Read Certificate Transparency (RFC 6962) SCT extension
This MR would close issue #232.
I've implemented new public functions to parse the Certificate Transparency SCT extension (Signed Certificate Timestamp), as specified by RFC 6962.
It also extends
certtool to be able to read such extension from certificates.
The tests included in this MR use the aclu.org example X.509 certificate provided by Daniel Kahn Gillmor in the issue itself. It is embedded as a PEM string in the test code
x509cert-ct.c. I can change that and create a new custom certificate if asked.
Signed-off-by:with name/author being identical to the commit author
- Code modified for feature
- Test suite updated with functionality tests
- Test suite updated with negative tests
- Documentation updated / NEWS entry present (for non-trivial changes)
- CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)
- Any issues marked for closing are addressed
- There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to
- This feature/change has adequate documentation added
- No obvious mistakes in the code