Home
last modified time | relevance | path

Searched refs:dane (Results 1 – 25 of 26) sorted by relevance

12

/netbsd/src/external/ibm-public/postfix/dist/src/tls/
Dtls_dane.c292 TLS_DANE *dane = (TLS_DANE *) mymalloc(sizeof(*dane)); in tls_dane_alloc() local
294 dane->tlsa = 0; in tls_dane_alloc()
295 dane->base_domain = 0; in tls_dane_alloc()
296 dane->flags = 0; in tls_dane_alloc()
297 dane->expires = 0; in tls_dane_alloc()
298 dane->refs = 1; in tls_dane_alloc()
299 return (dane); in tls_dane_alloc()
317 void tls_dane_free(TLS_DANE *dane) in tls_dane_free() argument
319 if (--dane->refs > 0) in tls_dane_free()
321 if (dane->base_domain) in tls_dane_free()
[all …]
Dtls_proxy_client_print.c227 const TLS_DANE *dane = (const TLS_DANE *) ptr; in tls_proxy_client_dane_print() local
231 SEND_ATTR_INT(TLS_ATTR_DANE, dane != 0), in tls_proxy_client_dane_print()
234 msg_info("tls_proxy_client_dane_print dane=%d", dane != 0); in tls_proxy_client_dane_print()
236 if (ret == 0 && dane != 0) { in tls_proxy_client_dane_print()
240 STRING_OR_EMPTY(dane->base_domain)), in tls_proxy_client_dane_print()
242 (const void *) dane->tlsa), in tls_proxy_client_dane_print()
346 (const void *) props->dane), in tls_proxy_client_start_print()
Dtls_proxy_client_scan.c336 if (props->dane) in tls_proxy_client_start_free()
337 tls_dane_free((TLS_DANE *) props->dane); in tls_proxy_client_start_free()
399 TLS_DANE *dane = 0; in tls_proxy_client_dane_scan() local
412 dane = tls_dane_alloc(); in tls_proxy_client_dane_scan()
417 &dane->tlsa), in tls_proxy_client_dane_scan()
421 dane->base_domain = vstring_export(base_domain); in tls_proxy_client_dane_scan()
424 tls_dane_free(dane); in tls_proxy_client_dane_scan()
425 dane = 0; in tls_proxy_client_dane_scan()
428 *(TLS_DANE **) ptr = dane; in tls_proxy_client_dane_scan()
556 props->dane = 0; /* scan_fn may return early */ in tls_proxy_client_start_scan()
[all …]
Dtls_client.c598 sni = props->dane->base_domain; in tls_auth_enable()
616 if (TLScontext->dane != 0 && TLScontext->dane->tlsa != 0) { in tls_auth_enable()
1050 TLScontext->dane = props->dane; in tls_client_start()
1116 if (TLScontext->dane && TLScontext->dane->tlsa) { in tls_client_start()
Dtls.h182 #define tls_dane_unusable(dane) ((dane)->flags & TLS_DANE_FLAG_EMPTY) argument
183 #define tls_dane_notfound(dane) ((dane)->flags & TLS_DANE_FLAG_NORRS) argument
270 const TLS_DANE *dane; /* DANE TLSA digests */ member
508 const TLS_DANE *dane; /* DANE TLSA verification */ member
Dtls_fprint.c293 && props->dane && props->dane->tlsa) { in tls_serverid_digest()
294 CHECK_OK_AND(tls_digest_tlsa(mdctx, props->dane->tlsa)); in tls_serverid_digest()
Dtls_misc.c1381 TLScontext->dane = 0; /* Alias for props->dane */ in tls_alloc_sess_context()
/netbsd/src/external/ibm-public/postfix/dist/src/smtp/
Dsmtp_tls_policy.c396 if (!tls->dane) in tls_policy_lookup_one()
397 tls->dane = tls_dane_alloc(); in tls_policy_lookup_one()
398 if (!tls_dane_load_trustfile(tls->dane, val)) { in tls_policy_lookup_one()
553 static int load_tas(TLS_DANE *dane, const char *files) in load_tas() argument
562 ret = tls_dane_load_trustfile(dane, file); in load_tas()
751 if (tls->dane == 0) in policy_create()
752 tls->dane = tls_dane_alloc(); in policy_create()
758 tls_dane_add_fpt_digests(tls->dane, DONT_SUPPRESS_CERT_MATCH, in policy_create()
763 tls_dane_add_fpt_digests(tls->dane, DONT_SUPPRESS_CERT_MATCH, in policy_create()
767 if (tls->dane->tlsa == 0) { in policy_create()
[all …]
Dsmtp_tlsrpt.c284 TLS_DANE *dane = state->tls->dane; in smtp_tlsrpt_set_dane_policy() local
287 for (tlsa = dane->tlsa; tlsa != 0; tlsa = tlsa->next) { in smtp_tlsrpt_set_dane_policy()
295 (const char *const *) argv->argv, dane->base_domain, in smtp_tlsrpt_set_dane_policy()
342 if (tls->dane != 0) /* Actual policy */ in smtp_tlsrpt_set_tls_policy()
Dsmtp.h109 TLS_DANE *dane; /* DANE TLSA digests */ member
165 _tls_policy_init_tmp->dane = 0; \
Dsmtp_proto.c983 dane = state->tls->dane); in smtp_start_tls()
1112 dane = state->tls->dane); in smtp_start_tls()
/netbsd/src/crypto/external/bsd/openssl/dist/crypto/x509/
Dx509_vfy.c295 ret = DANETLS_ENABLED(ctx->dane) ? dane_verify(ctx) : verify_chain(ctx); in X509_verify_cert()
815 SSL_DANE *dane = ctx->dane; in check_trust() local
823 if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { in check_trust()
897 if (!DANETLS_ENABLED(dane)) in check_trust()
899 if (dane->pdpth < 0) in check_trust()
900 dane->pdpth = num_untrusted; in check_trust()
902 if (dane->mdpth >= 0) in check_trust()
2348 ctx->dane = NULL; in X509_STORE_CTX_init()
2647 void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) in X509_STORE_CTX_set0_dane() argument
2649 ctx->dane = dane; in X509_STORE_CTX_set0_dane()
[all …]
/netbsd/src/crypto/external/bsd/openssl/dist/ssl/
Dssl_lib.c170 static void dane_final(SSL_DANE *dane) in dane_final() argument
172 sk_danetls_record_pop_free(dane->trecs, tlsa_free); in dane_final()
173 dane->trecs = NULL; in dane_final()
175 sk_X509_pop_free(dane->certs, X509_free); in dane_final()
176 dane->certs = NULL; in dane_final()
178 X509_free(dane->mcert); in dane_final()
179 dane->mcert = NULL; in dane_final()
180 dane->mtlsa = NULL; in dane_final()
181 dane->mdpth = -1; in dane_final()
182 dane->pdpth = -1; in dane_final()
[all …]
Dssl_cert.c425 if (DANETLS_ENABLED(&s->dane)) in ssl_verify_cert_chain()
426 X509_STORE_CTX_set0_dane(ctx, &s->dane); in ssl_verify_cert_chain()
Dssl_local.h1133 struct dane_ctx_st dane; member
1446 SSL_DANE dane; member
/netbsd/src/crypto/external/bsd/openssl/dist/crypto/err/
Dopenssl.txt1311 SSL_R_CONTEXT_NOT_DANE_ENABLED:167:context not dane enabled
1317 SSL_R_DANE_ALREADY_ENABLED:172:dane already enabled
1318 SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL:173:dane cannot override mtype full
1319 SSL_R_DANE_NOT_ENABLED:175:dane not enabled
1320 SSL_R_DANE_TLSA_BAD_CERTIFICATE:180:dane tlsa bad certificate
1321 SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE:184:dane tlsa bad certificate usage
1322 SSL_R_DANE_TLSA_BAD_DATA_LENGTH:189:dane tlsa bad data length
1323 SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH:192:dane tlsa bad digest length
1324 SSL_R_DANE_TLSA_BAD_MATCHING_TYPE:200:dane tlsa bad matching type
1325 SSL_R_DANE_TLSA_BAD_PUBLIC_KEY:201:dane tlsa bad public key
[all …]
/netbsd/src/external/ibm-public/postfix/dist/
DRELEASE_NOTES-3.4151 It supports all Postfix TLS security levels including dane and
152 dane-only.
DRELEASE_NOTES-2.1130 This feature introduces new TLS security levels called "dane" and
31 "dane-only" (DNS-based Authentication of Named Entities) that use
DRELEASE_NOTES-3.9269 - At the "dane" and "dane-only" security levels, the Postfix SMTP
DWISHLIST328 Hardening the half-dane behavior: some sites may rely on
/netbsd/src/external/ibm-public/postfix/dist/proto/
Dstop.double-cc260 DNS at the dane dane only and half dane security levels or be
Dstop1208 dane
Dpostconf.proto11610 <dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
11634 <dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
11833 "dane" or "dane-only" it is best not to disable TLSv1, except perhaps
12105 <dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
12123 purposes of protocol and cipher selection, the "dane" security level
12130 <dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
12131 <dd>Mandatory DANE TLS. This is just like "dane" above, but DANE
16719 <a href="TLS_README.html#client_tls_dane">dane</a> or <a
16720 href="TLS_README.html#client_tls_dane">dane-only</a> TLS security
17009 href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types"
[all …]
/netbsd/src/external/ibm-public/postfix/dist/conf/
Dpostfix-tls-script588 …https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certifi…
/netbsd/src/external/public-domain/xz/dist/po/
Dpl.po712 " blokujący, wszystkie gotowe dane są zapisywane"

12