mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

OSSL_CMP_CTX_new.pod: make references to private key consistent with OSSL_CMP_MSG_get0_header.pod

Browse Source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17887)
This commit is contained in:
Dr. David von Oheimb 2022-03-15 18:40:32 +01:00 committed by Dr. David von Oheimb
parent 52a42f54eb
commit 92cae9b42d
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/man3/OSSL_CMP_CTX_new.pod
View File

@ -248,7 +248,7 @@ The following options can be set:
("indirect method")
Note that a signature-based POPO can only be produced if a private key
is provided as the newPkey or client pkey component of the CMP context.
is provided as the newPkey or client's pkey component of the CMP context.
=item B<OSSL_CMP_OPT_DIGEST_ALGNID>
@ -449,7 +449,7 @@ The reference counts of those certificates handled successfully are increased.
OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the
list of untrusted certs, which may be empty if unset.
OSSL_CMP_CTX_set1_cert() sets the certificate related to the private key
OSSL_CMP_CTX_set1_cert() sets the certificate related to the client's private key
used for CMP message protection.
Therefore the public key of this I<cert> must correspond to
the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey().
@ -477,7 +477,7 @@ Calling this function is optional; by default a chain construction
is performed on demand that is equivalent to calling this function
with the I<candidates> and I<own_trusted> arguments being NULL.
OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the
OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the
CMP signer certificate set via OSSL_CMP_CTX_set1_cert().
This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG)
of outgoing messages
@ -528,7 +528,7 @@ The I<priv> parameter must be 0 if and only if the given key is a public key.
OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment
dependent on fields of the CMP context structure:
the newPkey (which may be a private or public key) if present,
else the public key in the p10CSR if present, else the client private key.
else the public key in the p10CSR if present, else the client's private key.
If the I<priv> parameter is not 0 and the selected key does not have a
private component then NULL is returned.

3
doc/man3/OSSL_CMP_MSG_get0_header.pod
View File

@ -65,7 +65,8 @@ The public key included is the first available value of these:
=item the public key of any reference certificate given in I<ctx>, or
=item the public key derived from any client private key set via L<OSSL_CMP_CTX_set1_pkey(3)>.
=item the public key derived from any client's private key
set via L<OSSL_CMP_CTX_set1_pkey(3)>.
=back