void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx,
CTLOG_STORE *log_store);
-/*
- * A callback for verifying that the received SCTs are sufficient.
- * Expected to return 1 if they are sufficient, otherwise 0.
- * May return a negative integer if an error occurs.
- * A connection should be aborted if the SCTs are deemed insufficient.
- */
-typedef int(*ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
- const STACK_OF(SCT) *scts, void *arg);
-/* Returns 0 if there are invalid SCTs */
-int CT_verify_no_bad_scts(const CT_POLICY_EVAL_CTX *ctx,
- const STACK_OF(SCT) *scts, void *arg);
-/* Returns 0 if there are invalid SCTS or fewer than one valid SCT */
-int CT_verify_at_least_one_good_sct(const CT_POLICY_EVAL_CTX *ctx,
- const STACK_OF(SCT) *scts, void *arg);
-
/*****************
* SCT functions *
*****************/
*/
__owur int SCT_set_source(SCT *sct, sct_source_t source);
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
/*
* Pretty-prints an |sct| to |out|.
* It will be indented by the number of spaces specified by |indent|.
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
- * that "*pp" is large enough to accept all of the serialized data.
+ * that "*pp" is large enough to accept all of the serializied data.
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
* for data that caller is responsible for freeing (only if function returns
* successfully).
* If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
- * that "*pp" is large enough to accept all of the serialized data.
+ * that "*pp" is large enough to accept all of the serializied data.
* Returns < 0 on error, >= 0 indicating bytes written (or would have been)
* on success.
*/
* Parses an SCT in TLS format and returns it.
* If |psct| is not null, it will end up pointing to the parsed SCT. If it
* already points to a non-null pointer, the pointer will be free'd.
- * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| should be a pointer to a string contianing the TLS-format SCT.
* |in| will be advanced to the end of the SCT if parsing succeeds.
* |len| should be the length of the SCT in |in|.
* Returns NULL if an error occurs.
/*
* Parses an SCT signature in TLS format and populates the |sct| with it.
-* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| should be a pointer to a string contianing the TLS-format signature.
* |in| will be advanced to the end of the signature if parsing succeeds.
* |len| should be the length of the signature in |in|.
* Returns the number of bytes parsed, or a negative integer if an error occurs.
# define CT_F_CT_POLICY_EVAL_CTX_SET0_ISSUER 135
# define CT_F_CT_POLICY_EVAL_CTX_SET0_LOG_STORE 136
# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125
-# define CT_F_CT_VERIFY_AT_LEAST_ONE_GOOD_SCT 137
-# define CT_F_CT_VERIFY_NO_BAD_SCTS 138
# define CT_F_D2I_SCT_LIST 105
# define CT_F_I2D_SCT_LIST 106
# define CT_F_I2O_SCT 107