cert, struc
[all...] |
| /openbsd-current/lib/libcrypto/ct/ |
| H A D | ct_local.h | 148 X509 *cert; member in struct:ct_policy_eval_ctx_st
169 * If *cert does not have a poison extension, presigner must be NULL.
170 * If *cert does not have a poison extension, it may have a single SCT
172 * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
176 int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
|
| /openbsd-current/regress/lib/libssl/ssl/ |
| H A D | testssl | 4 cert="$2"
6 ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
12 if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
105 # ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
111 # ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
| /openbsd-current/lib/libcrypto/x509/ |
| H A D | x509_internal.h | 63 int *cert_errors; /* Verify error for each cert in chain. */
126 X509 *cert, int include_cn, int *error);
127 int x509_constraints_extract_constraints(X509 *cert,
|