static char *opt_newkey = NULL;
static char *opt_newkeypass = NULL;
static char *opt_subject = NULL;
-static char *opt_issuer = NULL;
static int opt_days = 0;
static char *opt_reqexts = NULL;
static char *opt_sans = NULL;
/* certificate enrollment and revocation */
static char *opt_oldcert = NULL;
+static char *opt_issuer = NULL;
+static char *opt_serial = NULL;
static int opt_revreason = CRL_REASON_NONE;
/* credentials format */
OPT_CMD, OPT_INFOTYPE, OPT_GENINFO,
- OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT, OPT_ISSUER,
+ OPT_NEWKEY, OPT_NEWKEYPASS, OPT_SUBJECT,
OPT_DAYS, OPT_REQEXTS,
OPT_SANS, OPT_SAN_NODEFAULT,
OPT_POLICIES, OPT_POLICY_OIDS, OPT_POLICY_OIDS_CRITICAL,
OPT_OUT_TRUSTED, OPT_IMPLICIT_CONFIRM, OPT_DISABLE_CONFIRM,
OPT_CERTOUT, OPT_CHAINOUT,
- OPT_OLDCERT, OPT_REVREASON,
+ OPT_OLDCERT, OPT_ISSUER, OPT_SERIAL, OPT_REVREASON,
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
OPT_SERVER, OPT_PROXY, OPT_NO_PROXY,
"For kur, default is subject of -csr arg or reference cert (see -oldcert)"},
{OPT_MORE_STR, 0, 0,
"this default is used for ir and cr only if no Subject Alt Names are set"},
- {"issuer", OPT_ISSUER, 's',
- "DN of the issuer to place in the requested certificate template"},
- {OPT_MORE_STR, 0, 0,
- "also used as recipient if neither -recipient nor -srvcert are given"},
{"days", OPT_DAYS, 'N',
"Requested validity time of the new certificate in number of days"},
{"reqexts", OPT_REQEXTS, 's',
"also used as reference (defaulting to -cert) for subject DN and SANs."},
{OPT_MORE_STR, 0, 0,
"Issuer is used as recipient unless -recipient, -srvcert, or -issuer given"},
+ {"issuer", OPT_ISSUER, 's',
+ "DN of the issuer to place in the certificate template of ir/cr/kur/rr;"},
+ {OPT_MORE_STR, 0, 0,
+ "also used as recipient if neither -recipient nor -srvcert are given"},
+ {"serial", OPT_SERIAL, 's',
+ "Serial number of certificate to be revoked in revocation request (rr)"},
{"revreason", OPT_REVREASON, 'n',
"Reason code to include in revocation request (rr); possible values:"},
{OPT_MORE_STR, 0, 0,
{&opt_cmd_s}, {&opt_infotype_s}, {&opt_geninfo},
- {&opt_newkey}, {&opt_newkeypass}, {&opt_subject}, {&opt_issuer},
+ {&opt_newkey}, {&opt_newkeypass}, {&opt_subject},
{(char **)&opt_days}, {&opt_reqexts},
{&opt_sans}, {(char **)&opt_san_nodefault},
{&opt_policies}, {&opt_policy_oids}, {(char **)&opt_policy_oids_critical},
{(char **)&opt_implicit_confirm}, {(char **)&opt_disable_confirm},
{&opt_certout}, {&opt_chainout},
- {&opt_oldcert}, {(char **)&opt_revreason},
+ {&opt_oldcert}, {&opt_issuer}, {&opt_serial}, {(char **)&opt_revreason},
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
{&opt_server}, {&opt_proxy}, {&opt_no_proxy},
}
/*
- * set up IR/CR/KUR/CertConf/RR specific parts of the OSSL_CMP_CTX
- * based on options from config file/CLI.
- * Returns pointer on success, NULL on error
+ * Set up IR/CR/P10CR/KUR/CertConf/RR/GENM specific parts of the OSSL_CMP_CTX
+ * based on options from CLI and/or config file.
+ * Returns 1 on success, 0 on error
*/
static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
&& opt_cmd != CMP_RR && opt_cmd != CMP_GENM)
CMP_warn("no -subject given; no -csr or -oldcert or -cert available for fallback");
+ if (!set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer"))
+ return 0;
if (opt_cmd == CMP_IR || opt_cmd == CMP_CR || opt_cmd == CMP_KUR) {
if (opt_newkey == NULL
&& opt_key == NULL && opt_csr == NULL && opt_oldcert == NULL) {
CMP_err("-certout not given, nowhere to save newly enrolled certificate");
return 0;
}
- if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject")
- || !set_name(opt_issuer, OSSL_CMP_CTX_set1_issuer, ctx, "issuer"))
+ if (!set_name(opt_subject, OSSL_CMP_CTX_set1_subjectName, ctx, "subject"))
return 0;
} else {
const char *msg = "option is ignored for commands other than 'ir', 'cr', and 'kur'";
CMP_warn1("-subject %s since sender is taken from -ref or -cert", msg);
}
}
- if (opt_issuer != NULL)
- CMP_warn1("-issuer %s", msg);
+ if (opt_issuer != NULL && opt_cmd != CMP_RR)
+ CMP_warn1("-issuer %s and 'rr'", msg);
if (opt_reqexts != NULL)
CMP_warn1("-reqexts %s", msg);
if (opt_san_nodefault)
opt_subject, ref_cert != NULL ? ref_cert : opt_csr);
}
if (opt_cmd == CMP_RR) {
- if (opt_oldcert == NULL && opt_csr == NULL) {
- CMP_err("missing -oldcert for certificate to be revoked and no -csr given");
- return 0;
+ if (opt_issuer == NULL && opt_serial == NULL) {
+ if (opt_oldcert == NULL && opt_csr == NULL) {
+ CMP_err("missing -oldcert or -issuer and -serial for certificate to be revoked and no -csr given");
+ return 0;
+ }
+ if (opt_oldcert != NULL && opt_csr != NULL)
+ CMP_warn("ignoring -csr since certificate to be revoked is given");
+ } else {
+#define OSSL_CMP_RR_MSG "since -issuer and -serial is given for command 'rr'"
+ if (opt_issuer == NULL || opt_serial == NULL) {
+ CMP_err("Must give both -issuer and -serial options or neither");
+ return 0;
+ }
+ if (opt_oldcert != NULL)
+ CMP_warn("Ignoring -oldcert " OSSL_CMP_RR_MSG);
+ if (opt_csr != NULL)
+ CMP_warn("Ignoring -csr " OSSL_CMP_RR_MSG);
+ }
+ if (opt_serial != NULL) {
+ ASN1_INTEGER *sno;
+
+ if ((sno = s2i_ASN1_INTEGER(NULL, opt_serial)) == NULL) {
+ CMP_err1("cannot read serial number: '%s'", opt_serial);
+ return 0;
+ }
+ if (!OSSL_CMP_CTX_set1_serialNumber(ctx, sno)) {
+ ASN1_INTEGER_free(sno);
+ CMP_err("out of memory");
+ return 0;
+ }
+ ASN1_INTEGER_free(sno);
}
- if (opt_oldcert != NULL && opt_csr != NULL)
- CMP_warn("ignoring -csr since certificate to be revoked is given");
+ if (opt_revreason > CRL_REASON_NONE)
+ (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON,
+ opt_revreason);
+ } else {
+ if (opt_serial != NULL)
+ CMP_warn("Ignoring -serial for command other than 'rr'");
}
if (opt_cmd == CMP_P10CR && opt_csr == NULL) {
CMP_err("missing PKCS#10 CSR for p10cr");
}
}
cleanse(opt_keypass);
- if (opt_revreason > CRL_REASON_NONE)
- (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_REVOCATION_REASON,
- opt_revreason);
return 1;
case OPT_SUBJECT:
opt_subject = opt_str();
break;
- case OPT_ISSUER:
- opt_issuer = opt_str();
- break;
case OPT_DAYS:
opt_days = opt_int_arg();
break;
goto opthelp;
}
break;
+ case OPT_ISSUER:
+ opt_issuer = opt_str();
+ break;
+ case OPT_SERIAL:
+ opt_serial = opt_arg();
+ break;
case OPT_CERTFORM:
opt_certform_s = opt_str();
break;
return 0;
}
ctx->status = OSSL_CMP_PKISTATUS_request;
- if (ctx->oldCert == NULL && ctx->p10CSR == NULL) {
+ if (ctx->oldCert == NULL && ctx->p10CSR == NULL
+ && (ctx->serialNumber == NULL || ctx->issuer == NULL)) {
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_REFERENCE_CERT);
return 0;
}
EVP_PKEY_free(ctx->newPkey);
X509_NAME_free(ctx->issuer);
+ ASN1_INTEGER_free(ctx->serialNumber);
X509_NAME_free(ctx->subjectName);
sk_GENERAL_NAME_pop_free(ctx->subjectAltNames, GENERAL_NAME_free);
X509_EXTENSIONS_free(ctx->reqExtensions);
/* Set the X509 name of the issuer to be placed in the certTemplate */
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
+/* Set the ASN1_INTEGER serial to be placed in the certTemplate for rr */
+DEFINE_OSSL_CMP_CTX_set1(serialNumber, ASN1_INTEGER)
/*
* Set the subject name that will be placed in the certificate
* request. This will be the subject name on the received certificate.
/* certificate template */
EVP_PKEY *newPkey; /* explicit new private/public key for cert enrollment */
int newPkey_priv; /* flag indicating if newPkey contains private key */
- X509_NAME *issuer; /* issuer name to used in cert template */
+ X509_NAME *issuer; /* issuer name to used in cert template, also in rr */
+ ASN1_INTEGER *serialNumber; /* certificate serial number to use in rr */
int days; /* Number of days new certificates are asked to be valid for */
X509_NAME *subjectName; /* subject name to be used in cert template */
STACK_OF(GENERAL_NAME) *subjectAltNames; /* to add to the cert template */
OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
{
OSSL_CMP_MSG *msg = NULL;
+ const X509_NAME *issuer = NULL;
+ const X509_NAME *subject = NULL;
+ const ASN1_INTEGER *serialNumber = NULL;
+ EVP_PKEY *pubkey = NULL;
OSSL_CMP_REVDETAILS *rd;
int ret;
- if (!ossl_assert(ctx != NULL && (ctx->oldCert != NULL
- || ctx->p10CSR != NULL)))
+ if (!ossl_assert(ctx != NULL
+ && (ctx->oldCert != NULL || ctx->p10CSR != NULL
+ || (ctx->serialNumber != NULL && ctx->issuer != NULL))))
return NULL;
if ((rd = OSSL_CMP_REVDETAILS_new()) == NULL)
goto err;
+ if (ctx->serialNumber != NULL && ctx->issuer != NULL) {
+ issuer = ctx->issuer;
+ serialNumber = ctx->serialNumber;
+ } else if (ctx->oldCert != NULL) {
+ issuer = X509_get_issuer_name(ctx->oldCert);
+ serialNumber = X509_get0_serialNumber(ctx->oldCert);
+ } else if (ctx->p10CSR != NULL) {
+ pubkey = X509_REQ_get0_pubkey(ctx->p10CSR);
+ subject = X509_REQ_get_subject_name(ctx->p10CSR);
+ }
+ else {
+ goto err;
+ }
+
/* Fill the template from the contents of the certificate to be revoked */
- ret = ctx->oldCert != NULL
- ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
- NULL /* pubkey would be redundant */,
- NULL /* subject would be redundant */,
- X509_get_issuer_name(ctx->oldCert),
- X509_get0_serialNumber(ctx->oldCert))
- : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
- X509_REQ_get0_pubkey(ctx->p10CSR),
- X509_REQ_get_subject_name(ctx->p10CSR),
- NULL, NULL);
+ ret = OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails, pubkey, subject,
+ issuer, serialNumber);
if (!ret)
goto err;
[B<-newkey> I<filename>|I<uri>]
[B<-newkeypass> I<arg>]
[B<-subject> I<name>]
-[B<-issuer> I<name>]
[B<-days> I<number>]
[B<-reqexts> I<name>]
[B<-sans> I<spec>]
Certificate enrollment and revocation options:
[B<-oldcert> I<filename>|I<uri>]
+[B<-issuer> I<name>]
+[B<-serial> I<number>]
[B<-revreason> I<number>]
Message transfer options:
C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
-=item B<-issuer> I<name>
-
-X.509 Distinguished Name (DN) use as issuer field
-in the requested certificate template in IR/CR/KUR messages.
-If the NULL-DN (C</>) is given then no issuer is placed in the template.
-
-If provided and neither B<-recipient> nor B<-srvcert> is given,
-the issuer DN is used as fallback recipient of outgoing CMP messages.
-
-The argument must be formatted as I</type0=value0/type1=value1/type2=...>.
-For details see the description of the B<-subject> option.
-
=item B<-days> I<number>
Number of days the new certificate is requested to be valid for, counting from
For KUR the certificate to be updated defaults to B<-cert>,
and the resulting certificate is called I<reference certificate>.
For RR the certificate to be revoked can also be specified using B<-csr>.
+B<-oldcert> and B<-csr> is ignored if B<-issuer> and B<-serial> is provided.
The reference certificate, if any, is also used for
deriving default subject DN and Subject Alternative Names and the
Its issuer is used as default recipient in CMP message headers
if neither B<-recipient>, B<-srvcert>, nor B<-issuer> is given.
+=item B<-issuer> I<name>
+
+X.509 Distinguished Name (DN) use as issuer field
+in the requested certificate template in IR/CR/KUR/RR messages.
+If the NULL-DN (C</>) is given then no issuer is placed in the template.
+
+If provided and neither B<-recipient> nor B<-srvcert> is given,
+the issuer DN is used as fallback recipient of outgoing CMP messages.
+
+The argument must be formatted as I</type0=value0/type1=value1/type2=...>.
+For details see the description of the B<-subject> option.
+
+=item B<-serial> I<number>
+
+Specify the Serial number of certificate to be revoked in revocation request.
+The serial number can be decimal or hex (if preceded by C<0x>)
+
=item B<-revreason> I<number>
Set CRLReason to be included in revocation request (RR); values: C<0>..C<10>
OSSL_CMP_CTX_set0_newPkey,
OSSL_CMP_CTX_get0_newPkey,
OSSL_CMP_CTX_set1_issuer,
+OSSL_CMP_CTX_set1_serialNumber,
OSSL_CMP_CTX_set1_subjectName,
OSSL_CMP_CTX_push1_subjectAltName,
OSSL_CMP_CTX_set0_reqExtensions,
int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+ int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
const GENERAL_NAME *name);
OSSL_CMP_CTX_get0_untrusted() returns a pointer to the
list of untrusted certs in I<ctx>, which may be empty if unset.
-OSSL_CMP_CTX_set1_cert() sets the CMP signer certificate
+OSSL_CMP_CTX_set1_cert() sets the CMP I<signer certificate>
related to the private key used for CMP message protection.
Therefore the public key of this I<cert> must correspond to
the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey().
OSSL_CMP_CTX_set1_issuer() sets the name of the intended issuer that
will be set in the CertTemplate, i.e., the X509 name of the CA server.
+OSSL_CMP_CTX_set1_serialNumber() sets the serial number optionally used to
+select the certificate to be revoked in Revocation Requests (RR).
+
OSSL_CMP_CTX_set1_subjectName() sets the subject DN that will be used in
the CertTemplate structure when requesting a new cert. For Key Update Requests
(KUR), it defaults to the subject DN of the reference certificate,
OSSL_CMP_CTX_set1_oldCert() sets the old certificate to be updated in
Key Update Requests (KUR) or to be revoked in Revocation Requests (RR).
-It must be given for RR, else it defaults to the CMP signer certificate.
-The I<reference certificate> determined in this way, if any, is also used for
-deriving default subject DN, public key, Subject Alternative Names, and the
-default issuer entry in the requested certificate template of IR/CR/KUR.
+For RR, this is ignored if an issuer name and a serial number are provided using
+OSSL_CMP_CTX_set1_issuer() and OSSL_CMP_CTX_set1_serialNumber(), respectively.
+For IR/CR/KUR this sets the I<reference certificate>,
+which otherwise defaults to the CMP signer certificate.
+The I<reference certificate> determined this way, if any, is used for providing
+default public key, subject DN, Subject Alternative Names, and issuer DN entries
+in the requested certificate template of IR/CR/KUR messages.
+
The subject of the reference certificate is used as the sender field value
in CMP message headers.
Its issuer is used as default recipient in CMP message headers.
OSSL_CMP_CTX_set1_p10CSR() sets the PKCS#10 CSR to use in P10CR messages.
-If such a CSR is provided, its subject, public key, and extension fields are
-also used as fallback values for the certificate template of IR/CR/KUR messages.
+If such a CSR is provided, its subject and public key fields are also
+used as fallback values for the certificate template of IR/CR/KUR/RR messages,
+and any extensions included are added to the template of IR/CR/KUR messages.
OSSL_CMP_CTX_push0_genm_ITAV() adds I<itav> to the stack in the I<ctx> which
will be the body of a General Message sent with this context.
OSSL_CMP_CTX_get0_libctx(), OSSL_CMP_CTX_get0_propq(), and
OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2.
+OSSL_CMP_CTX_set1_serialNumber() was added in OpenSSL 3.2.
+
=head1 COPYRIGHT
Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved.
aborts the CMP transaction by sending an error message to the server.
OSSL_CMP_exec_RR_ses() requests the revocation of the certificate
-specified in the I<ctx> using L<OSSL_CMP_CTX_set1_oldCert(3)>.
+specified in the I<ctx> using the issuer DN and serial number set by
+OSSL_CMP_CTX_set1_issuer(3) and OSSL_CMP_CTX_set1_serialNumber(3), respectively,
+otherwise the issuer DN and serial number
+of the certificate set by L<OSSL_CMP_CTX_set1_oldCert(3)>,
+otherwise the subject DN and public key
+of the certificate signing request set by L<OSSL_CMP_CTX_set1_p10CSR(3)>.
RFC 4210 is vague in which PKIStatus should be returned by the server.
We take "accepted" and "grantedWithMods" as clear success and handle
"revocationWarning" and "revocationNotification" just as warnings because CAs
int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
+int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
const GENERAL_NAME *name);
1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
1,revreason AACompromise, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,10
1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-1, --- use csr for revocation ----, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,0, -csr,csr.pem
-1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,without oldcert, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK,
-0,oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK,
-0,empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK,
-0,oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0
0,revreason 11 (invalid), -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,11
0,revreason string, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,abc
0,revreason out of integer range, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,_RESULT_DIR/test.cert.pem, -revreason,010000000000000000000
+1,use csr for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,0, -csr,csr.pem
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+1,use issuer and serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""",-issuer,/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA,-serial,0xA44DB0329A714A8D
+1, --- get certificate for revocation ----, -section,, -cmd,cr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,use issuer but no serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""",-issuer,/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA,BLANK,
+0,use serial but no issuer for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, """", -serial, 0xA44DB0329A714A8D
+0,wrong issuer for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=wrongCA, -serial, 0xA44DB0329A714A8D
+0,bad issuer DN for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, "'XYZ'", -serial, 0xA44DB0329A714A8D
+0,wrong serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA, -serial, 0xA44DB0329A714A00
+0,bad serial for revocation, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,, -revreason,-1,BLANK,,, -expect_sender,"""", -issuer, /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=subinterCA, -serial, xyz
+0,rr without oldcert/csr/issuer/serial, -section,, -cmd,rr,,BLANK,,,BLANK,,,BLANK,,BLANK,
+0,rr with oldcert file nonexistent, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,idontexist,BLANK,
+0,rr with empty oldcert file, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,empty.txt,BLANK,
+0,rr where oldcert and key do not match, -section,, -cmd,rr,,BLANK,,,BLANK,,, -oldcert,trusted.crt, -revreason,0
,,,,,,,,,,,,,,,,,
1,ir + infotype, -section,, -cmd,ir,,BLANK,,, -infotype,signKeyPairTypes,,BLANK,,BLANK,
1,genm without -infotype, -section,, -cmd,genm,,BLANK,,, BLANK,,,BLANK,,BLANK,
OSSL_CMP_CTX_get0_propq ? 3_2_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_reset_geninfo_ITAVs ? 3_0_8 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get0_validatedSrvCert ? 3_2_0 EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_serialNumber ? 3_2_0 EXIST::FUNCTION:CMP
OSSL_CMP_MSG_update_recipNonce ? 3_0_9 EXIST::FUNCTION:CMP
OSSL_CRMF_CERTTEMPLATE_get0_publicKey ? 3_2_0 EXIST::FUNCTION:CRMF
CMS_final_digest ? 3_2_0 EXIST::FUNCTION:CMS
projects / thirdparty / openssl.git / commitdiff
