Home | History | Annotate | Download | only in cert

Lines Matching defs:trust

255   CERTCertTrust trust;
256   SECStatus srv = CERT_GetCertTrust(cert->os_cert_handle(), &trust);
262   // round-trip all possible NSS trust flag combinations.  We try to map them in
270       if ((trust.sslFlags & kCAFlags) == CERTDB_TERMINAL_RECORD)
272       else if (trust.sslFlags & kTrustedCA)
275       if ((trust.emailFlags & kCAFlags) == CERTDB_TERMINAL_RECORD)
277       else if (trust.emailFlags & kTrustedCA)
280       if ((trust.objectSigningFlags & kCAFlags) == CERTDB_TERMINAL_RECORD)
282       else if (trust.objectSigningFlags & kTrustedCA)
288       if (trust.sslFlags & CERTDB_TERMINAL_RECORD) {
289         if (trust.sslFlags & CERTDB_TRUSTED)
307   // The CERTCertTrust structure contains three trust records:
309   // trust records are independent of each other.
311   // If the CERTDB_TERMINAL_RECORD bit in a trust record is set,
312   // then that trust record is a terminal record.  A terminal
313   // record is used for explicit trust and distrust of an
320   // set, then the terminal record means explicit trust.
322   // For a root CA, the trust record does not have
339   // Self-signed certificates that don't have any trust bits set are untrusted.
340   // Other certificates that don't have any trust bits set may still be trusted
341   // if they chain up to a trust anchor.