]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - doc/man3/SCT_validate.pod
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check that SCT timestamps are not in the future
[thirdparty/openssl.git] / doc / man3 / SCT_validate.pod
diff --git a/doc/man3/SCT_validate.pod b/doc/man3/SCT_validate.pod
index 98ae61822e3f1ece47dea2bc3b7a1520a771f8ed..9868a282b55bda31f73af0af5f5a842e3fb809df 100644 (file)
--- a/doc/man3/SCT_validate.pod
+++ b/doc/man3/SCT_validate.pod
@@ -54,9 +54,11 @@ status will be SCT_VALIDATION_STATUS_UNKNOWN_LOG.
 If the SCT is of an unsupported version (only v1 is currently supported), the
 validation status will be SCT_VALIDATION_STATUS_UNKNOWN_VERSION.
 
-If the SCT's signature is incorrect, the validation status will be
-SCT_VALIDATION_STATUS_INVALID. Otherwise, if all checks have passed, the
-validation status will be SCT_VALIDATION_STATUS_VALID.
+If the SCT's signature is incorrect, its timestamp is in the future (relative to
+the time in CT_POLICY_EVAL_CTX), or if it is otherwise invalid, the validation
+status will be SCT_VALIDATION_STATUS_INVALID.
+
+If all checks pass, the validation status will be SCT_VALIDATION_STATUS_VALID.
 
 =head1 NOTES
 
A mirror of the official openssl repository