openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve CMP documentation regarding use of untrusted certs 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
This commit is contained in:
Dr. David von Oheimb 2020-04-30 19:38:58 +02:00
parent 8d9a4d833f
commit 6b326fc396
3 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/cmp.c
View File

@ -619,7 +619,7 @@ const OPTIONS cmp_options[] = {
{"srv_trusted", OPT_SRV_TRUSTED, 's',
"Trusted certificates for client authentication"},
{"srv_untrusted", OPT_SRV_UNTRUSTED, 's',
"Intermediate certs for constructing chains for CMP protection by client"},
"Intermediate certs that may be useful for verifying CMP protection"},
{"rsp_cert", OPT_RSP_CERT, 's',
"Certificate to be returned as mock enrollment result"},
{"rsp_extracerts", OPT_RSP_EXTRACERTS, 's',

2
doc/man1/openssl-cmp.pod.in
View File

@ -889,7 +889,7 @@ Trusted certificates for client authentication.
=item B<-srv_untrusted> I<filenames>
Intermediate certs for constructing chains for CMP protection by client.
Intermediate CA certs that may be useful when verifying client certificates.
=item B<-rsp_cert> I<filename>

8
doc/man3/OSSL_CMP_CTX_new.pod
View File

@ -403,13 +403,13 @@ parameter the entry is cleared.
OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store
containing trusted root CA certificates, which may be empty if unset.
OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing
non-trusted intermediate certs used for path construction in authentication
of the CMP server and potentially others (TLS server, newly enrolled cert).
OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates
of intermediate CAs that may be useful for path construction when authenticating
the CMP server and when verifying newly enrolled certificates.
The reference counts of those certificates handled successfully are increased.
OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the
list of untrusted certs, which my be empty if unset.
list of untrusted certs, which may be empty if unset.
OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given B<ctx>.
The public key of this B<clCert> must correspond to