From: Dr. David von Oheimb <dev@ddvo.net>
Date: Wed, 26 Feb 2025 17:45:29 +0000 (+0100)
Subject: apps/cmp.c: fix help output and diagnostics in corner cases such as -reqout_only
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c6a5d46ff699305ad8307bbf2240bc10250e9ee;p=thirdparty%2Fopenssl.git

apps/cmp.c: fix help output and diagnostics in corner cases such as -reqout_only

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Feb  3 08:43:06 2026
(Merged from https://github.com/openssl/openssl/pull/28478)
---

diff --git a/apps/cmp.c b/apps/cmp.c
index 90b8b4c5223..eb48acbfbc2 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -534,9 +534,9 @@ const OPTIONS cmp_options[] = {
     { "oldwithnew", OPT_OLDWITHNEW, 's',
         "File to save OldWithNew cert received in genp of type rootCaKeyUpdate" },
     { "crlcert", OPT_CRLCERT, 's',
-        "certificate to request a CRL for in genm of type crlStatusList" },
+        "certificate to take CRL source data from in genm of type crlStatusList" },
     { "oldcrl", OPT_OLDCRL, 's',
-        "CRL to request update for in genm of type crlStatusList" },
+        "CRL to obtain an update for in genm of type crlStatusList" },
     { "crlout", OPT_CRLOUT, 's',
         "File to save new CRL received in genp of type 'crls'" },
 
@@ -1716,8 +1716,7 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx)
     char *file = opt_reqin, *end = file, bak;
     OSSL_CMP_MSG *req;
     const X509_PUBKEY *pubkey;
-    EVP_PKEY *pkey;
-    EVP_PKEY *pkey1;
+    EVP_PKEY *pkey, *pkey1;
     int res = 0;
 
     /* temporarily separate first file name in opt_reqin */
@@ -1738,9 +1737,9 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx)
         goto err;
     }
     pkey1 = EVP_PKEY_dup(pkey);
-    if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, 0 /* priv */, pkey1)) {
+    if (pkey1 == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, 0 /* priv */, pkey1)) {
         EVP_PKEY_free(pkey1);
-        CMP_err1("Failed to get fallback public key obtained from ir/cr/kur file '%s'", file);
+        CMP_err1("Failed to set fallback public key obtained from ir/cr/kur file '%s'", file);
         goto err;
     }
     res = 1;
@@ -2399,7 +2398,9 @@ set_path:
         goto err;
 
     /* not printing earlier, to minimize confusion in case setup fails before */
-    if (opt_reqout_only == NULL)
+    if (opt_reqout_only != NULL)
+        CMP_info("Will not contact any server");
+    else
         CMP_info3("Will contact %s%s%s ", server_buf, proxy_buf,
             opt_rspin == NULL ? "" : " only if -rspin argument does not give enough filenames");
 
@@ -3818,18 +3819,6 @@ int cmp_main(int argc, char **argv)
             CMP_warn1("-server %s", msg);
             opt_server = NULL;
         }
-        if (opt_proxy != NULL) {
-            CMP_warn1("-proxy %s", msg);
-            opt_proxy = NULL;
-        }
-        if (opt_no_proxy != NULL) {
-            CMP_warn1("-no_proxy %s", msg);
-            opt_no_proxy = NULL;
-        }
-        if (opt_tls_used) {
-            CMP_warn1("-tls_used %s", msg);
-            opt_tls_used = 0;
-        }
 #endif
         if (opt_path != NULL) {
             CMP_warn1("-path %s", msg);