From 6d934add347c7d07fbe0e7a0ced1fdc9813ad640 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Wed, 20 May 2020 08:11:47 +0200 Subject: Check expected sender not only for signature-protected CMP messages Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11998) --- doc/man3/OSSL_CMP_CTX_new.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/man3/OSSL_CMP_CTX_new.pod') diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index b8acf692f8..f8fee277e2 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -391,7 +391,7 @@ as default value for the recipient of CMP requests and as default value for the expected sender of CMP responses. OSSL_CMP_CTX_set1_expected_sender() sets the Distinguished Name (DN) -expected in the sender field of signature-protected response messages. +expected in the sender field of CMP response messages. Defaults to the subject of the pinned server certificate B<-srvcert>, if any. This can be used to make sure that only a particular entity is accepted as CMP message signer, and attackers are not able to use arbitrary certificates -- cgit v1.2.3