|| OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1)
static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert,
- int bodytype)
+ int for_KUR)
{
if (ctx->subjectName != NULL)
return ctx->subjectName;
- if (refcert != NULL
- && (bodytype == OSSL_CMP_PKIBODY_KUR || !HAS_SAN(ctx)))
+ if (refcert != NULL && (for_KUR || !HAS_SAN(ctx)))
/*
* For KUR, copy subjectName from reference certificate.
* For IR or CR, do the same only if there is no subjectAltName.
return NULL;
}
-/*
- * Create CRMF certificate request message for IR/CR/KUR
- * returns a pointer to the OSSL_CRMF_MSG on success, NULL on error
- */
-static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
+OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
{
OSSL_CRMF_MSG *crm = NULL;
X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
/* refcert defaults to current client cert */
EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
STACK_OF(GENERAL_NAME) *default_sans = NULL;
- const X509_NAME *subject = determine_subj(ctx, refcert, bodytype);
+ const X509_NAME *subject = determine_subj(ctx, refcert, for_KUR);
int crit = ctx->setSubjectAltNameCritical || subject == NULL;
/* RFC5280: subjectAltName MUST be critical if subject is null */
X509_EXTENSIONS *exts = NULL;
return NULL;
#endif
}
- if (bodytype == OSSL_CMP_PKIBODY_KUR && refcert == NULL) {
+ if (for_KUR && refcert == NULL) {
CMPerr(0, CMP_R_MISSING_REFERENCE_CERT);
return NULL;
}
/* end fill certTemplate, now set any controls */
/* for KUR, set OldCertId according to D.6 */
- if (bodytype == OSSL_CMP_PKIBODY_KUR) {
+ if (for_KUR) {
OSSL_CRMF_CERTID *cid =
OSSL_CRMF_CERTID_gen(X509_get_issuer_name(refcert),
X509_get0_serialNumber(refcert));
goto err;
}
if (crm == NULL) {
- if ((local_crm = crm_new(ctx, type, OSSL_CMP_CERTREQID)) == NULL
+ local_crm = OSSL_CMP_CTX_setup_CRM(ctx,
+ type == OSSL_CMP_PKIBODY_KUR,
+ OSSL_CMP_CERTREQID);
+ if (local_crm == NULL
|| !OSSL_CRMF_MSG_create_popo(local_crm, privkey, ctx->digest,
ctx->popoMethod))
goto err;
OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_update_transactionID,
+OSSL_CMP_CTX_setup_CRM,
d2i_OSSL_CMP_MSG_bio,
i2d_OSSL_CMP_MSG_bio
- function(s) manipulating CMP messages
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
in the header of the given message according to the CMP_CTX.
This requires re-protecting the message (if it was protected).
+OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
+for inclusion in a CMP request message based on details contained in I<ctx>.
+If the CMP context does not include a subject name set via
+L<OSSL_CMP_CTX_set1_subjectName(3)> but includes a reference certificate
+then it copies the subject DN from there
+if I<for_KUR> is set or the I<ctx> does not include a subjectAltName.
+The I<rid> defines the request identifier to use, which typically is 0.
+
d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
or NULL if the respective entry does not exist and on error.
+OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
+NULL on error.
+
d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID()
projects / thirdparty / openssl.git / commitdiff
