apps/cmp.c: make sure that CMP mock server respects -ignore_keyusage and -no_cache_ex...

author Dr. David von Oheimb <dev@ddvo.net>

Wed, 22 Oct 2025 12:58:14 +0000 (14:58 +0200)

committer Dr. David von Oheimb <dev@ddvo.net>

Wed, 25 Mar 2026 09:42:03 +0000 (10:42 +0100)
author Dr. David von Oheimb <dev@ddvo.net>
Wed, 22 Oct 2025 12:58:14 +0000 (14:58 +0200)
committer Dr. David von Oheimb <dev@ddvo.net>
Wed, 25 Mar 2026 09:42:03 +0000 (10:42 +0100)
diff --git a/apps/cmp.c b/apps/cmp.c

index c28627b216998daa1566255770cef665f14b08eb..a5c591cbd721fc4e3ea39bac3e2ed936beb3e59d 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -3805,6 +3805,10 @@ int cmp_main(int argc, char **argv)
              goto err;
          }
          OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
+        if (opt_ignore_keyusage)
+            (void)OSSL_CMP_CTX_set_option(srv_cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
+        if (opt_no_cache_extracerts)
+            (void)OSSL_CMP_CTX_set_option(srv_cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1);
  
  #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
          if (opt_port != NULL) { /* act as very basic CMP HTTP server only */
diff --git a/test/recipes/80-test_cmp_http_data/test_commands.csv b/test/recipes/80-test_cmp_http_data/test_commands.csv

index c6c54239b1d735d995184d93ad3379cc8bec32f8..fa13bb5ca9b8f592dc3d0603917f92edeb082221 100644 (file)
--- a/test/recipes/80-test_cmp_http_data/test_commands.csv
+++ b/test/recipes/80-test_cmp_http_data/test_commands.csv
@@ -147,6 +147,7 @@ expected,description, -section,val, -cmd,val,val2, -cacertsout,val,val2, -infoty
  0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem
  1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem
  1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem
-1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345
+1, using centrally generated key (and cert) with existing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, issuing.crt
+0, using centrally generated key (and cert) missing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, ""
  0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong
  0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK
author	Dr. David von Oheimb <dev@ddvo.net>
	Wed, 22 Oct 2025 12:58:14 +0000 (14:58 +0200)
committer	Dr. David von Oheimb <dev@ddvo.net>
	Wed, 25 Mar 2026 09:42:03 +0000 (10:42 +0100)
apps/cmp.c		patch \| blob \| blame \| history
test/recipes/80-test_cmp_http_data/test_commands.csv		patch \| blob \| blame \| history