Adds CT validation to SSL connections

Disabled by default, but can be enabled by setting the ct_validation_callback on a SSL or SSL_CTX. Reviewed-by: Ben Laurie <ben@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Rob Percival <robpercival@google.com> 2016-03-03 16:19:23 +0000
committer: Rich Salz <rsalz@openssl.org> 2016-03-04 10:50:10 -0500
commit: ed29e82adeea9d2ee89aeadf5646d4d1350a6855 (patch)
tree: ce8d5a9b580ad20efb4ebe51a20900e1e4c95c2d /test
parent: ddb4c0477af623fcad3e6709640729e82693a4c9 (diff)
download: openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.zip
openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.tar.gz
openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/test/ssltest.c b/test/ssltest.c
index b5d44a0..f65358a 100644
--- a/test/ssltest.c
+++ b/test/ssltest.c
@@ -1586,8 +1586,10 @@ int main(int argc, char *argv[])
 
     if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
         (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+        (!SSL_CTX_set_default_ctlog_list_file(s_ctx)) ||
         (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(c_ctx))) {
+        (!SSL_CTX_set_default_verify_paths(c_ctx)) ||
+        (!SSL_CTX_set_default_ctlog_list_file(c_ctx))) {
         /* fprintf(stderr,"SSL_load_verify_locations\n"); */
         ERR_print_errors(bio_err);
         /* goto end; */
author	Rob Percival <robpercival@google.com>	2016-03-03 16:19:23 +0000
committer	Rich Salz <rsalz@openssl.org>	2016-03-04 10:50:10 -0500
commit	ed29e82adeea9d2ee89aeadf5646d4d1350a6855 (patch)
tree	ce8d5a9b580ad20efb4ebe51a20900e1e4c95c2d /test
parent	ddb4c0477af623fcad3e6709640729e82693a4c9 (diff)
download	openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.zip openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.tar.gz openssl-ed29e82adeea9d2ee89aeadf5646d4d1350a6855.tar.bz2