From e7362c6c11684ca7c48ace6a728098c4be21b1a4 Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Sat, 24 Feb 2024 23:37:16 +0100 Subject: [PATCH] OSSL_CMP_exec_certreq.pod: add OSSL_CMP_get1_crlUpdate() --- doc/man3/OSSL_CMP_exec_certreq.pod | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/doc/man3/OSSL_CMP_exec_certreq.pod b/doc/man3/OSSL_CMP_exec_certreq.pod index 54632ce93697bc..72e33a6d7f654b 100644 --- a/doc/man3/OSSL_CMP_exec_certreq.pod +++ b/doc/man3/OSSL_CMP_exec_certreq.pod @@ -16,6 +16,7 @@ OSSL_CMP_exec_RR_ses, OSSL_CMP_exec_GENM_ses, OSSL_CMP_get1_caCerts, OSSL_CMP_get1_rootCaKeyUpdate +OSSL_CMP_get1_crlUpdate - functions implementing CMP client transactions =head1 SYNOPSIS @@ -41,6 +42,8 @@ OSSL_CMP_get1_rootCaKeyUpdate int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, const X509 *oldWithOld, X509 **newWithNew, X509 **newWithOld, X509 **oldWithNew); +int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509_CRL *last_crl, + X509_CRL **crl) =head1 DESCRIPTION @@ -157,6 +160,13 @@ The trust placed in it cannot be stronger than the trust placed in the I certificate if present, otherwise it cannot be stronger than the weakest trust in any of the certificates in the trust store of I. +OSSL_CMP_get1_crlUpdate() uses a genm request message with infoType crlStatusList +to obtain CRL from the CMP server referenced by I in a genp response message +with infoType crls. It uses oldcert referenced by I and I to create +request. On success it assigns to I<*crl> the CRL received. +NULL means that no CRL was provided by the server. +The CRL obtained this way must be freed by the caller. + =head1 NOTES CMP is defined in RFC 4210 (and CRMF in RFC 4211). @@ -193,7 +203,7 @@ and the output parameter I has been used to assign the received value unless I is NULL. OSSL_CMP_exec_RR_ses(), OSSL_CMP_get1_caCerts(), -and OSSL_CMP_get1_rootCaKeyUpdate() +OSSL_CMP_get1_rootCaKeyUpdate() and OSSL_CMP_get1_crlUpdate() return 1 on success, 0 on error. OSSL_CMP_exec_GENM_ses() returns NULL on error, @@ -220,8 +230,8 @@ The OpenSSL CMP support was added in OpenSSL 3.0. OSSL_CMP_get1_caCerts() and OSSL_CMP_get1_rootCaKeyUpdate() were added in OpenSSL 3.2. -Support for delayed delivery of all types of response messages -was added in OpenSSL 3.3. +OSSL_CMP_get1_crlUpdate() and support for delayed delivery +of all types of response messages was added in OpenSSL 3.3. =head1 COPYRIGHT