[openssl-dev] [openssl.org #4041] [PATCH] Add Certificate Transparency Support
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Sep 14 19:11:50 UTC 2015
On Mon, Sep 14, 2015 at 06:45:34PM +0000, Adam Eijdenberg wrote:
> Thanks for the feedback. This branch:
> https://github.com/aeijdenberg/openssl/tree/ct-on-steve-sct
>
> has a longer plausible series of commits. The PR submitted in this ticket
> helps form the base of that series.
>
> A README describing the proposed end state is here:
> https://github.com/aeijdenberg/openssl/blob/ct-on-steve-sct/crypto/ct/README.md
Thanks, that is very helpful. It is much easier to understand the
new code when one knows where it is heading...
One question on the overall integration. What adjustments if any
might need to be made to existing servers that are not "CT-aware"?
If a CA starts issuing certificates with CT-related extensions,
will a server need new code to interoperate with CT-aware clients?
Basically, what does "openssl s_server -serverinfo ..." do, and
does it become necessary to update server applications to do the
same? The README talks about the client API, but not much about
the server API.
--
Viktor.
More information about the openssl-dev
mailing list