bugfix in ossl_cmp_msg_add_extraCerts(): should include cert chain when using PBM

Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12822)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-04 10:58:26 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-09-10 07:40:45 +0200
commit: 61994781011ba4dde5b546971623ce6590d5d60f (patch)
tree: cfaf7da98f72833828e6e6c27fbf1d711e76509b /crypto/cmp
parent: 7eb48cfc66372772c088c7ef1f443432a36e8a5c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 6313cc94ce..2001e359c5 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -140,7 +140,8 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
         return 0;
 
     /* Add first ctx->cert and its chain if using signature-based protection */
-    if (!ctx->unprotectedSend && ctx->secretValue == NULL) {
+    if (!ctx->unprotectedSend && ctx->secretValue == NULL
+            && ctx->cert != NULL && ctx->pkey != NULL) {
         int flags_prepend = X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
             | X509_ADD_FLAG_PREPEND | X509_ADD_FLAG_NO_SS;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-04 10:58:26 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-09-10 07:40:45 +0200
commit	61994781011ba4dde5b546971623ce6590d5d60f (patch)
tree	cfaf7da98f72833828e6e6c27fbf1d711e76509b /crypto/cmp
parent	7eb48cfc66372772c088c7ef1f443432a36e8a5c (diff)