- if (!check_name(ctx, 0, "sender DN field", hdr->sender->d.directoryName,
- "expected sender", expected_sender))
- return 0;
+ if (expected_sender != NULL) {
+ const X509_NAME *actual_sender;
+ char *str;
+
+ if (hdr->sender->type != GEN_DIRNAME) {
+ ERR_raise(ERR_LIB_CMP, CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED);
+ return 0;
+ }
+ actual_sender = hdr->sender->d.directoryName;
+ /*
+ * Compare actual sender name of response with expected sender name.
+ * Mitigates risk of accepting misused PBM secret or
+ * misused certificate of an unauthorized entity of a trusted hierarchy.
+ */
+ if (!check_name(ctx, 0, "sender DN field", actual_sender,
+ "expected sender", expected_sender)) {
+ str = X509_NAME_oneline(actual_sender, NULL, 0);
+ ERR_raise_data(ERR_LIB_CMP, CMP_R_UNEXPECTED_SENDER,
+ str != NULL ? str : "<unknown>");
+ OPENSSL_free(str);
+ return 0;
+ }
+ }