break;
default:
if (IS_CREP(rcvd_type)) {
+ int any_rid = OSSL_CMP_CERTREQID_NONE;
OSSL_CMP_CERTREPMESSAGE *crepmsg = rep->body->value.ip;
OSSL_CMP_CERTRESPONSE *crep =
- ossl_cmp_certrepmessage_get0_certresponse(crepmsg,
- -1 /* any rid */);
+ ossl_cmp_certrepmessage_get0_certresponse(crepmsg, any_rid);
if (sk_OSSL_CMP_CERTRESPONSE_num(crepmsg->response) > 1)
return -1;
* Send certConf for IR, CR or KUR sequences and check response,
* not modifying ctx->status during the certConf exchange
*/
-int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info,
- const char *txt)
+int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int certReqId,
+ int fail_info, const char *txt)
{
OSSL_CMP_MSG *certConf;
OSSL_CMP_MSG *PKIconf = NULL;
int res = 0;
/* OSSL_CMP_certConf_new() also checks if all necessary options are set */
- if ((certConf = ossl_cmp_certConf_new(ctx, fail_info, txt)) == NULL)
+ certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
+ if (certConf == NULL)
goto err;
res = send_receive_check(ctx, certConf, &PKIconf, OSSL_CMP_PKIBODY_PKICONF);
/*-
* Perform the generic handling of certificate responses for IR/CR/KUR/P10CR.
+ * |rid| must be OSSL_CMP_CERTREQID_NONE if not available, namely for p10cr
* Returns -1 on receiving pollRep if sleep == 0, setting the checkAfter value.
* Returns 1 on success and provides the received PKIMESSAGE in *resp.
* Returns 0 on error (which includes the case that timeout has been reached).
return 0;
if (!save_statusInfo(ctx, crep->status))
return 0;
- if (rid == -1) {
- /* for OSSL_CMP_PKIBODY_P10CR learn CertReqId from response */
+ if (rid == OSSL_CMP_CERTREQID_NONE) { /* used for OSSL_CMP_PKIBODY_P10CR */
rid = ossl_cmp_asn1_get_int(crep->certReqId);
- if (rid == -1) {
+ if (rid != OSSL_CMP_CERTREQID_NONE) {
ERR_raise(ERR_LIB_CMP, CMP_R_BAD_REQUEST_ID);
return 0;
}
"rejecting newly enrolled cert with subject: %s", subj);
if (!ctx->disableConfirm
&& !ossl_cmp_hdr_has_implicitConfirm((*resp)->header)) {
- if (!ossl_cmp_exchange_certConf(ctx, fail_info, txt))
+ if (!ossl_cmp_exchange_certConf(ctx, rid, fail_info, txt))
ret = 0;
}
{
OSSL_CMP_MSG *rep = NULL;
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
- int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
+ int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
int res = 0;
{
OSSL_CMP_MSG *rep = NULL;
int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
- int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
+ int rid = is_p10 ? OSSL_CMP_CERTREQID_NONE : OSSL_CMP_CERTREQID;
int rep_type = is_p10 ? OSSL_CMP_PKIBODY_CP : req_type + 1;
X509 *result = NULL;