Commit 0a6b6664a4 for openssl.org

commit 0a6b6664a48f0e499fc14aeafd9cb408b261f1ad
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Thu Oct 23 21:26:51 2025 +0200

    cmp_vfy.c: small fixes on content and layout of diagnostics on failure validating signature-based protection of CMP messages

    Reviewed-by: Daniel Kubec <kubec@openssl.foundation>
    Reviewed-by: Milan Broz <mbroz@openssl.org>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Wed Jun 10 06:38:59 2026
    (Merged from https://github.com/openssl/openssl/pull/28986)

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index dbf02be512..0c18e8fb29 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -56,8 +56,10 @@ static int verify_signature(const OSSL_CMP_CTX *cmp_ctx,
 sig_err:
     res = ossl_x509_print_ex_brief(bio, cert, X509_FLAG_NO_EXTENSIONS);
     ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_VALIDATING_SIGNATURE);
-    if (res)
-        ERR_add_error_mem_bio("\n", bio);
+    if (res) {
+        ERR_add_error_txt(NULL, "\n");
+        ERR_add_error_mem_bio(NULL, bio);
+    }
     res = 0;

 end:
@@ -404,7 +406,7 @@ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs,
     int i;

     if (sk_X509_num(certs) <= 0) {
-        ossl_cmp_log1(WARN, ctx, "no %s", desc);
+        ossl_cmp_log1(INFO, ctx, "no %s", desc);
         return 0;
     }

@@ -424,7 +426,7 @@ static int check_msg_with_certs(OSSL_CMP_CTX *ctx, const STACK_OF(X509) *certs,
         }
     }
     if (in_extraCerts && n_acceptable_certs == 0)
-        ossl_cmp_warn(ctx, "no acceptable cert in extraCerts");
+        ossl_cmp_log1(WARN, ctx, "no acceptable %s", desc);
     return 0;
 }