diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-02-17 19:46:29 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-02-22 12:01:57 +0100 |
| commit | cd7ec0bca00ceb6e8d4af46a57c6c096a7ed8947 (patch) | |
| tree | f0c9eec493d9a5b9b59541ff5b72471e21a6a43c /doc | |
| parent | f596bbe4da779b56eea34d96168b557d78e1149a (diff) | |
CMP: add subject of any provided CSR as default message sender
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17723)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-cmp.pod.in | 4 | ||||
| -rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 3 |
2 files changed, 5 insertions, 2 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 705baf1dd6..5a111a39eb 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -273,7 +273,7 @@ or of the reference certificate (see B<-oldcert>) if provided. This default is used for IR and CR only if no SANs are set. If the NULL-DN (C<"/">) is given then no subject is placed in the template. -If provided and neither B<-cert> nor B<-oldcert> is given, +If provided and neither of B<-cert>, B<-oldcert>, or B<-csr> is given, the subject DN is used as fallback sender of outgoing CMP messages. The argument must be formatted as I</type0=value0/type1=value1/type2=...>. @@ -360,6 +360,8 @@ When used with B<-cmd> I<ir>, I<cr>, or I<kur>, it is transformed into the respective regular CMP request. It may also be used with B<-cmd> I<rr> to specify the certificate to be revoked via the included subject name and public key. +Its subject is used as fallback sender in CMP message headers +if B<-cert> and B<-oldcert> are not given. =item B<-out_trusted> I<filenames>|I<uris> diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index d739f7f6f7..883bda8b69 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -457,7 +457,8 @@ When using signature-based protection of CMP request messages this CMP signer certificate will be included first in the extraCerts field. It serves as fallback reference certificate, see OSSL_CMP_CTX_set1_oldCert(). The subject of this I<cert> will be used as the sender field of outgoing -messages, while the subject of any cert set via OSSL_CMP_CTX_set1_oldCert() +messages, while the subject of any cert set via OSSL_CMP_CTX_set1_oldCert(), +the subject of any PKCS#10 CSR set via OSSL_CMP_CTX_set1_p10CSR(), and any value set via OSSL_CMP_CTX_set1_subjectName() are used as fallback. The I<cert> argument may be NULL to clear the entry. |