Zilog EZ80F91AZA Manual do Utilizador Página 55
- Página / 79
- Índice
- MARCADORES
Avaliado. / 5. Com base em avaliações de clientes
UM020107-1211 SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
49
#define SSL_X509_SIGNATURE_VERIFIED 0x04
#define SSL_X509_SELF_SIGNED 0x08
#define SSL_X509_PERMANENT 0x10
#define SSL_X509_UNKNOWN_SIG_ALG 0x40
#define SSL_X509_TRUSTED 0x80
In general, certificates for which the SSL_X509_PARSED_OK flag is not set must never be
trusted.
If the
SSL_X509_DATE_VALID flag is not set, an attempt is made to use the certificate
before or after its stated validity period. However, it could also be the case that the system
date has not been set correctly.
The
SSL_SIGNATURE_VERIFIED flag indicates if the SSL library is able to verify the sig-
nature on the certificate. This verification is possible with a self-signed certificate, but it
will only be possible with other certificates if the SSL layer is in possession of the issuer’s
certificate (i.e., public key). Again, this verification is possible for all certificates in the
certificate chain except, perhaps, for the last certificate. If the last certificate in the chain is
self-signed, then its signature can be verified; if it is not, then your application must deter-
mine if the issuer should be trusted.
The
SSL_X509_SELF_SIGNED flag indicates that the subject and issuer of the suspect
certificate are identical; i.e., an entity is vouching for itself. Because the SSL layer has no
way of determining if such a certificate is truly trustworthy, such certificates are always
passed to the
VerifyCertificate callback routine. In some cases, the certificate should
be accepted without any question. For example, if a self-signed certificate is installed for a
ZTP Network Security SSL Plug-In server, the
VerifyCertificate callback function
will be called. Clearly, this certificate must be accepted, because it is the one owned by
your application.
In those cases in which a remote SSL server presents a certificate chain that does not end
in a self-signed root certificate, it must be assumed that the client application is already in
possession of the trusted root certificate, or implicitly trusts the certificate’s issuer. In all
other cases, the certificate might not be trustworthy.
Generally, the only certificates that are marked
SSL_X509_PERMANENT are the local
server certificates. However, your application is permitted to set this flag on any certificate
presented to the
VerifyCertificate callback for which SSL_SUCCESS is being
returned. This allowance will prevent the SSL layer from releasing resources associated
with the certificate.
The
SSL_X509_UNKNOWN_SIG_ALG flag indicates one possible reason why the signature
verified flag is not set (i.e., if the ZTP Network Security SSL Plug-In does not implement
or has been configured not to support the signature algorithm that the issuer used to sign
the certificate), then it will not be possible to verify the signature. In this case, the
SSL_X509_UNKNOWN_SIG_ALG flag will be set and the
SSL_X509_SIGNATURE_VERIFIED
flag will be cleared.
- ZTP Network Security SSL 1
- UM020107-1211 2
- Revision History 3
- Table of Contents 5
- Introduction 7
- Architecture 8
- Handshake Protocol 9
- How to Use SSL 10
- SSL Version 2 12
- UM020107-1211 Introduction 13
- User Manual 13
- HMAC_MD5 and 13
- SSL Handshake Protocols 14
- Security Concepts 15
- Getting Started 19
- Getting Started 21
- → Rebuild All menu option 23
- Send an Encrypted Message 24
- SSL Configuration 25
- ZDS II Project Settings 26
- SSL Initialization 27
- Digest Algorithm Selection 30
- Cipher Algorithm Selection 32
- PKI Algorithm Selection 34
- Cipher Suite Configuration 37
- Cipher Suite Tables 40
- EDH Parameters 43
- Modulus Length 45
- Certificates 46
- Certificate Chains 47
- Generating Certificates 48
- SSL Configuration 52
- Certificate Creation Issues 53
- Certificate Verification 54
- Verifying All Certificates 56
- Signature Verification 56
- Limitations 57
- Session Cache 58
- Session Cache Operation 59
- Diagnostic Messages 59
- How to Use the HTTPS Server 60
- Figure 7. Security Alert 62
- Creating SSL Applications 63
- Client Applications 66
- SSL Version 2 Cipher Suites 69
- SSL Version 3 Cipher Suites 70
- TLS Version 1 Cipher Suites 71
- AES Extensions 73
- UM020107-1211 74
- Private Cipher Suites 75
- Customer Support 79
Manuais e produtos relacionados com Sensores Zilog EZ80F91AZA
Sensores Zilog Z8F0130 Manual do Utilizador
(214 páginas)
(214 páginas)
Sensores Zilog EZ80F916 Manual do Utilizador
(0 páginas)
(0 páginas)
Sensores Zilog EZ80F916 Manual do Utilizador
(0 páginas)
(0 páginas)
Sensores Zilog EZ80190 Manual do Utilizador
(10 páginas)
(10 páginas)
Sensores Zilog EZ80F91AZA Manual do Utilizador
(34 páginas)
(34 páginas)
Sensores Zilog EZ80190 Manual do Utilizador
(87 páginas)
(87 páginas)
Sensores Zilog EZ80F91 Manual do Utilizador
(78 páginas)
(78 páginas)
Sensores Zilog Z02215 Manual do Utilizador
(2 páginas)
(2 páginas)
Sensores Zilog eZ80F92 Manual do Utilizador
(87 páginas)
(87 páginas)
Sensores Zilog EZ80L92 Manual do Utilizador
(86 páginas)
(86 páginas)
Sensores Zilog Z16C30 Manual do Utilizador
(208 páginas)
(208 páginas)
Sensores Zilog Z16C35 Manual do Utilizador
(322 páginas)
(322 páginas)
Sensores Zilog Z80380 Manual do Utilizador
(268 páginas)
(268 páginas)
Sensores Zilog Z80380 Manual do Utilizador
(116 páginas)
(116 páginas)
Sensores Zilog Z80195 Manual do Utilizador
(47 páginas)
(47 páginas)
Sensores Zilog Z80180 Manual do Utilizador
(326 páginas)
(326 páginas)
Sensores Zilog Z86193 Manual do Utilizador
(260 páginas)
(260 páginas)
Sensores Zilog Z86C36 Manual do Utilizador
(64 páginas)
(64 páginas)
Sensores Zilog Z86E07 Manual do Utilizador
(43 páginas)
(43 páginas)
Sensores Zilog Z08470 Manual do Utilizador
(326 páginas)
(326 páginas)
© 2020, manymanuals-pt.com. Todos os direitos reservados. | 0.039 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais