From c797a57dd48754d4eb5cebfa129c2e94b2dcc8b8 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 30 May 2025 11:13:29 +0200 Subject: [PATCH] apps/cmp.c: avoid misleading warning with p10cr; add warnings on options ignored when not doing rr Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale MergeDate: Tue Feb 3 08:43:02 2026 (Merged from https://github.com/openssl/openssl/pull/28478) --- apps/cmp.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 6229de6c5ed..fe1219ee64a 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1924,8 +1924,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) CMP_warn1("-days %s", msg); if (opt_popo != OSSL_CRMF_POPO_NONE - 1) CMP_warn1("-popo %s", msg); - if (opt_out_trusted != NULL) - CMP_warn1("-out_trusted %s", msg); + if (opt_cmd != CMP_P10CR && opt_out_trusted != NULL) + CMP_warn("-out_trusted is ignored for 'rr' and 'genm' commands"); } else if (opt_newkey != NULL) { const char *file = opt_newkey; const int format = opt_keyform; @@ -2048,6 +2048,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx) if (opt_popo >= OSSL_CRMF_POPO_NONE) (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POPO_METHOD, opt_popo); + if (opt_cmd != CMP_RR) { + if (opt_revreason != CRL_REASON_NONE) + CMP_warn("-revreason option is ignored for commands other than 'rr'"); + if (opt_cmd != CMP_KUR && opt_oldcert != NULL) + CMP_warn("-oldcert option used only as reference cert"); + } + if (opt_oldcert != NULL) { if (opt_cmd == CMP_GENM) { CMP_warn("-oldcert option is ignored for 'genm' command"); -- 2.47.3