CMP cert_response(): add missing rejection status on client rejecting new cert

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20257)

(cherry picked from commit 44e816bd540c8687c1b4995febbde2626a655338)

diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index d737743e3ae4c858f733a7dca6350d66d30c1705..59eee8ee44fc44197a4076f18590c400237501dc 100644 (file)
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -659,6 +659,7 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
                        "rejecting newly enrolled cert with subject: %s; %s",
                        subj, txt);
+        ctx->status = OSSL_CMP_PKISTATUS_rejection;
         ret = 0;
     }
     OPENSSL_free(subj);