Skip to content

Commit

Permalink
OSSL_CMP_validate_msg(): fix check such that OSSL_CMP_OPT_PERMIT_TA_I…
Browse files Browse the repository at this point in the history
…N_EXTRACERTS_FOR_IR becomes usable again

Fixes openssl#23706

Reviewed-by: Tomas Mraz <[email protected]>
Reviewed-by: Neil Horman <[email protected]>
(Merged from openssl#23814)

(cherry picked from commit b893cee)
  • Loading branch information
DDvO committed Jun 17, 2024
1 parent a93d192 commit 858d591
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion crypto/cmp/cmp_vfy.c
Original file line number Diff line number Diff line change
Expand Up @@ -619,7 +619,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
default:
scrt = ctx->srvCert;
if (scrt == NULL) {
if (ctx->trusted == NULL) {
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
return 0;
Expand Down

0 comments on commit 858d591

Please sign in to comment.