diff options
author | Rob Percival <robpercival@google.com> | 2016-09-08 16:02:46 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-11-15 16:12:41 -0500 |
commit | 1fa9ffd934429f140edcfbaf76d2f32cc21e449b (patch) | |
tree | 6fb2ae2a0d3e11febb094acc8e3df03621000ab1 /doc/man3/SCT_validate.pod | |
parent | 7b176a549ea374fc9b64c3fa7f0812239528b696 (diff) |
Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
Diffstat (limited to 'doc/man3/SCT_validate.pod')
-rw-r--r-- | doc/man3/SCT_validate.pod | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod index 98ae61822e..9868a282b5 100644 --- a/doc/man3/SCT_validate.pod +++ b/doc/man3/SCT_validate.pod @@ -54,9 +54,11 @@ status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG. If the SCT is of an unsupported version (only v1 is currently supported), the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION. -If the SCT's signature is incorrect, the validation status will be -SCT_VALIDATION_STATUS_INVALID. Otherwise, if all checks have passed, the -validation status will be SCT_VALIDATION_STATUS_VALID. +If the SCT's signature is incorrect, its timestamp is in the future (relative to +the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation +status will be SCT_VALIDATION_STATUS_INVALID. + +If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID. =head1 NOTES |