mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR becomes usable again
Fixes #23706 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23814)
This commit is contained in:
parent
f8acb534e4
commit
b893ceef2f
@ -632,7 +632,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
|
||||
default:
|
||||
scrt = ctx->srvCert;
|
||||
if (scrt == NULL) {
|
||||
if (ctx->trusted == NULL) {
|
||||
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
|
||||
ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
|
||||
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user