bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM

author Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Fri, 4 Sep 2020 08:58:26 +0000 (10:58 +0200)

committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>

Thu, 10 Sep 2020 05:40:45 +0000 (07:40 +0200)
author Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Fri, 4 Sep 2020 08:58:26 +0000 (10:58 +0200)
committer Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Thu, 10 Sep 2020 05:40:45 +0000 (07:40 +0200)
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c

index 6313cc94cebf3af8dd6bd088d2995e2d36854d42..2001e359c54168e91154e60af55c23e074fba2b1 100644 (file)
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -140,7 +140,8 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
          return 0;
  
      /* Add first ctx->cert and its chain if using signature-based protection */
-    if (!ctx->unprotectedSend && ctx->secretValue == NULL) {
+    if (!ctx->unprotectedSend && ctx->secretValue == NULL
+            && ctx->cert != NULL && ctx->pkey != NULL) {
          int flags_prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
              | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Fri, 4 Sep 2020 08:58:26 +0000 (10:58 +0200)
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>
	Thu, 10 Sep 2020 05:40:45 +0000 (07:40 +0200)