1CTLOG_STORE_NEW(3)                  OpenSSL                 CTLOG_STORE_NEW(3)
2
3
4

NAME

6       CTLOG_STORE_new, CTLOG_STORE_free, CTLOG_STORE_load_default_file,
7       CTLOG_STORE_load_file - Create and populate a Certificate Transparency
8       log list
9

SYNOPSIS

11        #include <openssl/ct.h>
12
13        CTLOG_STORE *CTLOG_STORE_new(void);
14        void CTLOG_STORE_free(CTLOG_STORE *store);
15
16        int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
17        int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
18

DESCRIPTION

20       A CTLOG_STORE is a container for a list of CTLOGs (Certificate
21       Transparency logs). The list can be loaded from one or more files and
22       then searched by LogID (see RFC 6962, Section 3.2, for the definition
23       of a LogID).
24
25       CTLOG_STORE_new() creates an empty list of CT logs. This is then
26       populated by CTLOG_STORE_load_default_file() or
27       CTLOG_STORE_load_file().  CTLOG_STORE_load_default_file() loads from
28       the default file, which is named "ct_log_list.cnf" in OPENSSLDIR (see
29       the output of version). This can be overridden using an environment
30       variable named "CTLOG_FILE".  CTLOG_STORE_load_file() loads from a
31       caller-specified file path instead.  Both of these functions append any
32       loaded CT logs to the CTLOG_STORE.
33
34       The expected format of the file is:
35
36        enabled_logs=foo,bar
37
38        [foo]
39        description = Log 1
40        key = <base64-encoded DER SubjectPublicKeyInfo here>
41
42        [bar]
43        description = Log 2
44        key = <base64-encoded DER SubjectPublicKeyInfo here>
45
46       Once a CTLOG_STORE is no longer required, it should be passed to
47       CTLOG_STORE_free(). This will delete all of the CTLOGs stored within,
48       along with the CTLOG_STORE itself.
49

NOTES

51       If there are any invalid CT logs in a file, they are skipped and the
52       remaining valid logs will still be added to the CTLOG_STORE. A CT log
53       will be considered invalid if it is missing a "key" or "description"
54       field.
55

RETURN VALUES

57       Both CTLOG_STORE_load_default_file and CTLOG_STORE_load_file return 1
58       if all CT logs in the file are successfully parsed and loaded, 0
59       otherwise.
60

SEE ALSO

62       ct(7), CTLOG_STORE_get0_log_by_id(3), SSL_CTX_set_ctlog_list_file(3)
63

HISTORY

65       These functions were added in OpenSSL 1.1.0.
66
68       Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
69
70       Licensed under the OpenSSL license (the "License").  You may not use
71       this file except in compliance with the License.  You can obtain a copy
72       in the file LICENSE in the source distribution or at
73       <https://www.openssl.org/source/license.html>.
74
75
76
771.1.1i                            2021-01-26                CTLOG_STORE_NEW(3)
Impressum