On Thu, Sep 21, 2017 at 12:03:19PM -0700, Josh Triplett wrote: > > Please ship an appropriate /usr/lib/ssl/ct_log_list.cnf .
I think the problem is that there is no such thing as a appropriate file. We could do things like what Chrome supports, or what other browsers in the future support. The file probably doesn't support enough options to what we really would like to see as a policy, and I think OpenSSL lacks support for enforcing such a policy. I'm not sure that adding such a file currently has any benefit. Kurt
