diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-08-04 11:47:17 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-03-06 08:49:28 +0100 |
| commit | 904ee652902e157a921881bf844c57b4dd4bfdd9 (patch) | |
| tree | ee46cf97cfe5b47d52db089474503bd5af074697 /apps | |
| parent | 2fbe23bbbe52bd35fb85abde50e538fb92e5e2b1 (diff) | |
apps/cmp: extend documentation and diagnostics for using -reqin in special situations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/cmp.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 321feb6275..e289fd8ebd 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1586,13 +1586,15 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) && opt_popo != OSSL_CRMF_POPO_NONE && opt_popo != OSSL_CRMF_POPO_RAVERIFIED) { if (opt_csr != NULL) { - CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s", - opt_key == NULL ? "" : - ", and -key option superseded by -csr"); + CMP_err1("no -newkey option given with private key for POPO, -csr option provides just public key%s", + opt_key == NULL ? "" : + ", and -key option superseded by -csr"); + if (opt_reqin != NULL) + CMP_info("since -reqin is used, may use -popo -1 or -popo 0 to disable the needless generation of a POPO"); return 0; } if (opt_key == NULL) { - CMP_err("missing -newkey (or -key) option for POPO"); + CMP_err("missing -newkey (or -key) option for key to be certified and for POPO"); return 0; } } @@ -1696,7 +1698,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) if (opt_recipient == NULL && opt_srvcert == NULL && opt_issuer == NULL && opt_oldcert == NULL && opt_cert == NULL) - CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient will be set to \"NULL-DN\""); + CMP_warn("missing -recipient, -srvcert, -issuer, -oldcert or -cert; recipient for any requests not covered by -reqin will be set to \"NULL-DN\""); if (opt_cmd == CMP_P10CR || opt_cmd == CMP_RR || opt_cmd == CMP_GENM) { const char *msg = "option is ignored for 'p10cr', 'rr', and 'genm' commands"; |