summaryrefslogtreecommitdiffstats
path: root/apps/lib/cmp_mock_srv.c
diff options
context:
space:
mode:
Diffstat (limited to 'apps/lib/cmp_mock_srv.c')
-rw-r--r--apps/lib/cmp_mock_srv.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/apps/lib/cmp_mock_srv.c b/apps/lib/cmp_mock_srv.c
index 5fed3a9fd0..b0c8dfbb8c 100644
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@@ -401,9 +401,22 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
break;
case NID_id_it_rootCaCert:
- rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
- ctx->newWithOld,
- ctx->oldWithNew);
+ {
+ X509 *rootcacert = NULL;
+
+ if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
+ return NULL;
+
+ if (rootcacert != NULL
+ && X509_NAME_cmp(X509_get_subject_name(rootcacert),
+ X509_get_subject_name(ctx->newWithNew)) != 0)
+ /* The subjects do not match */
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
+ else
+ rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
+ ctx->newWithOld,
+ ctx->oldWithNew);
+ }
break;
default:
rsp = OSSL_CMP_ITAV_dup(req);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-27 23:33:21 +0000