mirror of https://github.com/openssl/openssl
Improve CMP documentation regarding use of untrusted certs
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470)
This commit is contained in:
parent
8d9a4d833f
commit
6b326fc396
|
@ -619,7 +619,7 @@ const OPTIONS cmp_options[] = {
|
|||
{"srv_trusted", OPT_SRV_TRUSTED, 's',
|
||||
"Trusted certificates for client authentication"},
|
||||
{"srv_untrusted", OPT_SRV_UNTRUSTED, 's',
|
||||
"Intermediate certs for constructing chains for CMP protection by client"},
|
||||
"Intermediate certs that may be useful for verifying CMP protection"},
|
||||
{"rsp_cert", OPT_RSP_CERT, 's',
|
||||
"Certificate to be returned as mock enrollment result"},
|
||||
{"rsp_extracerts", OPT_RSP_EXTRACERTS, 's',
|
||||
|
|
|
@ -889,7 +889,7 @@ Trusted certificates for client authentication.
|
|||
|
||||
=item B<-srv_untrusted> I<filenames>
|
||||
|
||||
Intermediate certs for constructing chains for CMP protection by client.
|
||||
Intermediate CA certs that may be useful when verifying client certificates.
|
||||
|
||||
=item B<-rsp_cert> I<filename>
|
||||
|
||||
|
|
|
@ -403,13 +403,13 @@ parameter the entry is cleared.
|
|||
OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store
|
||||
containing trusted root CA certificates, which may be empty if unset.
|
||||
|
||||
OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing
|
||||
non-trusted intermediate certs used for path construction in authentication
|
||||
of the CMP server and potentially others (TLS server, newly enrolled cert).
|
||||
OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates
|
||||
of intermediate CAs that may be useful for path construction when authenticating
|
||||
the CMP server and when verifying newly enrolled certificates.
|
||||
The reference counts of those certificates handled successfully are increased.
|
||||
|
||||
OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the
|
||||
list of untrusted certs, which my be empty if unset.
|
||||
list of untrusted certs, which may be empty if unset.
|
||||
|
||||
OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given B<ctx>.
|
||||
The public key of this B<clCert> must correspond to
|
||||
|
|
Loading…
Reference in New Issue