CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()

[thirdparty/openssl.git] / doc / internal / man3 / ossl_cmp_mock_srv_new.pod

diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod
index 837ca06bb34c9b34ab892edafb2a6607064129d4..cf85139e0aeb2354a74a1f6d01927789a6cc750a 100644 (file)
--- a/doc/internal/man3/ossl_cmp_mock_srv_new.pod
+++ b/doc/internal/man3/ossl_cmp_mock_srv_new.pod
@@ -4,6 +4,7 @@
 
 ossl_cmp_mock_srv_new,
 ossl_cmp_mock_srv_free,
+ossl_cmp_mock_srv_set1_refCert,
 ossl_cmp_mock_srv_set1_certOut,
 ossl_cmp_mock_srv_set1_chainOut,
 ossl_cmp_mock_srv_set1_caPubsOut,
@@ -20,6 +21,7 @@ ossl_cmp_mock_srv_set_checkAfterTime
  OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq);
  void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
 
+ int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
  int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
  int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx,
                                      STACK_OF(X509) *chain);
@@ -39,12 +41,18 @@ I<propq>, both of which may be NULL to select the defaults.
 
 ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server.
 
+OSSL_CMP_SRV_CTX_set1_refCert() sets the reference certificate to be expected
+for rr messages and for any oldCertID included in kur messages.
+
 OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in
 cp/ip/kup.
+Note that on each certificate request the mock server does not produce
+a fresh certificate but just returns the same pre-existing certificate.
 
 OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to
 the extraCerts in a cp/ip/kup.
-It should to useful to validate B<certOut>.
+It should be useful for the validation of the certificate given via
+OSSL_CMP_SRV_CTX_set1_certOut().
 
 OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip.