From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 10 May 2021 12:36:20 +0000 (+0200)
Subject: CMP test server: Extend error reporting on cert rejected for revocation
X-Git-Tag: openssl-3.0.0-alpha17~112
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca8f823ffd955493b5f7ce85b7511b758f2a982e;p=thirdparty%2Fopenssl.git

CMP test server: Extend error reporting on cert rejected for revocation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)
---

diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c
index 856dbefd97e..1e6a27210c8 100644
--- a/apps/cmp_mock_srv.c
+++ b/apps/cmp_mock_srv.c
@@ -251,7 +251,8 @@ static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
     if (X509_NAME_cmp(issuer, X509_get_issuer_name(ctx->certOut)) != 0
             || ASN1_INTEGER_cmp(serial,
                                 X509_get0_serialNumber(ctx->certOut)) != 0) {
-        ERR_raise(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED);
+        ERR_raise_data(ERR_LIB_CMP, CMP_R_REQUEST_NOT_ACCEPTED,
+                       "wrong certificate to revoke");
         return NULL;
     }
     return OSSL_CMP_PKISI_dup(ctx->statusOut);
diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c
index 0545d98b4ff..73c14841ca3 100644
--- a/crypto/cmp/cmp_server.c
+++ b/crypto/cmp/cmp_server.c
@@ -581,7 +581,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
         }
 
         if ((si = OSSL_CMP_STATUSINFO_new(OSSL_CMP_PKISTATUS_rejection,
-                                          fail_info, NULL)) != NULL) {
+                                          fail_info, data)) != NULL) {
             if (err != 0 && (flags & ERR_TXT_STRING) != 0)
                 data = ERR_reason_error_string(err);
             rsp = ossl_cmp_error_new(srv_ctx->ctx, si,