diff options
Diffstat (limited to 'doc/internal')
| -rw-r--r-- | doc/internal/man3/ossl_cmp_msg_protect.pod | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/internal/man3/ossl_cmp_msg_protect.pod b/doc/internal/man3/ossl_cmp_msg_protect.pod index ae77712807..04da21fd9f 100644 --- a/doc/internal/man3/ossl_cmp_msg_protect.pod +++ b/doc/internal/man3/ossl_cmp_msg_protect.pod @@ -25,7 +25,7 @@ using the credentials, library context, and property criteria in the I<ctx>. ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm depending on the available context information given in the I<ctx>. If there is a secretValue it selects PBMAC, else if there is a protection cert -it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>. +it selects Signature and uses ossl_cmp_msg_add_extraCerts (see below). It also sets the protectionAlg field in the message header accordingly. ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>. @@ -40,6 +40,10 @@ of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). CMP is defined in RFC 4210 (and CRMF in RFC 4211). +The I<ctx> parameter of ossl_cmp_msg_add_extraCerts() +and thus also of ossl_cmp_msg_protect() cannot be made I<const> +because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert. + =head1 RETURN VALUES ossl_cmp_calc_protection() returns the protection on success, else NULL. |