diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-04 09:29:01 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-05 18:10:03 +0200 |
commit | 39082af2fa6549c3d92c917ea5a423bca57c7b42 (patch) | |
tree | 2e42a3bafd12963a1e55f039361d28dc9320374f /doc | |
parent | test/drbgtest: improve the reseed after fork test (diff) | |
download | openssl-39082af2fa6549c3d92c917ea5a423bca57c7b42.tar.xz openssl-39082af2fa6549c3d92c917ea5a423bca57c7b42.zip |
Add OSSL_CMP_CTX_get1_newChain() and related CLI option -chainout
Also simplify certificate saving in apps/cmp.c
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12790)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 5 | ||||
-rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 9 |
2 files changed, 13 insertions, 1 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 760e21ccbe..d91bd31684 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -63,6 +63,7 @@ B<openssl> B<cmp> [B<-implicit_confirm>] [B<-disable_confirm>] [B<-certout> I<filename>] +[B<-chainout> I<filename>] [B<-oldcert> I<filename>] [B<-revreason> I<number>] @@ -378,6 +379,10 @@ B<WARNING:> This leads to behavior violating RFC 4210. The file where the newly enrolled certificate should be saved. +=item B<-chainout> I<filename> + +The file where the chain of the newly enrolled certificate should be saved. + =back diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 62e1a562c9..fda5150434 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -54,6 +54,7 @@ OSSL_CMP_CTX_get_status, OSSL_CMP_CTX_get0_statusString, OSSL_CMP_CTX_get_failInfoCode, OSSL_CMP_CTX_get0_newCert, +OSSL_CMP_CTX_get1_newChain, OSSL_CMP_CTX_get1_caPubs, OSSL_CMP_CTX_get1_extraCertsIn, OSSL_CMP_CTX_set1_transactionID, @@ -144,6 +145,7 @@ OSSL_CMP_CTX_set1_senderNonce int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); + STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); @@ -170,7 +172,7 @@ OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure. OSSL_CMP_CTX_reinit() prepares the given B<ctx> for a further transaction by clearing the internal CMP transaction (aka session) status, PKIStatusInfo, -and any previous results (newCert, caPubs, and extraCertsIn) +and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. All other field values (i.e., CMP options) are retained for potential re-use. @@ -579,6 +581,10 @@ OSSL_CMP_CTX_FAILINFO_badAlg. Returns -1 if the failInfoCode field is unset. OSSL_CMP_CTX_get0_newCert() returns the pointer to the newly obtained certificate in case it is available, else NULL. +OSSL_CMP_CTX_get1_newChain() returns a pointer to a duplicate of the stack of +X.509 certificates computed by OSSL_CMP_certConf_cb() (if this function has +been called) on the last received certificate response message IP/CP/KUP. + OSSL_CMP_CTX_get1_caPubs() returns a pointer to a duplicate of the stack of X.509 certificates received in the caPubs field of last received certificate response message IP/CP/KUP. @@ -611,6 +617,7 @@ OSSL_CMP_CTX_get0_newPkey(), OSSL_CMP_CTX_get_certConf_cb_arg(), OSSL_CMP_CTX_get0_statusString(), OSSL_CMP_CTX_get0_newCert(), +OSSL_CMP_CTX_get0_newChain(), OSSL_CMP_CTX_get1_caPubs(), and OSSL_CMP_CTX_get1_extraCertsIn() return the intended pointer value as described above or NULL on error. |