summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorRajeev Ranjan <ranjan.rajeev@siemens.com>2024-03-25 14:00:58 +0100
committerDr. David von Oheimb <dev@ddvo.net>2024-04-22 08:28:25 +0200
commitfc9649f61a8ac5f980da6807214fcbbbae1c45aa (patch)
tree0bdde07f9b5372d0fb35ad0fd941de48372f63f9 /apps
parent6594baf6457c64f6fce3ec60cb2617f75d98d159 (diff)
fix sending error when no root CA cert update available
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24169)
Diffstat (limited to 'apps')
-rw-r--r--apps/lib/cmp_mock_srv.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 5fed3a9fd0..b0c8dfbb8c 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -401,9 +401,22 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
break;
case NID_id_it_rootCaCert:
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
- ctx->newWithOld,
- ctx->oldWithNew);
+ {
+ X509 *rootcacert = NULL;
+
+ if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
+ return NULL;
+
+ if (rootcacert != NULL
+ && X509_NAME_cmp(X509_get_subject_name(rootcacert),
+ X509_get_subject_name(ctx->newWithNew)) != 0)
+ /* The subjects do not match */
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
+ else
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
+ ctx->newWithOld,
+ ctx->oldWithNew);
+ }
break;
default:
rsp = OSSL_CMP_ITAV_dup(req);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 06:07:13 +0000