[thirdparty/openssl.git] / doc / man3 / CTLOG_STORE_new.pod

=pod

=head1 NAME

CTLOG_STORE_new, CTLOG_STORE_free,
CTLOG_STORE_load_default_file, CTLOG_STORE_load_file -
Create and populate a Certificate Transparency log list

=head1 SYNOPSIS

 #include <openssl/ct.h>

 CTLOG_STORE *CTLOG_STORE_new(void);
 void CTLOG_STORE_free(CTLOG_STORE *store);

 int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
 int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);

=head1 DESCRIPTION

A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
logs). The list can be loaded from one or more files and then searched by LogID
(see RFC 6962, Section 3.2, for the definition of a LogID).

CTLOG_STORE_new() creates an empty list of CT logs. This is then populated
by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file().
CTLOG_STORE_load_default_file() loads from the default file, which is named
"ct_log_list.cnf" in OPENSSLDIR (see the output of L<version>). This can be
overridden using an environment variable named "CTLOG_FILE".
CTLOG_STORE_load_file() loads from a caller-specified file path instead.
Both of these functions append any loaded CT logs to the CTLOG_STORE.

The expected format of the file is:

 enabled_logs=foo,bar

 [foo]
 description = Log 1
 key = <base64-encoded DER SubjectPublicKeyInfo here>

 [bar]
 description = Log 2
 key = <base64-encoded DER SubjectPublicKeyInfo here>

Once a CTLOG_STORE is no longer required, it should be passed to
CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
with the CTLOG_STORE itself.

=head1 NOTES

If there are any invalid CT logs in a file, they are skipped and the remaining
valid logs will still be added to the CTLOG_STORE. A CT log will be considered
invalid if it is missing a "key" or "description" field.

=head1 RETURN VALUES

Both B<CTLOG_STORE_load_default_file> and B<CTLOG_STORE_load_file> return 1 if
all CT logs in the file are successfully parsed and loaded, 0 otherwise.

=head1 SEE ALSO

L<ct(7)>,
L<CTLOG_STORE_get0_log_by_id(3)>,
L<SSL_CTX_set_ctlog_list_file(3)>

=head1 HISTORY

These functions were added in OpenSSL 1.1.0.

=head1 COPYRIGHT

Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
56f3f714 RP	1	=pod
	2
	3	=head1 NAME
	4
	5	CTLOG_STORE_new, CTLOG_STORE_free,
	6	CTLOG_STORE_load_default_file, CTLOG_STORE_load_file -
	7	Create and populate a Certificate Transparency log list
	8
	9	=head1 SYNOPSIS
	10
	11	#include <openssl/ct.h>
	12
	13	CTLOG_STORE *CTLOG_STORE_new(void);
	14	void CTLOG_STORE_free(CTLOG_STORE *store);
	15
	16	int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
	17	int CTLOG_STORE_load_file(CTLOG_STORE store, const char file);
	18
	19	=head1 DESCRIPTION
	20
	21	A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
	22	logs). The list can be loaded from one or more files and then searched by LogID
	23	(see RFC 6962, Section 3.2, for the definition of a LogID).
	24
8b12a3e7 RP	25	CTLOG_STORE_new() creates an empty list of CT logs. This is then populated
	26	by CTLOG_STORE_load_default_file() or CTLOG_STORE_load_file().
	27	CTLOG_STORE_load_default_file() loads from the default file, which is named
4a388d1e RP	28	"ct_log_list.cnf" in OPENSSLDIR (see the output of L<version>). This can be
4a388d1e RP	29	overridden using an environment variable named "CTLOG_FILE".
8b12a3e7	30	CTLOG_STORE_load_file() loads from a caller-specified file path instead.
56f3f714 RP	31	Both of these functions append any loaded CT logs to the CTLOG_STORE.
	32
	33	The expected format of the file is:
	34
	35	enabled_logs=foo,bar
	36
	37	[foo]
	38	description = Log 1
882babda	39	key = <base64-encoded DER SubjectPublicKeyInfo here>
56f3f714 RP	40
	41	[bar]
	42	description = Log 2
882babda	43	key = <base64-encoded DER SubjectPublicKeyInfo here>
56f3f714 RP	44
56f3f714 RP	45	Once a CTLOG_STORE is no longer required, it should be passed to
8b12a3e7	46	CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
56f3f714 RP	47	with the CTLOG_STORE itself.
	48
	49	=head1 NOTES
	50
	51	If there are any invalid CT logs in a file, they are skipped and the remaining
	52	valid logs will still be added to the CTLOG_STORE. A CT log will be considered
	53	invalid if it is missing a "key" or "description" field.
	54
	55	=head1 RETURN VALUES
	56
	57	Both B<CTLOG_STORE_load_default_file> and B<CTLOG_STORE_load_file> return 1 if
	58	all CT logs in the file are successfully parsed and loaded, 0 otherwise.
	59
	60	=head1 SEE ALSO
	61
b97fdb57	62	L<ct(7)>,
56f3f714 RP	63	L<CTLOG_STORE_get0_log_by_id(3)>,
	64	L<SSL_CTX_set_ctlog_list_file(3)>
	65
32fa3da8 RP	66	=head1 HISTORY
	67
	68	These functions were added in OpenSSL 1.1.0.
	69
56f3f714 RP	70	=head1 COPYRIGHT
	71
	72	Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
	73
4746f25a	74	Licensed under the Apache License 2.0 (the "License"). You may not use
56f3f714 RP	75	this file except in compliance with the License. You can obtain a copy
	76	in the file LICENSE in the source distribution or at
	77	L<https://www.openssl.org/source/license.html>.
	78
6c3e9a71	79	=cut