diff options
author | Rob Percival <robpercival@google.com> | 2016-03-10 18:17:23 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-10 14:53:04 -0500 |
commit | 8359b57f27bbc320c3c08035917d829b303ea850 (patch) | |
tree | 0a63789a4ffb5b5562a5d5716d9dd502f877eff7 /include | |
parent | f0667b1430bac3b8c9c5b76985ad24cf9b13a0a9 (diff) |
check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors
In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.
Improved documentation for some CT functions in openssl/ssl.h.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ct.h | 30 | ||||
-rw-r--r-- | include/openssl/ssl.h | 32 |
2 files changed, 37 insertions, 25 deletions
diff --git a/include/openssl/ct.h b/include/openssl/ct.h index b2213d18c5..553f82fa2f 100644 --- a/include/openssl/ct.h +++ b/include/openssl/ct.h @@ -223,13 +223,6 @@ __owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len); /* - * Gets the name of the log that an SCT came from. - * Ownership of the log name remains with the SCT. - * Returns the log name, or NULL if it is not known. - */ -const char *SCT_get0_log_name(const SCT *sct); - -/* * Returns the timestamp for the SCT (epoch time in milliseconds). */ uint64_t SCT_get_timestamp(const SCT *sct); @@ -307,32 +300,23 @@ sct_source_t SCT_get_source(const SCT *sct); __owur int SCT_set_source(SCT *sct, sct_source_t source); /* - * Gets information about the log the SCT came from, if set. - */ -const CTLOG *SCT_get0_log(const SCT *sct); - -/* - * Looks up information about the log the SCT came from using a CT log store. - * The CTLOG_STORE must outlive the SCT, as ownership of the CTLOG remains with - * the CTLOG_STORE. - * Returns 1 if information about the log is found, 0 otherwise. - * The information can be accessed via SCT_get0_log. - */ -int SCT_set0_log(SCT *sct, const CTLOG_STORE* ct_logs); - -/* * Pretty-prints an |sct| to |out|. * It will be indented by the number of spaces specified by |indent|. + * If |log| is not NULL: + * - it should be the CT log that the SCT came from. + * - its name will be printed. */ -void SCT_print(const SCT *sct, BIO *out, int indent); +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG *log); /* * Pretty-prints an |sct_list| to |out|. * It will be indented by the number of spaces specified by |indent|. * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. */ void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, - const char *separator); + const char *separator, const CTLOG_STORE *logs); /* * Verifies an SCT with the given context. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 8b8908e781..e19a791a4d 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1932,11 +1932,39 @@ __owur ct_validation_cb SSL_CTX_get_ct_validation_callback(const SSL_CTX *ctx); /* Gets the SCTs received from a connection */ const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); -/* Load the CT log list from the default location */ +/* + * Loads the CT log list from the default location. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); -/* Load the CT log list from the specified file path */ + +/* + * Loads the CT log list from the specified file path. + * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, + * the log information loaded from this file will be appended to the + * CTLOG_STORE. + * Returns 1 on success, 0 otherwise. + */ int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +/* + * Sets the CT log list used by all SSL connections created from this SSL_CTX. + * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. + */ +void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); + +/* + * Gets the CT log list used by all SSL connections created from this SSL_CTX. + * This will be NULL unless one of the following functions has been called: + * - SSL_CTX_set_default_ctlog_list_file + * - SSL_CTX_set_ctlog_list_file + * - SSL_CTX_set_ctlog_store + */ +const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); + # endif /* OPENSSL_NO_CT */ /* What the "other" parameter contains in security callback */ |