Move part of OSSL_CMP_validate_msg() to ossl_cmp_msg_check_update()

[openssl.git] / doc / man3 / OSSL_CMP_validate_msg.pod

diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod
index 3b06532cebbc12fe7000cd39a51a917d65d12338..3bf5c0681112565c174958c132290a9443f52fdc 100644 (file)
--- a/doc/man3/OSSL_CMP_validate_msg.pod
+++ b/doc/man3/OSSL_CMP_validate_msg.pod
@@ -46,13 +46,6 @@ according to TS 33.310 [Network Domain Security (NDS); Authentication Framework
 Any cert that has been found as described above is cached and tried first when
 validating the signatures of subsequent messages in the same transaction.
 
-After successful validation of PBM-based protection of a certificate response
-the certificates in the caPubs field (if any) are added to the trusted
-certificates provided via L<OSSL_CMP_CTX_set0_trustedStore(3)>, such that
-they are available for validating subsequent messages in the same context.
-Those could apply to any Polling Response (pollRep), error, or PKI Confirmation
-(PKIConf) messages following in the same or future transactions.
-
 OSSL_CMP_validate_cert_path() attempts to validate the given certificate and its
 path using the given store of trusted certs (possibly including CRLs and a cert
 verification callback) and non-trusted intermediate certs from the B<ctx>.