diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-03 10:31:19 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-25 09:55:26 +0100 |
commit | 4b0c27d44514abb4ad2bb1153db96f106910fc04 (patch) | |
tree | 8eebde2828f5da89f10ac8d728fae05e926da264 /doc/internal | |
parent | f1e144f277fd98a0fde73b884aae541fdc73d063 (diff) |
CMP add: fix -reqin option, which requires adding OSSL_CMP_MSG_update_recipNonce()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20204)
Diffstat (limited to 'doc/internal')
-rw-r--r-- | doc/internal/man3/ossl_cmp_msg_protect.pod | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index ae77712807..04da21fd9f 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -25,7 +25,7 @@ using the credentials, library context, and property criteria in the I<ctx>. ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm depending on the available context information given in the I<ctx>. If there is a secretValue it selects PBMAC, else if there is a protection cert -it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>. +it selects Signature and uses ossl_cmp_msg_add_extraCerts (see below). It also sets the protectionAlg field in the message header accordingly. ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>. @@ -40,6 +40,10 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). CMP is defined in RFC 4210 (and CRMF in RFC 4211). +The I<ctx> parameter of ossl_cmp_msg_add_extraCerts() +and thus also of ossl_cmp_msg_protect() cannot be made I<const> +because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert. + =head1 RETURN VALUES ossl_cmp_calc_protection() returns the protection on success, else NULL. |