cmpossl remember message protection method for caPubs use

remember message protection method for caPubs use

Open tpank opened this issue 8 years ago • 2 comments

The RFC section 5.3.2 says that ...if the PKI Message Protection is "shared secret information" (see Section 5.1.3), then any certificate transported in the caPubs field may be directly trusted as a root CA certificate by the initiator.

So caPubs are stored in context in cmp_ses.c - but so far there is no way to figure out whether the CA actually used shared secret, as it could use MSG_SIG_ALG eventhough the client was using MSG_MAC_ALG.

So, the information which protection was used when sending caPubs should be made available to the recipient.

Reported by: mpeylo

Original Ticket: cmpforopenssl/feature-requests/15

Mar 08 '17 16:03 tpank

Group: Next Release (example) --> Version 2

Original comment by: mpeylo

Jul 19 '17 08:07 tpank

summary: remember message protection for caPubs handling --> remember message protection method for caPubs use

Original comment by: DDvO

Jan 09 '18 11:01 tpank

cmpossl cmpossl copied to clipboard

remember message protection method for caPubs use

cmpossl
cmpossl copied to clipboard