diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-05-20 15:10:05 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-06-13 15:13:21 +0200 |
commit | 1693135564d00e34ca9f41ff785b5d60e3500415 (patch) | |
tree | c5a5ca95fbf388d55977bfcc7b8a15924db09fe6 /crypto | |
parent | 7e998a0fdcbc59ef527ae84338439af75986c96a (diff) |
Allow subject of CMP -oldcert as sender unless protection cert is given
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/cmp/cmp_hdr.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c index 7f2506ba9e..38b3bce3f5 100644 --- a/crypto/cmp/cmp_hdr.c +++ b/crypto/cmp/cmp_hdr.c @@ -300,11 +300,12 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr) return 0; /* - * The sender name is copied from the subject of the client cert, if any, - * or else from the subject name provided for certification requests. + * If neither protection cert nor oldCert nor subject are given, + * sender name is not known to the client and thus set to NULL-DN */ - sender = ctx->cert != NULL ? - X509_get_subject_name(ctx->cert) : ctx->subjectName; + sender = ctx->cert != NULL ? X509_get_subject_name(ctx->cert) : + ctx->oldCert != NULL ? X509_get_subject_name(ctx->oldCert) : + ctx->subjectName; if (!ossl_cmp_hdr_set1_sender(hdr, sender)) return 0; |