search

siemens / gencmpclient

generic CMP [RFC 4210, RFC 9483] client library and CLI, based on CMPforOpenSSL (https://github.com/mpeylo/cmpossl)
Other
10 stars 7 forks source link

Handle NESTED messages more nicely #65

Closed RufusJWB closed 1 month ago

RufusJWB commented 1 month ago

Issue Report

When receiving a NESTED message from an upstream CA/RA the genCMPclient fails with a rather blunt error message. image

Expected Behavior

Unwrap the nested message and display the inner message

Actual Behavior

Blunt error message

Steps to Reproduce the Issue

n/a

Proposed Resolution

n/a

DDvO commented 1 month ago

Isn't the error message very much to the point? A productive CMP client does not need to be able to deal with nested messages. Yet I agree that for testing purposes this can be nice to have.

Implementing such a testing/debugging support feature can easily take several work days, taking into account code hygiene, adding tests and documentation, aligning this with OpenSSL, etc. Moreover, at least one conceptual question would need to be clarified first, namely for which of the (possibly multiple) levels of nesting the client should demand/check message protection.

RufusJWB commented 1 month ago

Probably the message is okay. First I had some trouble understanding it, but I think it's fine. I'll close this ticket.