diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-08-05 11:19:07 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-08-06 14:44:25 +0200 |
| commit | 08e9ff76001e8b3972c894e0c7cbc94b0d1efb63 (patch) | |
| tree | 122dea3f4d387899a1a30989054623439e73fc63 /apps | |
| parent | 9b887d5d5a8ef9aa1c3ce6e54a82ddcba25b9415 (diff) | |
| download | openssl-new-08e9ff76001e8b3972c894e0c7cbc94b0d1efb63.tar.gz | |
Fix CMP app TLS connection not respecting vpm options like -crl_check
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16225)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/cmp.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 7c9256ccb5..74c8cd71f1 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -871,7 +871,7 @@ static X509_STORE *load_trusted(char *input, int for_new_cert, const char *desc) if (X509_STORE_set1_param(ts, vpm /* may be NULL */) && (for_new_cert || truststore_set_host_etc(ts, NULL))) return ts; - BIO_printf(bio_err, "error setting verification parameters\n"); + BIO_printf(bio_err, "error setting verification parameters for %s\n", desc); OSSL_CMP_CTX_print_errors(cmp_ctx); X509_STORE_free(ts); return NULL; @@ -1193,13 +1193,10 @@ static SSL_CTX *setup_ssl_ctx(OSSL_CMP_CTX *ctx, const char *host, return NULL; if (opt_tls_trusted != NULL) { - trust_store = load_certstore(opt_tls_trusted, opt_otherpass, - "trusted TLS certificates", vpm); + trust_store = load_trusted(opt_tls_trusted, 0, "trusted TLS certs"); if (trust_store == NULL) goto err; SSL_CTX_set_cert_store(ssl_ctx, trust_store); - /* for improved diagnostics on SSL_CTX_build_cert_chain() errors: */ - X509_STORE_set_verify_cb(trust_store, X509_STORE_CTX_print_verify_cb); } if (opt_tls_cert != NULL && opt_tls_key != NULL) { |