[openssl] master update
dev at ddvo.net
dev at ddvo.net
Sat Sep 5 17:36:56 UTC 2020
The branch master has been updated
via 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5 (commit)
from 15076c26d794dbbdc5413a72e7feded0c9a2ba07 (commit)
- Log -----------------------------------------------------------------
commit 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Fri Aug 28 12:42:47 2020 +0200
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 7 +++----
crypto/cmp/cmp_client.c | 2 +-
crypto/cmp/cmp_ctx.c | 30 +++++++++++++++---------------
crypto/cmp/cmp_local.h | 2 +-
crypto/cmp/cmp_protect.c | 6 +++---
crypto/cmp/cmp_vfy.c | 16 ++++++++--------
doc/man3/OSSL_CMP_CTX_new.pod | 15 +++++++--------
doc/man3/OSSL_CMP_validate_msg.pod | 2 +-
include/openssl/cmp.h | 4 ++--
test/cmp_ctx_test.c | 4 ++--
test/cmp_vfy_test.c | 2 +-
util/libcrypto.num | 4 ++--
12 files changed, 46 insertions(+), 48 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 799ec34e1f..9846e7a9c2 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1234,8 +1234,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
}
if (!setup_certs(opt_srv_untrusted,
"untrusted certificates for mock server", ctx,
- (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs,
- NULL))
+ (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted, NULL))
goto err;
if (opt_rsp_cert == NULL) {
@@ -1316,7 +1315,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
{
if (!setup_certs(opt_untrusted, "untrusted certificates", ctx,
- (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted_certs,
+ (add_X509_stack_fn_t)OSSL_CMP_CTX_set1_untrusted,
NULL))
goto err;
@@ -1413,7 +1412,7 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
*/
static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
{
- STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted_certs(ctx);
+ STACK_OF(X509) *untrusted_certs = OSSL_CMP_CTX_get0_untrusted(ctx);
EVP_PKEY *pkey = NULL;
X509_STORE *trust_store = NULL;
SSL_CTX *ssl_ctx;
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index b7319372e6..d5a4f3ced5 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -469,7 +469,7 @@ static X509 *get1_cert_status(OSSL_CMP_CTX *ctx, int bodytype,
/*-
* Callback fn validating that the new certificate can be verified, using
* ctx->certConf_cb_arg, which has been initialized using opt_out_trusted, and
- * ctx->untrusted_certs, which at this point already contains ctx->extraCertsIn.
+ * ctx->untrusted, which at this point already contains ctx->extraCertsIn.
* Returns 0 on acceptance, else a bit field reflecting PKIFailureInfo.
* Quoting from RFC 4210 section 5.1. Overall PKI Message:
* The extraCerts field can contain certificates that may be useful to
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index adb3ff564b..5b61108f8b 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -57,36 +57,36 @@ int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store)
}
/* Get current list of non-trusted intermediate certs */
-STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
+STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return NULL;
}
- return ctx->untrusted_certs;
+ return ctx->untrusted;
}
/*
* Set untrusted certificates for path construction in authentication of
* the CMP server and potentially others (TLS server, newly enrolled cert).
*/
-int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
+int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
{
- STACK_OF(X509) *untrusted_certs;
+ STACK_OF(X509) *untrusted;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
- if ((untrusted_certs = sk_X509_new_null()) == NULL)
+ if ((untrusted = sk_X509_new_null()) == NULL)
return 0;
- if (X509_add_certs(untrusted_certs, certs,
+ if (X509_add_certs(untrusted, certs,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) != 1)
goto err;
- sk_X509_pop_free(ctx->untrusted_certs, X509_free);
- ctx->untrusted_certs = untrusted_certs;
+ sk_X509_pop_free(ctx->untrusted, X509_free);
+ ctx->untrusted = untrusted;
return 1;
err:
- sk_X509_pop_free(untrusted_certs, X509_free);
+ sk_X509_pop_free(untrusted, X509_free);
return 0;
}
@@ -126,7 +126,7 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq)
ctx->msg_timeout = 2 * 60;
- if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+ if ((ctx->untrusted = sk_X509_new_null()) == NULL)
goto err;
ctx->pbm_slen = 16;
@@ -186,7 +186,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
X509_free(ctx->validatedSrvCert);
X509_NAME_free(ctx->expected_sender);
X509_STORE_free(ctx->trusted);
- sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+ sk_X509_pop_free(ctx->untrusted, X509_free);
X509_free(ctx->cert);
EVP_PKEY_free(ctx->pkey);
@@ -752,15 +752,15 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
return 0;
}
- if (ctx->untrusted_certs != NULL ?
- !X509_add_certs(ctx->untrusted_certs, candidates,
+ if (ctx->untrusted != NULL ?
+ !X509_add_certs(ctx->untrusted, candidates,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) :
- !OSSL_CMP_CTX_set1_untrusted_certs(ctx, candidates))
+ !OSSL_CMP_CTX_set1_untrusted(ctx, candidates))
return 0;
ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert");
chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, own_trusted,
- ctx->untrusted_certs, ctx->cert);
+ ctx->untrusted, ctx->cert);
if (chain == NULL) {
CMPerr(0, CMP_R_FAILED_BUILDING_OWN_CHAIN);
return 0;
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index e3dcb94704..d5ac7a521d 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -60,7 +60,7 @@ struct ossl_cmp_ctx_st {
X509 *validatedSrvCert; /* caches any already validated server cert */
X509_NAME *expected_sender; /* expected sender in header of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
- STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */
+ STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
int ignore_keyusage; /* ignore key usage entry when validating certs */
/*
* permitTAInExtraCertsForIR allows use of root certs in extracerts
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 2a008bd0bf..b65de09517 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -146,14 +146,14 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
| X509_ADD_FLAG_PREPEND))
return 0;
/* if we have untrusted certs, try to add intermediate certs */
- if (ctx->untrusted_certs != NULL) {
+ if (ctx->untrusted != NULL) {
STACK_OF(X509) *chain;
int res;
ossl_cmp_debug(ctx,
"trying to build chain for own CMP signer cert");
chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, NULL,
- ctx->untrusted_certs, ctx->cert);
+ ctx->untrusted, ctx->cert);
res = X509_add_certs(msg->extraCerts, chain,
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
| X509_ADD_FLAG_NO_SS);
@@ -298,7 +298,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
/*
* will add ctx->cert followed, if possible, by its chain built
- * from ctx->untrusted_certs, and then ctx->extraCertsOut
+ * from ctx->untrusted, and then ctx->extraCertsOut
*/
} else {
CMPerr(0, CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION);
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 86e39d262e..9b8a88f94b 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -122,7 +122,7 @@ int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
if ((csc = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq)) == NULL
|| !X509_STORE_CTX_init(csc, trusted_store,
- cert, ctx->untrusted_certs))
+ cert, ctx->untrusted))
goto err;
valid = X509_verify_cert(csc) > 0;
@@ -398,7 +398,7 @@ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs,
}
/*-
- * Verify msg trying first ctx->untrusted_certs, which should include extraCerts
+ * Verify msg trying first ctx->untrusted, which should include extraCerts
* at its front, then trying the trusted certs in truststore (if any) of ctx.
* On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert().
*/
@@ -418,7 +418,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
if (check_msg_with_certs(ctx, msg->extraCerts, "extraCerts",
NULL, NULL, msg, mode_3gpp))
return 1;
- if (check_msg_with_certs(ctx, ctx->untrusted_certs, "untrusted certs",
+ if (check_msg_with_certs(ctx, ctx->untrusted, "untrusted certs",
msg->extraCerts, NULL, msg, mode_3gpp))
return 1;
@@ -430,7 +430,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
ret = check_msg_with_certs(ctx, trusted,
mode_3gpp ? "self-issued extraCerts"
: "certs in trusted store",
- msg->extraCerts, ctx->untrusted_certs,
+ msg->extraCerts, ctx->untrusted,
msg, mode_3gpp);
sk_X509_pop_free(trusted, X509_free);
}
@@ -536,7 +536,7 @@ static int check_msg_find_cert(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
* Validate the protection of the given PKIMessage using either password-
* based mac (PBM) or a signature algorithm. In the case of signature algorithm,
* the sender certificate can have been pinned by providing it in ctx->srvCert,
- * else it is searched in msg->extraCerts, ctx->untrusted_certs, in ctx->trusted
+ * else it is searched in msg->extraCerts, ctx->untrusted, in ctx->trusted
* (in this order) and is path is validated against ctx->trusted.
* On success cache the found cert using ossl_cmp_ctx_set0_validatedSrvCert().
*
@@ -636,7 +636,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
/*-
* Check received message (i.e., response by server or request from client)
- * Any msg->extraCerts are prepended to ctx->untrusted_certs.
+ * Any msg->extraCerts are prepended to ctx->untrusted.
*
* Ensures that:
* its sender is of appropriate type (curently only X509_NAME) and
@@ -693,7 +693,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
* extraCerts because they do not belong to the protected msg part anyway.
* For efficiency, the extraCerts are prepended so they get used first.
*/
- if (!X509_add_certs(ctx->untrusted_certs, msg->extraCerts,
+ if (!X509_add_certs(ctx->untrusted, msg->extraCerts,
/* this allows self-signed certs */
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
| X509_ADD_FLAG_PREPEND))
@@ -775,7 +775,7 @@ int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
* the peer does not need to send them again in the same transaction.
* For efficiency, the extraCerts are prepended so they get used first.
*/
- if (!X509_add_certs(ctx->untrusted_certs, msg->extraCerts,
+ if (!X509_add_certs(ctx->untrusted, msg->extraCerts,
/* this allows self-signed certs */
X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP
| X509_ADD_FLAG_PREPEND))
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index f4425d511a..972cef9047 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -26,8 +26,8 @@ OSSL_CMP_CTX_set1_srvCert,
OSSL_CMP_CTX_set1_expected_sender,
OSSL_CMP_CTX_set0_trustedStore,
OSSL_CMP_CTX_get0_trustedStore,
-OSSL_CMP_CTX_set1_untrusted_certs,
-OSSL_CMP_CTX_get0_untrusted_certs,
+OSSL_CMP_CTX_set1_untrusted,
+OSSL_CMP_CTX_get0_untrusted,
OSSL_CMP_CTX_set1_cert,
OSSL_CMP_CTX_build_cert_chain,
OSSL_CMP_CTX_set1_pkey,
@@ -99,9 +99,8 @@ OSSL_CMP_CTX_set1_senderNonce
const X509_NAME *name);
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
- int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx,
- STACK_OF(X509) *certs);
- STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
+ int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
+ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
/* client authentication: */
int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
@@ -420,13 +419,13 @@ When given a NULL parameter the entry is cleared.
OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the currently set
certificate store containing trusted cert etc., or an empty store if unset.
-OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates
+OSSL_CMP_CTX_set1_untrusted() sets up a list of non-trusted certificates
of intermediate CAs that may be useful for path construction for the CMP client
certificate, for the TLS client certificate (if any), when verifying
the CMP server certificate, and when verifying newly enrolled certificates.
The reference counts of those certificates handled successfully are increased.
-OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the
+OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the
list of untrusted certs, which may be empty if unset.
OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection.
@@ -629,7 +628,7 @@ OSSL_CMP_CTX_new(),
OSSL_CMP_CTX_get_http_cb_arg(),
OSSL_CMP_CTX_get_transfer_cb_arg(),
OSSL_CMP_CTX_get0_trustedStore(),
-OSSL_CMP_CTX_get0_untrusted_certs(),
+OSSL_CMP_CTX_get0_untrusted(),
OSSL_CMP_CTX_get0_newPkey(),
OSSL_CMP_CTX_get_certConf_cb_arg(),
OSSL_CMP_CTX_get0_statusString(),
diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod
index 6370325028..ed2ff6c2c6 100644
--- a/doc/man3/OSSL_CMP_validate_msg.pod
+++ b/doc/man3/OSSL_CMP_validate_msg.pod
@@ -26,7 +26,7 @@ In case of signature algorithm, the certificate to use for the signature check
is preferably the one provided by a call to L<OSSL_CMP_CTX_set1_srvCert(3)>.
If no such sender cert has been pinned then candidate sender certificates are
taken from the list of certificates received in the C<msg> extraCerts, then any
-certificates provided before via L<OSSL_CMP_CTX_set1_untrusted_certs(3)>, and
+certificates provided before via L<OSSL_CMP_CTX_set1_untrusted(3)>, and
then all trusted certificates provided via L<OSSL_CMP_CTX_set0_trustedStore(3)>,
where a candidate is acceptable only if has not expired, its subject DN matches
the C<msg> sender DN (as far as present), and its subject key identifier
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index edab120364..9fc281a705 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -291,8 +291,8 @@ int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
-int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
-STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
+int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
+STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
/* client authentication: */
int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c
index 9b2a53df5f..8b797f2e98 100644
--- a/test/cmp_ctx_test.c
+++ b/test/cmp_ctx_test.c
@@ -746,7 +746,7 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME)
DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore,
X509_STORE *, NULL,
DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free)
-DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs)
+DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, cert, X509)
DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY)
@@ -830,7 +830,7 @@ int setup_tests(void)
ADD_TEST(test_CTX_set0_get0_validatedSrvCert);
ADD_TEST(test_CTX_set1_get0_expected_sender);
ADD_TEST(test_CTX_set0_get0_trustedStore);
- ADD_TEST(test_CTX_set1_get0_untrusted_certs);
+ ADD_TEST(test_CTX_set1_get0_untrusted);
/* client authentication: */
ADD_TEST(test_CTX_set1_get0_cert);
ADD_TEST(test_CTX_set1_get0_pkey);
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 1aec50d657..93d57dd8bb 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -191,7 +191,7 @@ static int add_trusted(OSSL_CMP_CTX *ctx, X509 *cert)
static int add_untrusted(OSSL_CMP_CTX *ctx, X509 *cert)
{
- return X509_add_cert(OSSL_CMP_CTX_get0_untrusted_certs(ctx), cert,
+ return X509_add_cert(OSSL_CMP_CTX_get0_untrusted(ctx), cert,
X509_ADD_FLAG_UP_REF);
}
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 25ee44144b..9488ffe1ee 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4770,8 +4770,8 @@ OSSL_CMP_CTX_set1_srvCert ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_expected_sender ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_get0_trustedStore ? 3_0_0 EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_set1_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP
-OSSL_CMP_CTX_get0_untrusted_certs ? 3_0_0 EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_set1_untrusted ? 3_0_0 EXIST::FUNCTION:CMP
+OSSL_CMP_CTX_get0_untrusted ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_cert ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_set1_pkey ? 3_0_0 EXIST::FUNCTION:CMP
OSSL_CMP_CTX_build_cert_chain ? 3_0_0 EXIST::FUNCTION:CMP
More information about the openssl-commits
mailing list