[Pkg-openssl-devel] Bug#876403: Bug#876403: Ship ct_log_list.cnf so -ct works

Kurt Roeckx kurt at roeckx.be
Thu Sep 21 22:29:38 UTC 2017


On Thu, Sep 21, 2017 at 12:03:19PM -0700, Josh Triplett wrote:
> 
> Please ship an appropriate /usr/lib/ssl/ct_log_list.cnf .

I think the problem is that there is no such thing as a
appropriate file. We could do things like what Chrome supports,
or what other browsers in the future support.

The file probably doesn't support enough options to what we really
would like to see as a policy, and I think OpenSSL lacks support
for enforcing such a policy.

I'm not sure that adding such a file currently has any benefit.


Kurt



More information about the Pkg-openssl-devel mailing list