- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 333 for Certificate (0.16 sec)
-
okhttp/src/test/java/okhttp3/internal/tls/CertificatePinnerChainValidationTest.kt
// Add a bad intermediate CA and have that issue a rogue certificate for localhost. Prepare // an SSL context for an attacking webserver. It includes both these rogue certificates plus the // trusted good certificate above. The attack is that by including the good certificate in the // chain, we may trick the certificate pinner into accepting the rouge certificate. val compromisedIntermediateCa = HeldCertificate.Builder()
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 23.8K bytes - Viewed (0) -
docs/en/docs/deployment/https.md
The TLS Termination Proxy would have access to one or more **TLS certificates** (HTTPS certificates). Using the **SNI extension** discussed above, the TLS Termination Proxy would check which of the TLS (HTTPS) certificates available it should use for this connection, using the one that matches the domain expected by the client. In this case, it would use the certificate for `someapp.example.com`. <img src="/img/deployment/https/https03.svg">
Registered: Sun Nov 03 07:19:11 UTC 2024 - Last Modified: Tue Aug 06 04:48:30 UTC 2024 - 12K bytes - Viewed (0) -
istioctl/pkg/writer/ztunnel/configdump/certificates.go
} today := time.Now() expDate, err := time.Parse(time.RFC3339, cert.ExpirationTime) if err != nil { log.Errorf("certificate timestamp (%v) could not be parsed: %v", cert.ExpirationTime, err) return false } fromDate, err := time.Parse(time.RFC3339, cert.ValidFrom) if err != nil { log.Errorf("certificate timestamp (%v) could not be parsed: %v", cert.ValidFrom, err) return false }
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Apr 25 16:38:16 UTC 2024 - 3.2K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/internal/tls/OkHostnameVerifier.kt
} } fun verify( host: String, certificate: X509Certificate, ): Boolean { return when { host.canParseAsIpAddress() -> verifyIpAddress(host, certificate) else -> verifyHostname(host, certificate) } } /** Returns true if [certificate] matches [ipAddress]. */ private fun verifyIpAddress( ipAddress: String, certificate: X509Certificate, ): Boolean {
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Apr 15 14:55:09 UTC 2024 - 7.7K bytes - Viewed (0) -
architecture/security/istio-agent.md
a certificate. This can be handled in various ways: * `GenerateSecret` may additionally write any signed certificates to disk, with `OUTPUT_CERTS` configured. * Users may have external CA setups that pre-configure certificates. * The CaClient can use JWT token for the initial setup, then switch to mTLS certificates.
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Jul 18 23:11:18 UTC 2024 - 7.2K bytes - Viewed (0) -
okhttp-testing-support/src/main/kotlin/okhttp3/FakeSSLSession.kt
} @Suppress("UNCHECKED_CAST") @Throws(SSLPeerUnverifiedException::class) override fun getPeerCertificates(): Array<Certificate> { return if (certificates.isEmpty()) { throw SSLPeerUnverifiedException("peer not authenticated") } else { certificates as Array<Certificate> } } @Throws( SSLPeerUnverifiedException::class, )
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 3.3K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/CertificatePinner.kt
* `api.publicobject.com` are valid if either A's or B's certificate is in the chain. * * ## Warning: Certificate Pinning is Dangerous! * * Pinning certificates limits your server team's abilities to update their TLS certificates. By * pinning certificates, you take on additional operational complexity and limit your ability to * migrate between certificate authorities. Do not use certificate pinning without the blessing of
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 14.2K bytes - Viewed (0) -
okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt
val certificate = heldCertificate.certificate assertThat(certificate.getSubjectX500Principal().name, "self-signed") .isEqualTo(certificate.getIssuerX500Principal().name) assertThat(certificate.getIssuerX500Principal().name).matches(Regex("CN=[0-9a-f-]{36}")) assertThat(certificate.serialNumber).isEqualTo(BigInteger.ONE) assertThat(certificate.subjectAlternativeNames).isNull()
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 22.5K bytes - Viewed (0) -
cmd/sts-handlers.go
// configured expiry and the duration until the certificate itself // expires. // We must not issue credentials that out-live the certificate. if validUntil := time.Until(certificate.NotAfter); validUntil < expiry { expiry = validUntil } // Associate any service accounts to the certificate CN parentUser := "tls" + getKeySeparator() + certificate.Subject.CommonName
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Thu Aug 15 01:29:20 UTC 2024 - 33.9K bytes - Viewed (0) -
okhttp-tls/src/test/java/okhttp3/tls/internal/der/DerCertificatesTest.kt
val certificate = HeldCertificate.Builder() .keyPair(publicKey, privateKey) .build() val certificateByteString = certificate.certificate.encoded.toByteString() val okHttpCertificate = CertificateAdapters.certificate .fromDer(certificateByteString)
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 43.9K bytes - Viewed (0)