]>
Commit | Line | Data |
---|---|---|
fcc25beb DDO |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | ossl_cmp_msg_protect, | |
6 | ossl_cmp_msg_add_extraCerts | |
7 | - functions for producing CMP message protection | |
8 | ||
9 | =head1 SYNOPSIS | |
10 | ||
11 | #include "cmp_int.h" | |
12 | ||
13 | int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); | |
14 | int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); | |
15 | ||
16 | =head1 DESCRIPTION | |
17 | ||
143be474 | 18 | ossl_cmp_msg_protect() (re-)protects the given message B<msg> using an algorithm |
fcc25beb | 19 | depending on the available context information given in the B<ctx>. |
143be474 | 20 | If there is a secretValue it selects PBMAC, else if there is a clCert |
fcc25beb DDO |
21 | it selects Signature and uses B<ossl_cmp_msg_add_extraCerts()>. |
22 | It also sets the protectionAlg field in the message header accordingly. | |
23 | ||
24 | ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in the given | |
25 | message B<msg>. It tries to build the certificate chain of the client cert in | |
26 | the B<ctx> if present by using certificates in ctx->untrusted_certs; | |
27 | if no untrusted certs are set, it will at least add the client certificate. | |
28 | In any case all the certificates explicitly specified to be sent out (i.e., | |
29 | B<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate | |
30 | of the chain, i.e, the trust anchor (unless it is part of extraCertsOut). | |
31 | ||
32 | =head1 NOTES | |
33 | ||
34 | CMP is defined in RFC 4210 (and CRMF in RFC 4211). | |
35 | ||
36 | =head1 RETURN VALUES | |
37 | ||
38 | All functions return 1 on success, 0 on error. | |
39 | ||
40 | =head1 HISTORY | |
41 | ||
42 | The OpenSSL CMP support was added in OpenSSL 3.0. | |
43 | ||
44 | =head1 COPYRIGHT | |
45 | ||
33388b44 | 46 | Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. |
fcc25beb DDO |
47 | |
48 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
49 | this file except in compliance with the License. You can obtain a copy | |
50 | in the file LICENSE in the source distribution or at | |
51 | L<https://www.openssl.org/source/license.html>. | |
52 | ||
53 | =cut |