* Disable CT validation by default, because it will interfere with
* anything using custom extension handlers to deal with SCT extensions.
*/
- ct_validation_cb ct_validation = NULL;
+ int ct_validation = 0;
#endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
}
#ifndef OPENSSL_NO_CT
else if (strcmp(*argv, "-noct") == 0) {
- ct_validation = NULL;
+ ct_validation = 0;
}
- else if (strcmp(*argv, "-requestct") == 0) {
- ct_validation = CT_verify_no_bad_scts;
- }
- else if (strcmp(*argv, "-requirect") == 0) {
- ct_validation = CT_verify_at_least_one_good_sct;
+ else if (strcmp(*argv, "-ct") == 0) {
+ ct_validation = 1;
}
#endif
#ifndef OPENSSL_NO_COMP
}
#ifndef OPENSSL_NO_CT
- if (!SSL_CTX_set_ct_validation_callback(c_ctx, ct_validation, NULL)) {
+ if (ct_validation &&
+ !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
ERR_print_errors(bio_err);
goto end;
}