'make update' after objects/objects.txt update.
[openssl.git] / doc / man3 / SCT_validate.pod
index 9868a282b55bda31f73af0af5f5a842e3fb809df..fa7e2a8ba2cc20542f8810c9d15c88bcb7f42f3a 100644 (file)
@@ -10,12 +10,12 @@ checks Signed Certificate Timestamps (SCTs) are valid
  #include <openssl/ct.h>
 
  typedef enum {
-  SCT_VALIDATION_STATUS_NOT_SET,
-  SCT_VALIDATION_STATUS_UNKNOWN_LOG,
-  SCT_VALIDATION_STATUS_VALID,
-  SCT_VALIDATION_STATUS_INVALID,
-  SCT_VALIDATION_STATUS_UNVERIFIED,
-  SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+     SCT_VALIDATION_STATUS_NOT_SET,
+     SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+     SCT_VALIDATION_STATUS_VALID,
+     SCT_VALIDATION_STATUS_INVALID,
+     SCT_VALIDATION_STATUS_UNVERIFIED,
+     SCT_VALIDATION_STATUS_UNKNOWN_VERSION
  } sct_validation_status_t;
 
  int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
@@ -31,20 +31,26 @@ SCT_get_validation_status().
 
 A CT_POLICY_EVAL_CTX must be provided that specifies:
 
-=over
+=over 2
 
-=item * The certificate the SCT was issued for.
+=item *
+
+The certificate the SCT was issued for.
 
 Failure to provide the certificate will result in the validation status being
 SCT_VALIDATION_STATUS_UNVERIFIED.
 
-=item * The issuer of that certificate.
+=item *
+
+The issuer of that certificate.
 
 This is only required if the SCT was issued for a pre-certificate
 (see RFC 6962). If it is required but not provided, the validation status will
 be SCT_VALIDATION_STATUS_UNVERIFIED.
 
-=item * A CTLOG_STORE that contains the CT log that issued this SCT.
+=item *
+
+A CTLOG_STORE that contains the CT log that issued this SCT.
 
 If the SCT was issued by a log that is not in this CTLOG_STORE, the validation
 status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.