提交 8b12a3e7 编写于 作者: R Rob Percival 提交者: Matt Caswell

Remove unnecessary bold tags in CT pods

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 b4a98616
...@@ -20,7 +20,7 @@ A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency ...@@ -20,7 +20,7 @@ A Signed Certificate Timestamp (SCT) identifies the Certificate Transparency
Therefore, it is useful to be able to look up more information about a log Therefore, it is useful to be able to look up more information about a log
(e.g. its public key) using this LogID. (e.g. its public key) using this LogID.
B<CTLOG_STORE_get0_log_by_id>() provides a way to do this. It will find a CTLOG CTLOG_STORE_get0_log_by_id() provides a way to do this. It will find a CTLOG
in a CTLOG_STORE that has a given LogID. in a CTLOG_STORE that has a given LogID.
=head1 RETURN VALUES =head1 RETURN VALUES
......
...@@ -22,12 +22,12 @@ A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency ...@@ -22,12 +22,12 @@ A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
logs). The list can be loaded from one or more files and then searched by LogID logs). The list can be loaded from one or more files and then searched by LogID
(see RFC 6962, Section 3.2, for the definition of a LogID). (see RFC 6962, Section 3.2, for the definition of a LogID).
B<CTLOG_STORE_new>() creates an empty list of CT logs. This is then populated CTLOG_STORE_new() creates an empty list of CT logs. This is then populated
by B<CTLOG_STORE_load_default_file>() or B<CTLOG_STORE_load_file>(). by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file().
B<CTLOG_STORE_load_default_file>() loads from the default file, which is named CTLOG_STORE_load_default_file() loads from the default file, which is named
"ct_log_list.cnf" in the OpenSSL install directory. This can be overridden using "ct_log_list.cnf" in the OpenSSL install directory. This can be overridden using
an environment variable named "CTLOG_FILE". an environment variable named "CTLOG_FILE".
B<CTLOG_STORE_load_file>() loads from a caller-specified file path instead. CTLOG_STORE_load_file() loads from a caller-specified file path instead.
Both of these functions append any loaded CT logs to the CTLOG_STORE. Both of these functions append any loaded CT logs to the CTLOG_STORE.
The expected format of the file is: The expected format of the file is:
...@@ -43,7 +43,7 @@ The expected format of the file is: ...@@ -43,7 +43,7 @@ The expected format of the file is:
key = <base64-encoded public key here> key = <base64-encoded public key here>
Once a CTLOG_STORE is no longer required, it should be passed to Once a CTLOG_STORE is no longer required, it should be passed to
B<CTLOG_STORE_free>(). This will delete all of the CTLOGs stored within, along CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
with the CTLOG_STORE itself. with the CTLOG_STORE itself.
=head1 NOTES =head1 NOTES
......
...@@ -37,16 +37,16 @@ determine this, an SCT's signature must be verified. This requires: ...@@ -37,16 +37,16 @@ determine this, an SCT's signature must be verified. This requires:
The above requirements are met using the setters described below. The above requirements are met using the setters described below.
B<CT_POLICY_EVAL_CTX_new>() creates an empty policy evaluation context. This CT_POLICY_EVAL_CTX_new() creates an empty policy evaluation context. This
should then be populated using: should then be populated using:
=over =over
=item * B<CT_POLICY_EVAL_CTX_set0_cert>() to provide the certificate the SCTs were issued for =item * CT_POLICY_EVAL_CTX_set0_cert() to provide the certificate the SCTs were issued for
=item * B<CT_POLICY_EVAL_CTX_set0_issuer>() to provide the issuer certificate =item * CT_POLICY_EVAL_CTX_set0_issuer() to provide the issuer certificate
=item * B<CT_POLICY_EVAL_CTX_set0_log_store>() to provide a list of logs that are trusted as sources of SCTs =item * CT_POLICY_EVAL_CTX_set0_log_store() to provide a list of logs that are trusted as sources of SCTs
=back =back
...@@ -55,7 +55,7 @@ Each setter has a matching getter for accessing the current value. ...@@ -55,7 +55,7 @@ Each setter has a matching getter for accessing the current value.
The getters do not transfer ownership either. The getters do not transfer ownership either.
When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to
B<CT_POLICY_EVAL_CTX_free>() to delete it. CT_POLICY_EVAL_CTX_free() to delete it.
=head1 NOTES =head1 NOTES
...@@ -66,7 +66,7 @@ found in the TLS SCT extension or OCSP response. ...@@ -66,7 +66,7 @@ found in the TLS SCT extension or OCSP response.
=head1 RETURN VALUES =head1 RETURN VALUES
B<CT_POLICY_EVAL_CTX_new>() will return NULL if malloc fails. CT_POLICY_EVAL_CTX_new() will return NULL if malloc fails.
=head1 SEE ALSO =head1 SEE ALSO
......
...@@ -54,41 +54,41 @@ record a certificate. By cryptographically verifying that a log did indeed issue ...@@ -54,41 +54,41 @@ record a certificate. By cryptographically verifying that a log did indeed issue
an SCT, some confidence can be gained that the certificate is publicly known. an SCT, some confidence can be gained that the certificate is publicly known.
An internal representation of an SCT can be created in one of two ways. An internal representation of an SCT can be created in one of two ways.
The first option is to create a blank SCT, using B<SCT_new>(), and then populate The first option is to create a blank SCT, using SCT_new(), and then populate
it using: it using:
=over =over
=item * B<SCT_set_version>() to set the SCT version. =item * SCT_set_version() to set the SCT version.
Only SCT_VERSION_V1 is currently supported. Only SCT_VERSION_V1 is currently supported.
=item * B<SCT_set_log_entry_type>() to set the type of certificate the SCT was issued for: =item * SCT_set_log_entry_type() to set the type of certificate the SCT was issued for:
B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate. B<CT_LOG_ENTRY_TYPE_X509> for a normal certificate.
B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate. B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
=item * B<SCT_set0_log_id>() or B<SCT_set1_log_id>() to set the LogID of the CT log that the SCT came from. =item * SCT_set0_log_id() or SCT_set1_log_id() to set the LogID of the CT log that the SCT came from.
The former takes ownership, whereas the latter makes a copy. The former takes ownership, whereas the latter makes a copy.
See RFC 6962, Section 3.2 for the definition of LogID. See RFC 6962, Section 3.2 for the definition of LogID.
=item * B<SCT_set_timestamp>() to set the time the SCT was issued (epoch time in milliseconds). =item * SCT_set_timestamp() to set the time the SCT was issued (epoch time in milliseconds).
=item * B<SCT_set_signature_nid>() to set the NID of the signature. =item * SCT_set_signature_nid() to set the NID of the signature.
=item * B<SCT_set0_signature>() or B<SCT_set1_signature>() to set the signature itself. =item * SCT_set0_signature() or SCT_set1_signature() to set the raw signature value.
The former takes ownership, whereas the latter makes a copy. The former takes ownership, whereas the latter makes a copy.
=item * B<SCT_set0_extensions>() or B<SCT_set1_extensions> to provide SCT extensions. =item * SCT_set0_extensions() or B<SCT_set1_extensions> to provide SCT extensions.
The former takes ownership, whereas the latter makes a copy. The former takes ownership, whereas the latter makes a copy.
=back =back
Alternatively, the SCT can be pre-populated from the following data using Alternatively, the SCT can be pre-populated from the following data using
B<SCT_new_from_base64>(): SCT_new_from_base64():
=over =over
...@@ -109,7 +109,7 @@ B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate. ...@@ -109,7 +109,7 @@ B<CT_LOG_ENTRY_TYPE_PRECERT> for a pre-certificate.
=back =back
B<SCT_set_source>() can be used to record where the SCT was found SCT_set_source() can be used to record where the SCT was found
(TLS extension, X.509 certificate extension or OCSP response). This is not (TLS extension, X.509 certificate extension or OCSP response). This is not
required for verifying the SCT. required for verifying the SCT.
...@@ -121,20 +121,20 @@ success, 0 on failure. They will not make changes on failure. ...@@ -121,20 +121,20 @@ success, 0 on failure. They will not make changes on failure.
Most of the setters will reset the validation status of the SCT to Most of the setters will reset the validation status of the SCT to
SCT_VALIDATION_STATUS_NOT_SET (see L<SCT_verify(3)>). SCT_VALIDATION_STATUS_NOT_SET (see L<SCT_verify(3)>).
B<SCT_set_source>() will call B<SCT_set_log_entry_type>() if the type of SCT_set_source() will call SCT_set_log_entry_type() if the type of
certificate the SCT was issued for can be inferred from where the SCT was found. certificate the SCT was issued for can be inferred from where the SCT was found.
For example, an SCT found in an X.509 extension must have been issued for a pre- For example, an SCT found in an X.509 extension must have been issued for a pre-
certificate. certificate.
B<SCT_set_source>() will not refuse unknown values. SCT_set_source() will not refuse unknown values.
=head1 RETURN VALUES =head1 RETURN VALUES
B<SCT_set_version>() returns 1 if the specified version is supported, 0 otherwise. SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.
B<SCT_set_log_entry_type>() returns 1 if the specified log entry type is supported, 0 otherwise. SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.
B<SCT_set0_log_id>() and B<SCT_set1_log_id> return 1 if the specified LogID is a SCT_set0_log_id() and B<SCT_set1_log_id> return 1 if the specified LogID is a
valid SHA-256 hash, 0 otherwise. Aditionally, B<SCT_set1_log_id> returns 0 if valid SHA-256 hash, 0 otherwise. Aditionally, B<SCT_set1_log_id> returns 0 if
malloc fails. malloc fails.
......
...@@ -16,8 +16,8 @@ Prints Signed Certificate Timestamps in a human-readable way ...@@ -16,8 +16,8 @@ Prints Signed Certificate Timestamps in a human-readable way
=head1 DESCRIPTION =head1 DESCRIPTION
B<SCT_print> prints a single Signed Certificate Timestamp (SCT) to a L<bio> in SCT_print() prints a single Signed Certificate Timestamp (SCT) to a L<bio> in
a human-readable format. B<SCT_LIST_print> prints an entire list of SCTs in a a human-readable format. SCT_LIST_print() prints an entire list of SCTs in a
similar way. A separator can be specified to delimit each SCT in the output. similar way. A separator can be specified to delimit each SCT in the output.
The output can be indented by a specified number of spaces. If a B<CTLOG_STORE> The output can be indented by a specified number of spaces. If a B<CTLOG_STORE>
...@@ -26,8 +26,8 @@ each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed ...@@ -26,8 +26,8 @@ each SCT (if that log is in the CTLOG_STORE). Alternatively, NULL can be passed
as the CTLOG_STORE parameter to disable this feature. as the CTLOG_STORE parameter to disable this feature.
B<SCT_validation_status_string> will return the validation status of an SCT as B<SCT_validation_status_string> will return the validation status of an SCT as
a human-readable string. Call L<SCT_validate> or B<SCT_LIST_validate> beforehand a human-readable string. Call L<SCT_validate>() or SCT_LIST_validate()
in order to set the validation status of an SCT first. beforehand in order to set the validation status of an SCT first.
=head1 SEE ALSO =head1 SEE ALSO
......
...@@ -15,7 +15,7 @@ clients, as defined in RFC 6962. This verification can provide some confidence ...@@ -15,7 +15,7 @@ clients, as defined in RFC 6962. This verification can provide some confidence
that a certificate has been publicly logged in a set of CT logs. that a certificate has been publicly logged in a set of CT logs.
By default, these checks are disabled. They can be enabled using By default, these checks are disabled. They can be enabled using
B<SSL_CTX_ct_enable>() or B<SSL_ct_enable>(). SSL_CTX_ct_enable() or SSL_ct_enable().
This library can also be used to parse and examine CT data structures, such as This library can also be used to parse and examine CT data structures, such as
Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are Signed Certificate Timestamps (SCTs), or to read a list of CT logs. There are
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册