diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-01-27 21:17:50 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-02-13 11:56:10 +0100 |
commit | 6b58f498b3f5d8e4c9197c3c5228fb450e33aaaf (patch) | |
tree | 481acfef6b930c147e060be157656eaee95edf0a /apps | |
parent | 1472127d9d6bc4866ab26b503e0d5937b40dca37 (diff) |
OSSL_CMP_certConf_cb(): fix regression on checking newly enrolled cert
Also add corresponding tests and to this end update credentials
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20160)
Diffstat (limited to 'apps')
-rw-r--r-- | apps/cmp.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 00e8be63d1..f31358e741 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1274,7 +1274,9 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, /* disable any cert status/revocation checking etc. */ X509_VERIFY_PARAM_clear_flags(tls_vpm, ~(X509_V_FLAG_USE_CHECK_TIME - | X509_V_FLAG_NO_CHECK_TIME)); + | X509_V_FLAG_NO_CHECK_TIME + | X509_V_FLAG_PARTIAL_CHAIN + | X509_V_FLAG_POLICY_CHECK)); } CMP_debug("trying to build cert chain for own TLS cert"); if (SSL_CTX_build_cert_chain(ssl_ctx, |