diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 12:11:31 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-10 07:07:55 +0200 |
commit | a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch) | |
tree | 00d93474fb208fba1ce021a5a82d1effb933535b /doc/internal | |
parent | 474853c39a2b631f9f401df32834043500081b7c (diff) | |
download | openssl-a0745e2be6635ffdf286ba5bc3bd867c8d4152a9.tar.gz |
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
Diffstat (limited to 'doc/internal')
-rw-r--r-- | doc/internal/man3/ossl_cmp_msg_protect.pod | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index 39f5146530..0a6b70fe9d 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -46,7 +46,7 @@ It also sets the protectionAlg field in the message header accordingly. ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>. If signature-based message protection is used it adds first the CMP signer cert ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx> -tries to build it using ctx->untrusted_certs and caches the result in ctx->chain. +tries to build it using ctx->untrusted and caches the result in ctx->chain. In any case all the certificates explicitly specified to be sent out (i.e., I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). |