Allow subject of CMP -oldcert as sender unless protection cert is given

Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11998)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-05-20 15:10:05 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-06-13 15:13:21 +0200
commit: 1693135564d00e34ca9f41ff785b5d60e3500415 (patch)
tree: c5a5ca95fbf388d55977bfcc7b8a15924db09fe6 /crypto
parent: 7e998a0fdcbc59ef527ae84338439af75986c96a (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index 7f2506ba9e..38b3bce3f5 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -300,11 +300,12 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
         return 0;
 
     /*
-     * The sender name is copied from the subject of the client cert, if any,
-     * or else from the subject name provided for certification requests.
+     * If neither protection cert nor oldCert nor subject are given,
+     * sender name is not known to the client and thus set to NULL-DN
      */
-    sender = ctx->cert != NULL ?
-        X509_get_subject_name(ctx->cert) : ctx->subjectName;
+    sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) :
+        ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) :
+        ctx->subjectName;
     if (!ossl_cmp_hdr_set1_sender(hdr, sender))
         return 0;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-05-20 15:10:05 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-06-13 15:13:21 +0200
commit	1693135564d00e34ca9f41ff785b5d60e3500415 (patch)
tree	c5a5ca95fbf388d55977bfcc7b8a15924db09fe6 /crypto
parent	7e998a0fdcbc59ef527ae84338439af75986c96a (diff)