Loading doc/ssl/SSL_CTX_set_ct_validation_callback.pod +9 −9 Original line number Diff line number Diff line Loading @@ -11,21 +11,21 @@ control Certificate Transparency policy #include <openssl/ssl.h> int SSL_ct_enable(SSL *s, int validation_mode); int SSL_CTX_ct_enable(SSL_CTX *ctx, int validation_mode); int SSL_enable_ct(SSL *s, int validation_mode); int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, void *arg); int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg); void SSL_ct_disable(SSL *s); void SSL_CTX_ct_disable(SSL_CTX *ctx); void SSL_disable_ct(SSL *s); void SSL_CTX_disable_ct(SSL_CTX *ctx); int SSL_ct_is_enabled(const SSL *s); int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); =head1 DESCRIPTION SSL_ct_enable() and SSL_CTX_ct_enable() enable the processing of signed SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed certificate timestamps (SCTs) either for a given SSL connection or for all connections that share the given SSL context, respectively. This is accomplished by setting a built-in CT validation callback. Loading Loading @@ -84,12 +84,12 @@ Clients that require SCTs are expected to not have enabled any aNULL ciphers nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA records. SSL_ct_disable() and SSL_CTX_ct_disable() turn off CT processing, whether SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether enabled via the built-in or the custom callbacks, by setting a NULL callback. These may be implemented as macros. SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is enabled via either SSL_ct_enable() or a non-null custom callback, and 0 enabled via either SSL_enable_ct() or a non-null custom callback, and 0 otherwise. =head1 NOTES Loading @@ -105,13 +105,13 @@ extensions (B<TLSEXT_TYPE_signed_certificate_timestamp>). =head1 RETURN VALUES SSL_ct_enable(), SSL_CTX_ct_enable(), SSL_CTX_set_ct_validation_callback() and SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and SSL_set_ct_validation_callback() return 1 if the B<callback> is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs. SSL_ct_disable() and SSL_CTX_ct_disable() do not return a result. SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result. SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT validation callback is set, or 0 if no callback (or equivalently a NULL Loading Loading
doc/ssl/SSL_CTX_set_ct_validation_callback.pod +9 −9 Original line number Diff line number Diff line Loading @@ -11,21 +11,21 @@ control Certificate Transparency policy #include <openssl/ssl.h> int SSL_ct_enable(SSL *s, int validation_mode); int SSL_CTX_ct_enable(SSL_CTX *ctx, int validation_mode); int SSL_enable_ct(SSL *s, int validation_mode); int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, void *arg); int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, ssl_ct_validation_cb callback, void *arg); void SSL_ct_disable(SSL *s); void SSL_CTX_ct_disable(SSL_CTX *ctx); void SSL_disable_ct(SSL *s); void SSL_CTX_disable_ct(SSL_CTX *ctx); int SSL_ct_is_enabled(const SSL *s); int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); =head1 DESCRIPTION SSL_ct_enable() and SSL_CTX_ct_enable() enable the processing of signed SSL_enable_ct() and SSL_CTX_enable_ct() enable the processing of signed certificate timestamps (SCTs) either for a given SSL connection or for all connections that share the given SSL context, respectively. This is accomplished by setting a built-in CT validation callback. Loading Loading @@ -84,12 +84,12 @@ Clients that require SCTs are expected to not have enabled any aNULL ciphers nor to have specified server verification via DANE-TA(2) or DANE-EE(3) TLSA records. SSL_ct_disable() and SSL_CTX_ct_disable() turn off CT processing, whether SSL_disable_ct() and SSL_CTX_disable_ct() turn off CT processing, whether enabled via the built-in or the custom callbacks, by setting a NULL callback. These may be implemented as macros. SSL_ct_is_enabled() and SSL_CTX_ct_is_enabled() return 1 if CT processing is enabled via either SSL_ct_enable() or a non-null custom callback, and 0 enabled via either SSL_enable_ct() or a non-null custom callback, and 0 otherwise. =head1 NOTES Loading @@ -105,13 +105,13 @@ extensions (B<TLSEXT_TYPE_signed_certificate_timestamp>). =head1 RETURN VALUES SSL_ct_enable(), SSL_CTX_ct_enable(), SSL_CTX_set_ct_validation_callback() and SSL_enable_ct(), SSL_CTX_enable_ct(), SSL_CTX_set_ct_validation_callback() and SSL_set_ct_validation_callback() return 1 if the B<callback> is successfully set. They return 0 if an error occurs, e.g. a custom client extension handler has been setup to handle SCTs. SSL_ct_disable() and SSL_CTX_ct_disable() do not return a result. SSL_disable_ct() and SSL_CTX_disable_ct() do not return a result. SSL_CTX_ct_is_enabled() and SSL_ct_is_enabled() return a 1 if a non-null CT validation callback is set, or 0 if no callback (or equivalently a NULL Loading
Rich Salz <rsalz@openssl.org>Rich Salz <rsalz@openssl.org>