diff options
| author | Rich Salz <rsalz@openssl.org> | 2017-04-07 13:37:47 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@openssl.org> | 2017-04-07 13:48:19 -0400 |
| commit | 2f61bc2ea306c059d8b00ddf32025a0b30346d8f (patch) | |
| tree | 37d891e35a268a1a1e0e174d04c0d55ad0b0ab8b /doc/man3/CT_POLICY_EVAL_CTX_new.pod | |
| parent | e1271ac2212f7cde14df478558bfaae2834fa09e (diff) | |
Use 'over 2' for bullet lists.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3117)
Diffstat (limited to 'doc/man3/CT_POLICY_EVAL_CTX_new.pod')
| -rw-r--r-- | doc/man3/CT_POLICY_EVAL_CTX_new.pod | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/doc/man3/CT_POLICY_EVAL_CTX_new.pod b/doc/man3/CT_POLICY_EVAL_CTX_new.pod index 7839fd393a..4d0cae3bbf 100644 --- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod +++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod @@ -32,15 +32,23 @@ This policy may be, for example, that at least one valid SCT is available. To determine this, an SCT's timestamp and signature must be verified. This requires: -=over 4 +=over 2 -=item * the public key of the log that issued the SCT +=item * -=item * the certificate that the SCT was issued for +the public key of the log that issued the SCT -=item * the issuer certificate (if the SCT was issued for a pre-certificate) +=item * -=item * the current time +the certificate that the SCT was issued for + +=item * + +the issuer certificate (if the SCT was issued for a pre-certificate) + +=item * + +the current time =back @@ -49,22 +57,30 @@ The above requirements are met using the setters described below. CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This should then be populated using: -=over 4 +=over 2 -=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for +=item * + +CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for Increments the reference count of the certificate. -=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate +=item * + +CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate Increments the reference count of the certificate. -=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs +=item * + +CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the CT_POLICY_EVAL_CTX. -=item * CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid +=item * + +CT_POLICY_EVAL_CTX_set_time() to set the time SCTs should be compared with to determine if they are valid The SCT timestamp will be compared to this time to check whether the SCT was issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose |