- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 338 for certificate (0.08 sec)
-
okhttp/src/test/java/okhttp3/internal/tls/CertificatePinnerChainValidationTest.kt
// Add a bad intermediate CA and have that issue a rogue certificate for localhost. Prepare // an SSL context for an attacking webserver. It includes both these rogue certificates plus the // trusted good certificate above. The attack is that by including the good certificate in the // chain, we may trick the certificate pinner into accepting the rouge certificate. val compromisedIntermediateCa = HeldCertificate.Builder()
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 23.8K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/CertificatePinner.kt
* `api.publicobject.com` are valid if either A's or B's certificate is in the chain. * * ## Warning: Certificate Pinning is Dangerous! * * Pinning certificates limits your server team's abilities to update their TLS certificates. By * pinning certificates, you take on additional operational complexity and limit your ability to * migrate between certificate authorities. Do not use certificate pinning without the blessing of
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 14.2K bytes - Viewed (0) -
istioctl/pkg/writer/ztunnel/configdump/certificates.go
} today := time.Now() expDate, err := time.Parse(time.RFC3339, cert.ExpirationTime) if err != nil { log.Errorf("certificate timestamp (%v) could not be parsed: %v", cert.ExpirationTime, err) return false } fromDate, err := time.Parse(time.RFC3339, cert.ValidFrom) if err != nil { log.Errorf("certificate timestamp (%v) could not be parsed: %v", cert.ValidFrom, err) return false }
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Apr 25 16:38:16 UTC 2024 - 3.2K bytes - Viewed (0) -
docs/en/docs/deployment/https.md
The TLS Termination Proxy would have access to one or more **TLS certificates** (HTTPS certificates). Using the **SNI extension** discussed above, the TLS Termination Proxy would check which of the TLS (HTTPS) certificates available it should use for this connection, using the one that matches the domain expected by the client. In this case, it would use the certificate for `someapp.example.com`. <img src="/img/deployment/https/https03.svg">
Registered: Sun Nov 03 07:19:11 UTC 2024 - Last Modified: Tue Aug 06 04:48:30 UTC 2024 - 12K bytes - Viewed (0) -
okhttp/src/main/kotlin/okhttp3/internal/tls/OkHostnameVerifier.kt
} } fun verify( host: String, certificate: X509Certificate, ): Boolean { return when { host.canParseAsIpAddress() -> verifyIpAddress(host, certificate) else -> verifyHostname(host, certificate) } } /** Returns true if [certificate] matches [ipAddress]. */ private fun verifyIpAddress( ipAddress: String, certificate: X509Certificate, ): Boolean {
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Apr 15 14:55:09 UTC 2024 - 7.7K bytes - Viewed (0) -
architecture/security/istio-agent.md
CSR, certificates are written to disk and mTLS is used for future requests. If the VM restarted, it would continue to use the certificates written to disk, assuming the downtime is less than certificate expiration. This is why the certificates are persisted to disk, rather than kept in memory like in the standard Kubernetes deployment. ## Certificate Rotation
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Jul 18 23:11:18 UTC 2024 - 7.2K bytes - Viewed (0) -
okhttp-testing-support/src/main/kotlin/okhttp3/FakeSSLSession.kt
} @Suppress("UNCHECKED_CAST") @Throws(SSLPeerUnverifiedException::class) override fun getPeerCertificates(): Array<Certificate> { return if (certificates.isEmpty()) { throw SSLPeerUnverifiedException("peer not authenticated") } else { certificates as Array<Certificate> } } @Throws( SSLPeerUnverifiedException::class, )
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 3.3K bytes - Viewed (0) -
okhttp-tls/src/test/java/okhttp3/tls/HeldCertificateTest.kt
val certificate = heldCertificate.certificate assertThat(certificate.getSubjectX500Principal().name, "self-signed") .isEqualTo(certificate.getIssuerX500Principal().name) assertThat(certificate.getIssuerX500Principal().name).matches(Regex("CN=[0-9a-f-]{36}")) assertThat(certificate.serialNumber).isEqualTo(BigInteger.ONE) assertThat(certificate.subjectAlternativeNames).isNull()
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Mon Jan 08 01:13:22 UTC 2024 - 22.5K bytes - Viewed (0) -
cmd/sts-handlers.go
// configured expiry and the duration until the certificate itself // expires. // We must not issue credentials that out-live the certificate. if validUntil := time.Until(certificate.NotAfter); validUntil < expiry { expiry = validUntil } // Associate any service accounts to the certificate CN parentUser := "tls" + getKeySeparator() + certificate.Subject.CommonName
Registered: Sun Nov 03 19:28:11 UTC 2024 - Last Modified: Thu Aug 15 01:29:20 UTC 2024 - 33.9K bytes - Viewed (0) -
samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java
+ "0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB\n" + "NVOFBkpdn627G190\n" + "-----END CERTIFICATE-----\n"); final X509Certificate entrustRootCertificateAuthority = Certificates.decodeCertificatePem("" + "-----BEGIN CERTIFICATE-----\n" + "MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC\n"
Registered: Fri Nov 01 11:42:11 UTC 2024 - Last Modified: Thu Aug 12 07:26:27 UTC 2021 - 9.3K bytes - Viewed (0)