diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-12-19 11:09:33 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-01-17 15:03:40 +0100 |
commit | fd514375e22d3039ab0ab12e3017aadf2c38b761 (patch) | |
tree | f65630d9aa95f41fec490e66ef63dbcdd2cfc03d | |
parent | 971028535e6531c89449e06b1f6862c18f04ff91 (diff) |
CMP app: make -ignore_keyusage apply also for mock server
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)
-rw-r--r-- | apps/cmp.c | 6 | ||||
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 1 |
2 files changed, 4 insertions, 3 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index e0b03c3cb5..8a0d182fbe 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1238,9 +1238,6 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx) } } - if (opt_ignore_keyusage) - (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1); - if (opt_unprotected_errors) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1); @@ -3244,6 +3241,9 @@ int cmp_main(int argc, char **argv) } #endif + if (opt_ignore_keyusage) + (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1); + if (opt_use_mock_srv #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP) || opt_port != NULL diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 21e4bd95b7..b42c422766 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -632,6 +632,7 @@ For details see the description of the B<-subject> option. Ignore key usage restrictions in CMP signer certificates when validating signature-based protection of incoming CMP messages. By default, C<digitalSignature> must be allowed by CMP signer certificates. +This option applies to both CMP clients and the mock server. =item B<-unprotected_errors> |