From: Dr. David von Oheimb <dev@ddvo.net>
Date: Mon, 14 Apr 2025 18:38:09 +0000 (+0200)
Subject: apps/cmp.c: tweak error and warning outputs, e.g., on ignored options and -rspin... 
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23ac9d9883968c519e68d9852e6cd6879807c7c5;p=thirdparty%2Fopenssl.git

apps/cmp.c: tweak error and warning outputs, e.g., on ignored options and -rspin with too few args

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Feb  3 08:42:57 2026
(Merged from https://github.com/openssl/openssl/pull/28478)
---

diff --git a/apps/cmp.c b/apps/cmp.c
index e81bc8cd621..fcb7e33c5a6 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -584,7 +584,7 @@ const OPTIONS cmp_options[] = {
         "NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build" },
 #else
     { "tls_used", OPT_TLS_USED, '-',
-        "Enable using TLS (also when other TLS options are not set)" },
+        "Enable using TLS for HTTP (also when other TLS options are not set)" },
     { "tls_cert", OPT_TLS_CERT, 's',
         "Client's TLS certificate. May include chain to be provided to TLS server" },
     { "tls_key", OPT_TLS_KEY, 's',
@@ -887,8 +887,8 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
         return 0;
     }
     if (*filenames == NULL) {
-        CMP_err("not enough file names provided for writing PKIMessage");
-        return 0;
+        CMP_warn("Too few file names provided for writing PKIMessage");
+        return 1;
     }
 
     file = *filenames;
@@ -911,7 +911,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames)
         return NULL;
     }
     if (*filenames == NULL) {
-        CMP_err("not enough file names provided for reading PKIMessage");
+        CMP_err("too few file names provided for reading PKIMessage");
         return NULL;
     }
 
@@ -974,10 +974,11 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
         res = read_PKIMESSAGE("actually using", &opt_rspin);
     } else {
         const OSSL_CMP_MSG *actual_req = req_new != NULL ? req_new : req;
+        const char *const msg = "Too few -rspin filename arguments; resorting to";
 
         if (opt_use_mock_srv) {
             if (rspin_in_use)
-                CMP_warn("too few -rspin filename arguments; resorting to using mock server");
+                CMP_warn1("%s using mock server", msg);
             res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
         } else {
 #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
@@ -986,7 +987,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
                 goto err;
             }
             if (rspin_in_use)
-                CMP_warn("too few -rspin filename arguments; resorting to contacting server");
+                CMP_warn1("%s contacting server", msg);
             res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
 #else
             CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments");
@@ -2400,7 +2401,7 @@ set_path:
     /* not printing earlier, to minimize confusion in case setup fails before */
     if (opt_reqout_only == NULL)
         CMP_info3("will contact %s%s%s ", server_buf, proxy_buf,
-            opt_rspin == NULL ? "" : " only if -rspin argument gives too few filenames");
+            opt_rspin == NULL ? "" : " only if -rspin argument does not give enough filenames");
 
     ret = 1;
 
@@ -3742,9 +3743,9 @@ int cmp_main(int argc, char **argv)
         && opt_tls_extra == NULL && opt_tls_trusted == NULL
         && opt_tls_host == NULL) {
         if (opt_tls_used)
-            CMP_warn("-tls_used given without any other TLS options");
+            CMP_warn("-tls_used is active without any other TLS options");
     } else if (!opt_tls_used) {
-        CMP_warn("ignoring TLS options(s) since -tls_used is not given");
+        CMP_warn("ignoring TLS options(s) since -tls_used is not active");
     }
     if (opt_port != NULL) {
         if (opt_tls_used) {
@@ -3819,11 +3820,32 @@ int cmp_main(int argc, char **argv)
             CMP_err("the -reqout_only client option does not combine with -port implying server behavior");
             goto err;
         }
-        if (opt_server != NULL)
+        if (opt_server != NULL) {
             CMP_warn1("-server %s", msg);
+            opt_server = NULL;
+        }
+        if (opt_proxy != NULL) {
+            CMP_warn1("-proxy %s", msg);
+            opt_proxy = NULL;
+        }
+        if (opt_no_proxy != NULL) {
+            CMP_warn1("-no_proxy %s", msg);
+            opt_no_proxy = NULL;
+        }
 #endif
-        if (opt_use_mock_srv)
+        if (opt_path != NULL) {
+            CMP_warn1("-path %s", msg);
+            opt_path = NULL;
+        }
+        if (opt_tls_used) {
+            CMP_warn1("-tls_used %s", msg);
+            opt_tls_used = 0;
+        }
+
+        if (opt_use_mock_srv) {
             CMP_warn1("-use_mock_srv %s", msg);
+            opt_use_mock_srv = 0;
+        }
         if (opt_reqout != NULL)
             CMP_warn1("-reqout %s", msg);
         if (opt_rspin != NULL)
@@ -3832,10 +3854,14 @@ int cmp_main(int argc, char **argv)
             CMP_warn1("-rspout %s", msg);
         opt_reqout = opt_reqout_only;
     }
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
+    if (opt_server == NULL && !opt_use_mock_srv && opt_port == NULL)
+        CMP_info("will not contact any server");
+#endif
     if (opt_rspin != NULL) {
 #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
         if (opt_server != NULL)
-            CMP_warn("-server option is not used if enough filenames given for -rspin");
+            CMP_warn("-server option etc. are not used if enough filenames given for -rspin");
 #endif
         if (opt_use_mock_srv)
             CMP_warn("-use_mock_srv option is not used if enough filenames given for -rspin");