An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.
This moves the addition of received extraCerts to untrusted certs in the CMP_CTX already before checking msg and prepends them to the untrusted certs. This is security-neutral, makes the verification more efficient (since the protecting cert is usually in the extraCerts, so they should be tried first) and simplifies the verification code a little.
Moreover, this PR fixes a couple of wrong const function argument modifiers and update the TODOs.
This moves the addition of received extraCerts to untrusted certs in the CMP_CTX already before checking msg and prepends them to the untrusted certs. This is security-neutral, makes the verification more efficient (since the protecting cert is usually in the extraCerts, so they should be tried first) and simplifies the verification code a little. Moreover, this PR fixes a couple of wrong
const
function argument modifiers and update the TODOs.