mirror of https://github.com/openssl/openssl
CMP app: make -ignore_keyusage apply also for mock server
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19948)
This commit is contained in:
parent
971028535e
commit
fd514375e2
|
@ -1238,9 +1238,6 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (opt_ignore_keyusage)
|
|
||||||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
|
|
||||||
|
|
||||||
if (opt_unprotected_errors)
|
if (opt_unprotected_errors)
|
||||||
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1);
|
(void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1);
|
||||||
|
|
||||||
|
@ -3244,6 +3241,9 @@ int cmp_main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (opt_ignore_keyusage)
|
||||||
|
(void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
|
||||||
|
|
||||||
if (opt_use_mock_srv
|
if (opt_use_mock_srv
|
||||||
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
|
||||||
|| opt_port != NULL
|
|| opt_port != NULL
|
||||||
|
|
|
@ -632,6 +632,7 @@ For details see the description of the B<-subject> option.
|
||||||
Ignore key usage restrictions in CMP signer certificates when validating
|
Ignore key usage restrictions in CMP signer certificates when validating
|
||||||
signature-based protection of incoming CMP messages.
|
signature-based protection of incoming CMP messages.
|
||||||
By default, C<digitalSignature> must be allowed by CMP signer certificates.
|
By default, C<digitalSignature> must be allowed by CMP signer certificates.
|
||||||
|
This option applies to both CMP clients and the mock server.
|
||||||
|
|
||||||
=item B<-unprotected_errors>
|
=item B<-unprotected_errors>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue