xref: /openssl/doc/man3/CTLOG_STORE_new.pod (revision 7ed6de99)
1=pod
2
3=head1 NAME
4
5CTLOG_STORE_new_ex,
6CTLOG_STORE_new, CTLOG_STORE_free,
7CTLOG_STORE_load_default_file, CTLOG_STORE_load_file -
8Create and populate a Certificate Transparency log list
9
10=head1 SYNOPSIS
11
12 #include <openssl/ct.h>
13
14 CTLOG_STORE *CTLOG_STORE_new_ex(OSSL_LIB_CTX *libctx, const char *propq);
15 CTLOG_STORE *CTLOG_STORE_new(void);
16 void CTLOG_STORE_free(CTLOG_STORE *store);
17
18 int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
19 int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
20
21=head1 DESCRIPTION
22
23A CTLOG_STORE is a container for a list of CTLOGs (Certificate Transparency
24logs). The list can be loaded from one or more files and then searched by LogID
25(see RFC 6962, Section 3.2, for the definition of a LogID).
26
27CTLOG_STORE_new_ex() creates an empty list of CT logs associated with
28the library context I<libctx> and the property query string I<propq>.
29
30CTLOG_STORE_new() does the same thing as CTLOG_STORE_new_ex() but with
31the default library context and property query string.
32
33The CTLOG_STORE is then populated by CTLOG_STORE_load_default_file() or
34CTLOG_STORE_load_file(). CTLOG_STORE_load_default_file() loads from the default
35file, which is named F<ct_log_list.cnf> in OPENSSLDIR (see the output of
36L<openssl-version(1)>). This can be overridden using an environment variable
37named B<CTLOG_FILE>. CTLOG_STORE_load_file() loads from a caller-specified file
38path instead. Both of these functions append any loaded CT logs to the
39CTLOG_STORE.
40
41The expected format of the file is:
42
43 enabled_logs=foo,bar
44
45 [foo]
46 description = Log 1
47 key = <base64-encoded DER SubjectPublicKeyInfo here>
48
49 [bar]
50 description = Log 2
51 key = <base64-encoded DER SubjectPublicKeyInfo here>
52
53Once a CTLOG_STORE is no longer required, it should be passed to
54CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
55with the CTLOG_STORE itself. If the argument is NULL, nothing is done.
56
57=head1 NOTES
58
59If there are any invalid CT logs in a file, they are skipped and the remaining
60valid logs will still be added to the CTLOG_STORE. A CT log will be considered
61invalid if it is missing a "key" or "description" field.
62
63=head1 RETURN VALUES
64
65Both B<CTLOG_STORE_load_default_file> and B<CTLOG_STORE_load_file> return 1 if
66all CT logs in the file are successfully parsed and loaded, 0 otherwise.
67
68=head1 SEE ALSO
69
70L<ct(7)>,
71L<CTLOG_STORE_get0_log_by_id(3)>,
72L<SSL_CTX_set_ctlog_list_file(3)>
73
74=head1 HISTORY
75
76CTLOG_STORE_new_ex was added in OpenSSL 3.0. All other functions were
77added in OpenSSL 1.1.0.
78
79=head1 COPYRIGHT
80
81Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
82
83Licensed under the Apache License 2.0 (the "License").  You may not use
84this file except in compliance with the License.  You can obtain a copy
85in the file LICENSE in the source distribution or at
86L<https://www.openssl.org/source/license.html>.
87
88=cut
89