cmp_server.c: Fix check: certConf not allowed after transaction is closed

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15848)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2021-06-21 14:47:58 +0200
committer: Dr. David von Oheimb <dev@ddvo.net> 2021-06-23 17:20:49 +0200
commit: 83c2744173a48643a4c3a05e379f7616e4f0cc51 (patch)
tree: d338e7b60dbb408ed7b4360f758c7f4e1028f92d /crypto/cmp
parent: 3c28aa85e7a21db044a5e1a094805402e2fd6490 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index c4ef5fa203..a7cc38da5a 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -337,7 +337,8 @@ static OSSL_CMP_MSG *process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
     ccc = req->body->value.certConf;
     num = sk_OSSL_CMP_CERTSTATUS_num(ccc);
 
-    if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1) {
+    if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1
+            || ctx->status != -2 /* transaction not open */) {
         ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF);
         return NULL;
     }
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2021-06-21 14:47:58 +0200
committer	Dr. David von Oheimb <dev@ddvo.net>	2021-06-23 17:20:49 +0200
commit	83c2744173a48643a4c3a05e379f7616e4f0cc51 (patch)
tree	d338e7b60dbb408ed7b4360f758c7f4e1028f92d /crypto/cmp
parent	3c28aa85e7a21db044a5e1a094805402e2fd6490 (diff)