openssl/doc/internal/man3/ossl_cmp_msg_protect.pod

=pod

=head1 NAME

ossl_cmp_msg_protect,
ossl_cmp_msg_add_extraCerts
- functions for producing CMP message protection

=head1 SYNOPSIS

  #include "cmp_int.h"

  int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
  int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);

=head1 DESCRIPTION

ossl_cmp_msg_protect() (re-)protects the given message B<msg> using an algorithm
depending on the available context information given in the B<ctx>.
If there is a secretValue it selects PBMAC, else if there is a protection cert
it selects Signature and uses B<ossl_cmp_msg_add_extraCerts()>.
It also sets the protectionAlg field in the message header accordingly.

ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in the given
message B<msg>. It tries to build the certificate chain of the client cert in
the B<ctx> if present by using certificates in ctx->untrusted_certs;
if no untrusted certs are set, it will at least add the client certificate.
In any case all the certificates explicitly specified to be sent out (i.e.,
B<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).

=head1 NOTES

CMP is defined in RFC 4210 (and CRMF in RFC 4211).

=head1 RETURN VALUES

All functions return 1 on success, 0 on error.

=head1 HISTORY

The OpenSSL CMP support was added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`=pod`

			`=head1 NAME`

			`ossl_cmp_msg_protect,`
			`ossl_cmp_msg_add_extraCerts`
			`- functions for producing CMP message protection`

			`=head1 SYNOPSIS`

			`#include "cmp_int.h"`

			`int ossl_cmp_msg_protect(OSSL_CMP_CTX ctx, OSSL_CMP_MSG msg);`
			`int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX ctx, OSSL_CMP_MSG msg);`

			`=head1 DESCRIPTION`

Add -reqin_new_tid option to apps/cmp.c and OSSL_CMP_MSG_update_transactionID() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) 2020-04-30 00:06:43 +08:00			`ossl_cmp_msg_protect() (re-)protects the given message B<msg> using an algorithm`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`depending on the available context information given in the B<ctx>.`
Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) 2020-05-08 19:30:44 +08:00			`If there is a secretValue it selects PBMAC, else if there is a protection cert`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`it selects Signature and uses B<ossl_cmp_msg_add_extraCerts()>.`
			`It also sets the protectionAlg field in the message header accordingly.`

			`ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in the given`
			`message B<msg>. It tries to build the certificate chain of the client cert in`
			`the B<ctx> if present by using certificates in ctx->untrusted_certs;`
			`if no untrusted certs are set, it will at least add the client certificate.`
			`In any case all the certificates explicitly specified to be sent out (i.e.,`
			`B<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate`
			`of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).`

			`=head1 NOTES`

			`CMP is defined in RFC 4210 (and CRMF in RFC 4211).`

			`=head1 RETURN VALUES`

			`All functions return 1 on success, 0 on error.`

			`=head1 HISTORY`

			`The OpenSSL CMP support was added in OpenSSL 3.0.`

			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616) 2020-04-23 20:55:52 +08:00			`Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00
			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`