projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed #3020 -- set entry type on SCTs from X.509 and OCSP extensions
[openssl.git] / crypto / ct / ct_locl.h
diff --git a/crypto/ct/ct_locl.h b/crypto/ct/ct_locl.h
index 4b5e344191df1599da96dca6c3c6c8e2f0e7b573..9f983c91beae422eac6994d1608e536c5b894f9e 100644 (file)
--- a/crypto/ct/ct_locl.h
+++ b/crypto/ct/ct_locl.h
@@ -155,10 +155,11 @@ __owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 __owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
 
 /*
- * Sets the current time, in milliseconds since the Unix epoch.
- * The timestamp of the SCT will be compared to this, to check that it was not
- * issued in the future. RFC6962 states that "TLS clients MUST reject SCTs whose
- * timestamp is in the future", so SCT verification will fail in this case.
+ * Sets the time to evaluate the SCT against, in milliseconds since the Unix
+ * epoch. If the SCT's timestamp is after this time, it will be interpreted as
+ * having been issued in the future. RFC6962 states that "TLS clients MUST
+ * reject SCTs whose timestamp is in the future", so an SCT will not validate
+ * in this case.
  */
 void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
 
Unnamed repository; edit this file 'description' to name the repository.