On Fri, Mar 06, 2015 at 04:43:48PM +0100, Janusz Dziemidowicz wrote: > 2015-03-05 21:35 GMT+01:00 Willy Tarreau <[email protected]>: > > Well, I don't know if it's the right way to implement it, I'll let the > > SSL experts review your work. However what I can say is that it's the > > right way to write and submit a patch for quick inclusion. Your code is > > very clean is the doc is provided as well. Good job for a first patch! > > > > Concerning 1.5, we avoid backporting features into 1.5 to avoid reproducing > > the mess that 1.4 was with regressions. That said, we seldom make a few > > exceptions when the feature addresses an ongoing problem to expect soon. > > Here I don't think it's the case, but if everyone thinks it would be nice > > to have it there, users decide :-) > > No problem, I've just mentioned it for completeness. Currently > Certificate Transparency is required by Chrome only for EV > certificates issued in 2015. Most major CAs already embed SCTs in > issued certificates (for example see certificate at > https://www.digicert.com/). So this patch is of interest mainly for > people having EV certificate from CA not participating in CT. This > patch also requires OpenSSL 1.0.2, which was released just recently, > so not many users will push for this:)
Great, thanks for this clarification. Willy
