From ac0677bd2394c04632f7ad526879a866b6ed149f Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Sun, 11 Jun 2023 17:41:03 +0200 Subject: CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS Fixes #21120 Reviewed-by: Todd Short Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/21176) --- doc/man3/OSSL_CMP_CTX_new.pod | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'doc') diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 488b22de9b..8109970171 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -237,6 +237,17 @@ The following options can be set: A value <= 0 means no limitation (waiting indefinitely). Default is 0. +=item B + + Use this option to indicate to the HTTP implementation + whether TLS is going to be used for the connection (resulting in HTTPS). + The value 1 indicates that TLS is used for client-side HTTP connections, + which needs to be implemented via a callback function set by + OSSL_CMP_CTX_set_http_cb(). + The value 0 indicates that TLS is not used. + Default is -1 for backward compatibility: TLS is used by the client side + if and only if OSSL_CMP_CTX_set_http_cb_arg() sets a non-NULL I. + =item B Number of days new certificates are asked to be valid for. @@ -384,6 +395,7 @@ as described for the I parameter of L. The callback may make use of a custom defined argument I, as described for the I parameter of L. The argument is stored in the OSSL_CMP_CTX using OSSL_CMP_CTX_set_http_cb_arg(). +See also the B option described above. OSSL_CMP_CTX_set_http_cb_arg() sets the argument, respectively a pointer to a structure containing arguments such as an B structure, -- cgit v1.2.3