From b971d4198def0b29654e8fbf7987f7157741aed2 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 12 Jul 2021 15:34:20 +0200 Subject: CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert() Fixes #16041 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16050) --- doc/internal/man3/ossl_cmp_mock_srv_new.pod | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'doc/internal') diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod index 837ca06bb3..cf85139e0a 100644 --- a/doc/internal/man3/ossl_cmp_mock_srv_new.pod +++ b/doc/internal/man3/ossl_cmp_mock_srv_new.pod @@ -4,6 +4,7 @@ ossl_cmp_mock_srv_new, ossl_cmp_mock_srv_free, +ossl_cmp_mock_srv_set1_refCert, ossl_cmp_mock_srv_set1_certOut, ossl_cmp_mock_srv_set1_chainOut, ossl_cmp_mock_srv_set1_caPubsOut, @@ -20,6 +21,7 @@ ossl_cmp_mock_srv_set_checkAfterTime OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq); void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); + int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, STACK_OF(X509) *chain); @@ -39,12 +41,18 @@ I, both of which may be NULL to select the defaults. ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server. +OSSL_CMP_SRV_CTX_set1_refCert() sets the reference certificate to be expected +for rr messages and for any oldCertID included in kur messages. + OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in cp/ip/kup. +Note that on each certificate request the mock server does not produce +a fresh certificate but just returns the same pre-existing certificate. OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to the extraCerts in a cp/ip/kup. -It should to useful to validate B. +It should be useful for the validation of the certificate given via +OSSL_CMP_SRV_CTX_set1_certOut(). OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip. -- cgit v1.2.3