From: Dr. David von Oheimb <dev@ddvo.net>
Date: Wed, 25 Mar 2026 12:21:33 +0000 (+0100)
Subject: cmp_client_test.c: disable KUR_bad_pkiConf_protection
X-Git-Tag: openssl-4.0.0~98
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e85ace99b0a6f4a2f728d81051f4040250eb3053;p=thirdparty%2Fopenssl.git

cmp_client_test.c: disable KUR_bad_pkiConf_protection

This is a workaround for an issue that lead to fuzz-checker CI failures;
the preliminary solution is to disable the inessential test case
test_exec_KUR_bad_pkiConf_protection.

References: https://github.com/openssl/openssl/pull/28973
Fixes: 525a4f1efbab "cmp_vfy.c,doc/,test/: when trying to use cached CMP message sender cert, no more check its revocation and chain"

Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Thu Mar 26 15:58:42 2026
(Merged from https://github.com/openssl/openssl/pull/30567)
---

diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index f080fe16158..7e3ab256e60 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -346,7 +346,7 @@ static int test_exec_KUR_ses_transfer_error(void)
 
 static int test_exec_KUR_bad_pkiConf_protection(void)
 {
-    return test_exec_KUR_ses(0, OSSL_CMP_PKIBODY_PKICONF, 0, 0);
+    return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0);
 }
 
 static int test_exec_KUR_ses_wrong_popo(void)