Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs

* Use strenghtened cert chain building, verifying chain using optional trust store while making sure that no certificate status (e.g., CRL) checks are done * Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod * Simplify certificate and cert store loading in apps/cmp.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12741)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-28 12:11:31 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-10 07:07:55 +0200
commit: a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch)
tree: 00d93474fb208fba1ce021a5a82d1effb933535b /doc/man1
parent: 474853c39a2b631f9f401df32834043500081b7c (diff)
download: openssl-a0745e2be6635ffdf286ba5bc3bd867c8d4152a9.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 623e3f7dee..75ee82211d 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -681,6 +681,7 @@ Defaults to C<hmac-sha1> as per RFC 4210.
 =item B<-extracerts> I<sources>
 
 Certificates to append in the extraCerts field when sending messages.
+They can be used as the default CMP signer certificate chain to include.
 
 Multiple filenames or URLs may be given, separated by commas and/or whitespace
 (where in the latter case the whole argument must be enclosed in "...").
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-28 12:11:31 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-10 07:07:55 +0200
commit	a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch)
tree	00d93474fb208fba1ce021a5a82d1effb933535b /doc/man1
parent	474853c39a2b631f9f401df32834043500081b7c (diff)
download	openssl-a0745e2be6635ffdf286ba5bc3bd867c8d4152a9.tar.gz