is preferably the one provided by a call to L<OSSL_CMP_CTX_set1_srvCert(3)>.
If no such sender cert has been pinned then candidate sender certificates are
taken from the list of certificates received in the C<msg> extraCerts, then any
-certificates provided before via L<OSSL_CMP_CTX_set1_untrusted_certs(3)>, and
+certificates provided before via L<OSSL_CMP_CTX_set1_untrusted(3)>, and
then all trusted certificates provided via L<OSSL_CMP_CTX_set0_trustedStore(3)>,
where a candidate is acceptable only if has not expired, its subject DN matches
the C<msg> sender DN (as far as present), and its subject key identifier
Any cert that has been found as described above is cached and tried first when
validating the signatures of subsequent messages in the same transaction.
-After successful validation of PBM-based protection of a certificate response
-the certificates in the caPubs field (if any) are added to the trusted
-certificates provided via L<OSSL_CMP_CTX_set0_trustedStore(3)>, such that
-they are available for validating subsequent messages in the same context.
-Those could apply to any Polling Response (pollRep), error, or PKI Confirmation
-(PKIConf) messages following in the same or future transactions.
-
OSSL_CMP_validate_cert_path() attempts to validate the given certificate and its
path using the given store of trusted certs (possibly including CRLs and a cert
verification callback) and non-trusted intermediate certs from the B<ctx>.
=head1 SEE ALSO
-L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_IR_ses(3)>
+L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_certreq(3)>
=head1 HISTORY
=head1 COPYRIGHT
-Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy