[openssl] master update
dev at ddvo.net
dev at ddvo.net
Fri Aug 6 12:44:53 UTC 2021
The branch master has been updated
via 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63 (commit)
from 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 (commit)
- Log -----------------------------------------------------------------
commit 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date: Thu Aug 5 11:19:07 2021 +0200
Fix CMP app TLS connection not respecting vpm options like -crl_check
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16225)
-----------------------------------------------------------------------
Summary of changes:
apps/cmp.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/apps/cmp.c b/apps/cmp.c
index 7c9256ccb5..74c8cd71f1 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -871,7 +871,7 @@ static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc)
if (X509_STORE_set1_param(ts, vpm /* may be NULL */)
&& (for_new_cert || truststore_set_host_etc(ts, NULL)))
return ts;
- BIO_printf(bio_err, "error setting verification parameters\n");
+ BIO_printf(bio_err, "error setting verification parameters for %s\n", desc);
OSSL_CMP_CTX_print_errors(cmp_ctx);
X509_STORE_free(ts);
return NULL;
@@ -1193,13 +1193,10 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host,
return NULL;
if (opt_tls_trusted != NULL) {
- trust_store = load_certstore(opt_tls_trusted, opt_otherpass,
- "trusted TLS certificates", vpm);
+ trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs");
if (trust_store == NULL)
goto err;
SSL_CTX_set_cert_store(ssl_ctx, trust_store);
- /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */
- X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb);
}
if (opt_tls_cert != NULL && opt_tls_key != NULL) {
More information about the openssl-commits
mailing list