From a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Fri, 28 Aug 2020 12:11:31 +0200
Subject: Clean up CMP chain building for CMP signer, TLS client, and newly
 enrolled certs

* Use strenghtened cert chain building, verifying chain using optional trust store
  while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
---
 crypto/cmp/cmp_local.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'crypto/cmp/cmp_local.h')

diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index d5ac7a521d..434f9e093f 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -71,6 +71,7 @@ struct ossl_cmp_ctx_st {
     /* client authentication */
     int unprotectedSend; /* send unprotected PKI messages */
     X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */
+    STACK_OF(X509) *chain; /* (cached) chain of protection cert including it */
     EVP_PKEY *pkey; /* the key pair corresponding to cert */
     ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */
     ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */
-- 
cgit v1.2.3