return 0;
/*
- * The sender name is copied from the subject of the client cert, if any,
- * or else from the subject name provided for certification requests.
+ * If neither protection cert nor oldCert nor subject are given,
+ * sender name is not known to the client and thus set to NULL-DN
*/
- sender = ctx->cert != NULL ?
- X509_get_subject_name(ctx->cert) : ctx->subjectName;
+ sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
+ ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
+ ctx->subjectName;
if (!ossl_cmp_hdr_set1_sender(hdr, sender))
return 0;
The reference certificate determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
-Its issuer, if any, is used as default recipient in the CMP message header
-if neither B<-srvcert>, B<-recipient>, nor B<-issuer> is available.
+Its subject is used as sender in CMP message headers if B<-cert> is not given.
+Its issuer is used as default recipient in CMP message headers
+if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
=item B<-revreason> I<number>
It must be given for RR, else it defaults to the protection B<cert>.
The B<reference certificate> determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
-Its issuer, if any, is used as default recipient in the CMP message header.
+Its subject is used as sender in CMP message headers if no protection cert is given.
+Its issuer is used as default recipient in CMP message headers.
OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR.
projects / openssl.git / commitdiff