cmp_vfy.c: fix crash on attempting to use invalidated sender cert on producing diagno...

author Dr. David von Oheimb <dev@ddvo.net>

Wed, 22 Oct 2025 13:28:29 +0000 (15:28 +0200)

committer Dr. David von Oheimb <dev@ddvo.net>

Wed, 25 Mar 2026 09:47:03 +0000 (10:47 +0100)
author Dr. David von Oheimb <dev@ddvo.net>
Wed, 22 Oct 2025 13:28:29 +0000 (15:28 +0200)
committer Dr. David von Oheimb <dev@ddvo.net>
Wed, 25 Mar 2026 09:47:03 +0000 (10:47 +0100)
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c

index 01c7422c38700b60b65f021df3e15c4c13802ce2..16541d1af33bd213884bd2827a352a9062b0b755 100644 (file)
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -507,11 +507,11 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
              return 1;
          }
          /* cached sender cert has shown to be no more successfully usable */
-        (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL);
          /* re-do the above check (just) for adding diagnostic information */
          ossl_cmp_info(ctx,
              "trying to verify msg signature with previously validated cert");
          (void)check_msg_given_cert(ctx, scrt, msg);
+        (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
      }
  
      res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */)
author	Dr. David von Oheimb <dev@ddvo.net>
	Wed, 22 Oct 2025 13:28:29 +0000 (15:28 +0200)
committer	Dr. David von Oheimb <dev@ddvo.net>
	Wed, 25 Mar 2026 09:47:03 +0000 (10:47 +0100)