diff options
author | Rajeev Ranjan <ranjan.rajeev@siemens.com> | 2024-03-25 14:00:58 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-04-22 08:28:25 +0200 |
commit | fc9649f61a8ac5f980da6807214fcbbbae1c45aa (patch) | |
tree | 0bdde07f9b5372d0fb35ad0fd941de48372f63f9 /apps | |
parent | 6594baf6457c64f6fce3ec60cb2617f75d98d159 (diff) |
fix sending error when no root CA cert update available
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24169)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/lib/cmp_mock_srv.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c index 5fed3a9fd0..b0c8dfbb8c 100644 --- a/apps/lib/cmp_mock_srv.c +++ b/apps/lib/cmp_mock_srv.c @@ -401,9 +401,22 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid, rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut); break; case NID_id_it_rootCaCert: - rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew, - ctx->newWithOld, - ctx->oldWithNew); + { + X509 *rootcacert = NULL; + + if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert)) + return NULL; + + if (rootcacert != NULL + && X509_NAME_cmp(X509_get_subject_name(rootcacert), + X509_get_subject_name(ctx->newWithNew)) != 0) + /* The subjects do not match */ + rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL); + else + rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew, + ctx->newWithOld, + ctx->oldWithNew); + } break; default: rsp = OSSL_CMP_ITAV_dup(req); |