SCT_VALIDATE - Online Linux Manual PageSection : 3
Updated : 2021-03-26
Source : 1.1.1k
Note : OpenSSL

NAMESCT_validate, SCT_LIST_validate, SCT_get_validation_status − checks Signed Certificate Timestamps (SCTs) are valid

SYNOPSIS​ #include <openssl/ct.h> ​ ​ typedef enum { ​ SCT_VALIDATION_STATUS_NOT_SET, ​ SCT_VALIDATION_STATUS_UNKNOWN_LOG, ​ SCT_VALIDATION_STATUS_VALID, ​ SCT_VALIDATION_STATUS_INVALID, ​ SCT_VALIDATION_STATUS_UNVERIFIED, ​ SCT_VALIDATION_STATUS_UNKNOWN_VERSION ​ } sct_validation_status_t; ​ ​ int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); ​ int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx); ​ sct_validation_status_t SCT_get_validation_status(const SCT *sct);

DESCRIPTIONSCT_validate() will check that an SCT is valid and verify its signature. ​SCT_LIST_validate() performs the same checks on an entire stack of SCTs. The result of the validation checks can be obtained by passing the SCT to ​SCT_get_validation_status(). A CT_POLICY_EVAL_CTX must be provided that specifies: • The certificate the SCT was issued for. Failure to provide the certificate will result in the validation status being ​SCT_VALIDATION_STATUS_UNVERIFIED. • The issuer of that certificate. This is only required if the SCT was issued for a pre-certificate (see RFC 6962). If it is required but not provided, the validation status will be SCT_VALIDATION_STATUS_UNVERIFIED. • A CTLOG_STORE that contains the CT log that issued this SCT. If the SCT was issued by a log that is not in this CTLOG_STORE, the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG. If the SCT is of an unsupported version (only v1 is currently supported), the validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION. If the SCT's signature is incorrect, its timestamp is in the future (relative to the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation status will be SCT_VALIDATION_STATUS_INVALID. If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.

NOTESA return value of 0 from SCT_LIST_validate() should not be interpreted as a failure. At a minimum, only one valid SCT may provide sufficient confidence that a certificate has been publicly logged.

RETURN VALUESSCT_validate() returns a negative integer if an internal error occurs, 0 if the ​SCT fails validation, or 1 if the SCT passes validation. SCT_LIST_validate() returns a negative integer if an internal error occurs, 0 if any of SCTs fails validation, or 1 if they all pass validation. SCT_get_validation_status() returns the validation status of the SCT. If SCT_validate() or SCT_LIST_validate() have not been passed that SCT, the returned value will be SCT_VALIDATION_STATUS_NOT_SET.

SEE ALSOct(7)

HISTORYThese functions were added in OpenSSL 1.1.0.

COPYRIGHTCopyright 2016 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the License). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
0
Johanes Gumabo
Data Size   :   10,409 byte
man-SCT_validate.3sslBuild   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 171,917
Visitor ID   :     :  
Visitor IP   :   18.117.156.26   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.

ERROR : Need New Coding :         (parse_manual_page_|249|S___CT_get_validation_status.3ssl|36/37|el══─{─══.|.el══─{─══. ds -- \|\(em\| )         (htmlprn|149|S___CT_get_validation_status.3ssl|36/37|.el══─{─══. ds --  —  |.el══─{─══. ds -- \|\(em\| )         (parse_manual_page_|249|S___CT_get_validation_status.3ssl|43|br══─}─══|'br══─}─══ )         (htmlprn|149|S___CT_get_validation_status.3ssl|43|'br══─}─══ |'br══─}─══ )