fixup! CMP: add support for genm with crlStatusList and genp with crls

CHANGES.md

@@ -23,6 +23,17 @@ OpenSSL Releases
  - [OpenSSL 1.0.0](#openssl-100)
  - [OpenSSL 0.9.x](#openssl-09x)
 
+ OpenSSL 3.4
+-----------
+
+### Changes between 3.3 and 3.4 [xx XXX xxxx]
+
+ * Added support for requesting CRL in CMP.
+
+   This work was sponsored by Siemens AG.
+
+    *Rajeev Ranjan*
+
 OpenSSL 3.3
 -----------
 
@@ -75,12 +86,6 @@ OpenSSL 3.3
 
     *Neil Horman*
 
- * Added support for requesting CRL in CMP.
-
-   This work was sponsored by Siemens AG.
-
-    *Rajeev Ranjan*
-
  * Added `-set_issuer` and `-set_subject` options to `openssl x509` to
    override the Issuer and Subject when creating a certificate. The `-subj`
    option now is an alias for `-set_subject`.

apps/cmp.c

@@ -146,6 +146,10 @@ static int opt_revreason = CRL_REASON_NONE;
 /* credentials format */
 static char *opt_certform_s = "PEM";
 static int opt_certform = FORMAT_PEM;
+/* 
+ * DER format is the preferred choice for saving a CRL because it allows for
+ * more efficient storage, especially when dealing with large CRLs.
+ */
 static char *opt_crlform_s = "DER";
 static int opt_crlform = FORMAT_ASN1;
 static char *opt_keyform_s = NULL;

doc/man1/openssl-cmp.pod.in

@@ -886,6 +886,8 @@ Default value is PEM.
 
 File format to use when saving a CRL to a file.
 Default value is DER.
+DER format is preferred because it enables more efficient storage
+of large CRLs.
 
 =item B<-keyform> I<PEM|DER|P12|ENGINE>
 
@@ -1471,8 +1473,10 @@ The B<cmp> application was added in OpenSSL 3.0.
 
 The B<-engine> option was deprecated in OpenSSL 3.0.
 
-B<-profile>, B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform>
-and B<-rsp_crl> options were added in OpenSSL 3.3.
+The B<-profile> option was added in OpenSSL 3.3.
+
+B<-crlcert>, B<-oldcrl>, B<-crlout>, B<-crlform>
+and B<-rsp_crl> options were added in OpenSSL 3.4.
 
 =head1 COPYRIGHT
 

doc/man3/GENERAL_NAME.pod

@@ -27,7 +27,7 @@ GENERAL_NAME_set1_X509_NAME() return 1 on success, 0 on error.
 
 =head1 HISTORY
 
-GENERAL_NAME_set1_X509_NAME() was added in OpenSSL 3.3.
+GENERAL_NAME_set1_X509_NAME() was added in OpenSSL 3.4.
 
 =head1 COPYRIGHT
 

doc/man3/OSSL_CMP_ITAV_new_caCerts.pod

@@ -171,7 +171,7 @@ were added in OpenSSL 3.2.
 OSSL_CMP_CRLSTATUS_new1(), OSSL_CMP_CRLSTATUS_create(),
 OSSL_CMP_CRLSTATUS_get0(), OSSL_CMP_ITAV_new0_crlStatusList(),
 OSSL_CMP_ITAV_get0_crlStatusList(), OSSL_CMP_ITAV_new_crls()
-and OSSL_CMP_ITAV_get0_crls() were added in OpenSSL 3.3.
+and OSSL_CMP_ITAV_get0_crls() were added in OpenSSL 3.4.
 
 =head1 COPYRIGHT
 

doc/man3/OSSL_CMP_exec_certreq.pod

@@ -232,8 +232,10 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
 OSSL_CMP_get1_caCerts() and OSSL_CMP_get1_rootCaKeyUpdate()
 were added in OpenSSL 3.2.
 
-OSSL_CMP_get1_crlUpdate() and support for delayed delivery 
-of all types of response messages was added in OpenSSL 3.3.
+Support for delayed delivery of all types of response messages
+was added in OpenSSL 3.3.
+
+OSSL_CMP_get1_crlUpdate() was added in OpenSSL 3.4.
 
 =head1 COPYRIGHT
 

util/libcrypto.num

@@ -5536,23 +5536,23 @@ X509_STORE_CTX_set_get_crl              5663	3_2_0	EXIST::FUNCTION:
 X509_STORE_CTX_set_current_reasons      5664	3_2_0	EXIST::FUNCTION:
 OSSL_STORE_delete                       5665	3_2_0	EXIST::FUNCTION:
 BIO_ADDR_copy                           5666	3_2_0	EXIST::FUNCTION:SOCK
-DIST_POINT_NAME_dup                     ?	3_3_0	EXIST::FUNCTION:
-GENERAL_NAME_set1_X509_NAME             ?	3_3_0	EXIST::FUNCTION:
 OSSL_CMP_CTX_get0_geninfo_ITAVs         ?	3_3_0	EXIST::FUNCTION:CMP
 OSSL_CMP_HDR_get0_geninfo_ITAVs         ?	3_3_0	EXIST::FUNCTION:CMP
 OSSL_CMP_ITAV_new0_certProfile          ?	3_3_0	EXIST::FUNCTION:CMP
 OSSL_CMP_ITAV_get0_certProfile          ?	3_3_0	EXIST::FUNCTION:CMP
 OSSL_CMP_MSG_get0_certreq_publickey     ?	3_3_0	EXIST::FUNCTION:CMP
 OSSL_CMP_SRV_CTX_init_trans             ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CRLSTATUS_create               ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CRLSTATUS_free                 ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CRLSTATUS_get0                 ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_CRLSTATUS_new1                 ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_get0_crlStatusList        ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_get0_crls                 ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_new0_crlStatusList        ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_ITAV_new_crls                  ?	3_3_0	EXIST::FUNCTION:CMP
-OSSL_CMP_get1_crlUpdate                 ?	3_3_0	EXIST::FUNCTION:CMP
+DIST_POINT_NAME_dup                     ?	3_4_0	EXIST::FUNCTION:
+GENERAL_NAME_set1_X509_NAME             ?	3_4_0	EXIST::FUNCTION:
+OSSL_CMP_CRLSTATUS_create               ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CRLSTATUS_free                 ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CRLSTATUS_get0                 ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_CRLSTATUS_new1                 ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_get0_crlStatusList        ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_get0_crls                 ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_new0_crlStatusList        ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_ITAV_new_crls                  ?	3_4_0	EXIST::FUNCTION:CMP
+OSSL_CMP_get1_crlUpdate                 ?	3_4_0	EXIST::FUNCTION:CMP
 EVP_DigestSqueeze                       ?	3_3_0	EXIST::FUNCTION:
 ERR_pop                                 ?	3_3_0	EXIST::FUNCTION:
 X509_STORE_get1_objects                 ?	3_3_0	EXIST::FUNCTION: