summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.362
1 files changed, 33 insertions, 29 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
index 84d916e9a7675..59be2ec7190c3 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set_ct_validation_callback.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_SET_CT_VALIDATION_CALLBACK 3"
-.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET_CT_VALIDATION_CALLBACK 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -158,7 +162,7 @@ ssl_ct_validation_cb, SSL_enable_ct, SSL_CTX_enable_ct, SSL_disable_ct, SSL_CTX_
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_enable_ct()\fR and \fISSL_CTX_enable_ct()\fR enable the processing of signed
+\&\fBSSL_enable_ct()\fR and \fBSSL_CTX_enable_ct()\fR enable the processing of signed
certificate timestamps (SCTs) either for a given \s-1SSL\s0 connection or for all
connections that share the given \s-1SSL\s0 context, respectively.
This is accomplished by setting a built-in \s-1CT\s0 validation callback.
@@ -174,10 +178,10 @@ despite lack of valid SCTs.
However, in that case if the verification status before the built-in callback
was \fBX509_V_OK\fR it will be set to \fBX509_V_ERR_NO_VALID_SCTS\fR after the
callback.
-Applications can call \fISSL_get_verify_result\fR\|(3) to check the status at
+Applications can call \fBSSL_get_verify_result\fR\|(3) to check the status at
handshake completion, even after session resumption since the verification
status is part of the saved session state.
-See \fISSL_set_verify\fR\|(3), <\fISSL_get_verify_result\fR\|(3)>, \fISSL_session_reused\fR\|(3).
+See \fBSSL_set_verify\fR\|(3), <\fBSSL_get_verify_result\fR\|(3)>, \fBSSL_session_reused\fR\|(3).
.PP
If \fBvalidation_mode\fR is equal to \fB\s-1SSL_CT_VALIDATION_PERMISSIVE\s0\fR, then the
handshake continues, and the verification status is not modified, regardless of
@@ -190,7 +194,7 @@ Therefore, in applications that delay \s-1SCT\s0 policy enforcement until after
handshake completion, such delayed \s-1SCT\s0 checks should only be performed when the
session is not resumed.
.PP
-\&\fISSL_set_ct_validation_callback()\fR and \fISSL_CTX_set_ct_validation_callback()\fR
+\&\fBSSL_set_ct_validation_callback()\fR and \fBSSL_CTX_set_ct_validation_callback()\fR
register a custom callback that may implement a different policy than either of
the above.
This callback can examine the peer's SCTs and determine whether they are
@@ -211,25 +215,25 @@ employing an anonymous (aNULL) cipher suite.
In that case the handshake continues as it would had no callback been
requested.
Callbacks are also not invoked when the peer certificate chain is invalid or
-validated via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509
+validated via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records which use a private X.509
\&\s-1PKI,\s0 or no X.509 \s-1PKI\s0 at all, respectively.
Clients that require SCTs are expected to not have enabled any aNULL ciphers
-nor to have specified server verification via \s-1\fIDANE\-TA\s0\fR\|(2) or \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
+nor to have specified server verification via \s-1\fBDANE\-TA\s0\fR\|(2) or \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
records.
.PP
-\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether
+\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR turn off \s-1CT\s0 processing, whether
enabled via the built-in or the custom callbacks, by setting a \s-1NULL\s0 callback.
These may be implemented as macros.
.PP
-\&\fISSL_ct_is_enabled()\fR and \fISSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is
-enabled via either \fISSL_enable_ct()\fR or a non-null custom callback, and 0
+\&\fBSSL_ct_is_enabled()\fR and \fBSSL_CTX_ct_is_enabled()\fR return 1 if \s-1CT\s0 processing is
+enabled via either \fBSSL_enable_ct()\fR or a non-null custom callback, and 0
otherwise.
.SH "NOTES"
.IX Header "NOTES"
When \s-1SCT\s0 processing is enabled, \s-1OCSP\s0 stapling will be enabled. This is because
one possible source of SCTs is the \s-1OCSP\s0 response from a server.
.PP
-The time returned by \fISSL_SESSION_get_time()\fR will be used to evaluate whether any
+The time returned by \fBSSL_SESSION_get_time()\fR will be used to evaluate whether any
presented SCTs have timestamps that are in the future (and therefore invalid).
.SH "RESTRICTIONS"
.IX Header "RESTRICTIONS"
@@ -238,25 +242,25 @@ be set if a custom client extension handler has been registered to handle \s-1SC
extensions (\fBTLSEXT_TYPE_signed_certificate_timestamp\fR).
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_enable_ct()\fR, \fISSL_CTX_enable_ct()\fR, \fISSL_CTX_set_ct_validation_callback()\fR and
-\&\fISSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully
+\&\fBSSL_enable_ct()\fR, \fBSSL_CTX_enable_ct()\fR, \fBSSL_CTX_set_ct_validation_callback()\fR and
+\&\fBSSL_set_ct_validation_callback()\fR return 1 if the \fBcallback\fR is successfully
set.
They return 0 if an error occurs, e.g. a custom client extension handler has
been setup to handle SCTs.
.PP
-\&\fISSL_disable_ct()\fR and \fISSL_CTX_disable_ct()\fR do not return a result.
+\&\fBSSL_disable_ct()\fR and \fBSSL_CTX_disable_ct()\fR do not return a result.
.PP
-\&\fISSL_CTX_ct_is_enabled()\fR and \fISSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0
+\&\fBSSL_CTX_ct_is_enabled()\fR and \fBSSL_ct_is_enabled()\fR return a 1 if a non-null \s-1CT\s0
validation callback is set, or 0 if no callback (or equivalently a \s-1NULL\s0
callback) is set.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-<\fISSL_get_verify_result\fR\|(3)>,
-\&\fISSL_session_reused\fR\|(3),
-\&\fISSL_set_verify\fR\|(3),
-\&\fISSL_CTX_set_verify\fR\|(3),
-\&\fISSL_SESSION_get_time\fR\|(3)
+\&\fBssl\fR\|(7),
+<\fBSSL_get_verify_result\fR\|(3)>,
+\&\fBSSL_session_reused\fR\|(3),
+\&\fBSSL_set_verify\fR\|(3),
+\&\fBSSL_CTX_set_verify\fR\|(3),
+\&\fBSSL_SESSION_get_time\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2017 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:12:06 +0000