| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | ct - Certificate Transparency |
| 6 | |
| 7 | =head1 SYNOPSIS |
| 8 | |
| 9 | #include <openssl/ct.h> |
| 10 | |
| 11 | =head1 DESCRIPTION |
| 12 | |
| 13 | This library implements Certificate Transparency (CT) verification for TLS |
| 14 | clients, as defined in RFC 6962. This verification can provide some confidence |
| 15 | that a certificate has been publicly logged in a set of CT logs. |
| 16 | |
| 17 | By default, these checks are disabled. They can be enabled using |
| 18 | L<SSL_CTX_enable_ct(3)> or L<SSL_enable_ct(3)>. |
| 19 | |
| 20 | This library can also be used to parse and examine CT data structures, such as |
| 21 | Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are |
| 22 | functions for: |
| 23 | - decoding and encoding SCTs in DER and TLS wire format. |
| 24 | - printing SCTs. |
| 25 | - verifying the authenticity of SCTs. |
| 26 | - loading a CT log list from a CONF file. |
| 27 | |
| 28 | =head1 SEE ALSO |
| 29 | |
| 30 | L<d2i_SCT_LIST(3)>, |
| 31 | L<CTLOG_STORE_new(3)>, |
| 32 | L<CTLOG_STORE_get0_log_by_id(3)>, |
| 33 | L<SCT_new(3)>, |
| 34 | L<SCT_print(3)>, |
| 35 | L<SCT_validate(3)>, |
| 36 | L<SCT_validate(3)>, |
| 37 | L<CT_POLICY_EVAL_CTX_new(3)>, |
| 38 | L<SSL_CTX_set_ct_validation_callback(3)> |
| 39 | |
| 40 | =head1 HISTORY |
| 41 | |
| 42 | The ct library was added in OpenSSL 1.1.0. |
| 43 | |
| 44 | =head1 COPYRIGHT |
| 45 | |
| 46 | Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. |
| 47 | |
| 48 | Licensed under the OpenSSL license (the "License"). You may not use |
| 49 | this file except in compliance with the License. You can obtain a copy |
| 50 | in the file LICENSE in the source distribution or at |
| 51 | L<https://www.openssl.org/source/license.html>. |
| 52 | |
| 53 | =cut |