Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 eb64a6c6 编写于 作者: R Rob Percival 提交者: Rich Salz
浏览文件
操作

Documentation for new CT s_client flags 

Reviewed-by: NBen Laurie <ben@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 238d692c
隐藏空白更改
内联 并排
Showing with 25 addition and 0 deletion
CHANGES
浏览文件 @ eb64a6c6
...@@ -873,6 +873,11 @@ ...@@ -873,6 +873,11 @@
whose return value is often ignored. whose return value is often ignored.
[Steve Henson] [Steve Henson]
*) New -noct, -requestct, -requirect and -ctlogfile options for s_client.
These allow SCTs (signed certificate timestamps) to be requested and
validated when establishing a connection.
[Rob Percival <robpercival@google.com>]
Changes between 1.0.2f and 1.0.2g [1 Mar 2016] Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
* Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
......
NEWS
浏览文件 @ eb64a6c6
...@@ -39,6 +39,7 @@ ...@@ -39,6 +39,7 @@
o Support for X25519 o Support for X25519
o Extended SSL_CONF support using configuration files o Extended SSL_CONF support using configuration files
o KDF algorithm support. Implement TLS PRF as a KDF. o KDF algorithm support. Implement TLS PRF as a KDF.
o Support for Certificate Transparency
Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016] Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
......
doc/apps/s_client.pod
浏览文件 @ eb64a6c6
...@@ -91,6 +91,8 @@ B<openssl> B<s_client> ...@@ -91,6 +91,8 @@ B<openssl> B<s_client>
[B<-serverinfo types>] [B<-serverinfo types>]
[B<-status>] [B<-status>]
[B<-nextprotoneg protocols>] [B<-nextprotoneg protocols>]
[B<-noct|requestct|requirect>]
[B<-ctlogfile>]
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -435,6 +437,23 @@ Empty list of protocols is treated specially and will cause the client to ...@@ -435,6 +437,23 @@ Empty list of protocols is treated specially and will cause the client to
advertise support for the TLS extension but disconnect just after advertise support for the TLS extension but disconnect just after
receiving ServerHello with a list of server supported protocols. receiving ServerHello with a list of server supported protocols.
=item B<-noct|requestct|requirect>
Use one of these three options to control whether Certificate Transparency (CT)
is disabled (-noct), enabled but not enforced (-requestct), or enabled and
enforced (-requirect). If CT is enabled, signed certificate timestamps (SCTs)
will be requested from the server and invalid SCTs will cause the connection to
be aborted. If CT is enforced, at least one valid SCT from a recognised CT log
(see B<-ctlogfile>) will be required or the connection will be aborted.
Enabling CT also enables OCSP stapling, as this is one possible delivery method
for SCTs.
=item B<-ctlogfile>
A file containing a list of known Certificate Transparency logs. See
L<SSL_CTX_set_ctlog_list_file(3)> for the expected file format.
=back =back
=head1 CONNECTED COMMANDS =head1 CONNECTED COMMANDS
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册