cmp_vfy.c: on error trying to use cached CMP message sender cert, make sure to print...

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28973)

(cherry picked from commit 94c36852d254a626739667874587b5364ddf087e)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 0f161df1b6291574092387b25bb889e1eddc0f25..dbf02be51201e099a505699de1fb63091b85966d 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -511,7 +511,9 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
         /* re-do the above check (just) for adding diagnostic information */
         ossl_cmp_info(ctx,
             "trying to verify msg signature with previously validated cert");
+        ctx->log_cb = backup_log_cb;
         (void)check_msg_given_cert(ctx, scrt, msg);
+        ctx->log_cb = NULL;
         (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
     }