diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 12:11:31 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-10 07:07:55 +0200 |
commit | a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch) | |
tree | 00d93474fb208fba1ce021a5a82d1effb933535b /crypto/cmp/cmp_local.h | |
parent | 474853c39a2b631f9f401df32834043500081b7c (diff) |
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
Diffstat (limited to 'crypto/cmp/cmp_local.h')
-rw-r--r-- | crypto/cmp/cmp_local.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index d5ac7a521d..434f9e093f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -71,6 +71,7 @@ struct ossl_cmp_ctx_st { /* client authentication */ int unprotectedSend; /* send unprotected PKI messages */ X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */ + STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */ EVP_PKEY *pkey; /* the key pair corresponding to cert */ ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */ ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */ |