Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs

* Use strenghtened cert chain building, verifying chain using optional trust store while making sure that no certificate status (e.g., CRL) checks are done * Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod * Simplify certificate and cert store loading in apps/cmp.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12741)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-28 12:11:31 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-10 07:07:55 +0200
commit: a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch)
tree: 00d93474fb208fba1ce021a5a82d1effb933535b /crypto/cmp/cmp_local.h
parent: 474853c39a2b631f9f401df32834043500081b7c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index d5ac7a521d..434f9e093f 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -71,6 +71,7 @@ struct ossl_cmp_ctx_st {
     /* client authentication */
     int unprotectedSend; /* send unprotected PKI messages */
     X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */
+    STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */
     EVP_PKEY *pkey; /* the key pair corresponding to cert */
     ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */
     ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-28 12:11:31 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-10 07:07:55 +0200
commit	a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch)
tree	00d93474fb208fba1ce021a5a82d1effb933535b /crypto/cmp/cmp_local.h
parent	474853c39a2b631f9f401df32834043500081b7c (diff)