2015-03-05 21:35 GMT+01:00 Willy Tarreau <[email protected]>: > Well, I don't know if it's the right way to implement it, I'll let the > SSL experts review your work. However what I can say is that it's the > right way to write and submit a patch for quick inclusion. Your code is > very clean is the doc is provided as well. Good job for a first patch! > > Concerning 1.5, we avoid backporting features into 1.5 to avoid reproducing > the mess that 1.4 was with regressions. That said, we seldom make a few > exceptions when the feature addresses an ongoing problem to expect soon. > Here I don't think it's the case, but if everyone thinks it would be nice > to have it there, users decide :-)
No problem, I've just mentioned it for completeness. Currently Certificate Transparency is required by Chrome only for EV certificates issued in 2015. Most major CAs already embed SCTs in issued certificates (for example see certificate at https://www.digicert.com/). So this patch is of interest mainly for people having EV certificate from CA not participating in CT. This patch also requires OpenSSL 1.0.2, which was released just recently, so not many users will push for this:) -- Janusz Dziemidowicz
