*/
DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
- /* Get successfully validated server cert, if any, of current transaction */
+ /* Get successfully validated sender cert, if any, of current transaction */
DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
/*
int unprotectedErrors;
int noCacheExtraCerts;
X509 *srvCert; /* certificate used to identify the server */
- X509 *validatedSrvCert; /* caches any already validated server cert */
+ X509 *validatedSrvCert; /* caches any already validated sender cert */
X509_NAME *expected_sender; /* expected sender in header of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
scrt = ctx->srvCert;
if (scrt == NULL) {
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
- ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
+ ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
return 0;
}
/* use ctx->srvCert for signature check even if not acceptable */
if (verify_signature(ctx, msg, scrt)) {
ossl_cmp_debug(ctx,
- "successfully validated signature-based CMP message protection using pinned server cert");
+ "successfully validated signature-based CMP message protection using pinned sender cert");
return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
}
ossl_cmp_warn(ctx, "CMP message signature verification failed");
projects / thirdparty / openssl.git / commitdiff
