summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
7e998a0)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
- * The sender name is copied from the subject of the client cert, if any,
- * or else from the subject name provided for certification requests.
+ * If neither protection cert nor oldCert nor subject are given,
+ * sender name is not known to the client and thus set to NULL-DN
- sender = ctx->cert != NULL ?
- X509_get_subject_name(ctx->cert) : ctx->subjectName;
+ sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
+ ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
+ ctx->subjectName;
if (!ossl_cmp_hdr_set1_sender(hdr, sender))
return 0;
if (!ossl_cmp_hdr_set1_sender(hdr, sender))
return 0;
The reference certificate determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
The reference certificate determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
-Its issuer, if any, is used as default recipient in the CMP message header
-if neither B<-srvcert>, B<-recipient>, nor B<-issuer> is available.
+Its subject is used as sender in CMP message headers if B<-cert> is not given.
+Its issuer is used as default recipient in CMP message headers
+if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
=item B<-revreason> I<number>
=item B<-revreason> I<number>
It must be given for RR, else it defaults to the protection B<cert>.
The B<reference certificate> determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
It must be given for RR, else it defaults to the protection B<cert>.
The B<reference certificate> determined in this way, if any, is also used for
deriving default subject DN and Subject Alternative Names for IR, CR, and KUR.
-Its issuer, if any, is used as default recipient in the CMP message header.
+Its subject is used as sender in CMP message headers if no protection cert is given.
+Its issuer is used as default recipient in CMP message headers.
OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR.
OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to be used in P10CR.