search

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.
https://github.com/mpeylo/cmpossl/wiki
Other
35 stars 13 forks source link

remember message protection method for caPubs use #69

Open tpank opened 7 years ago

tpank commented 7 years ago

The RFC section 5.3.2 says that ...if the PKI Message Protection is "shared secret information" (see Section 5.1.3), then any certificate transported in the caPubs field may be directly trusted as a root CA certificate by the initiator.

So caPubs are stored in context in cmp_ses.c - but so far there is no way to figure out whether the CA actually used shared secret, as it could use MSG_SIG_ALG eventhough the client was using MSG_MAC_ALG.

So, the information which protection was used when sending caPubs should be made available to the recipient.

Reported by: mpeylo

Original Ticket: cmpforopenssl/feature-requests/15

tpank commented 7 years ago

Original comment by: mpeylo

tpank commented 6 years ago

Original comment by: DDvO