Commit 1c6a5d46ff for openssl.org
commit 1c6a5d46ff699305ad8307bbf2240bc10250e9ee
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Wed Feb 26 18:45:29 2025 +0100
apps/cmp.c: fix help output and diagnostics in corner cases such as -reqout_only
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Feb 3 08:43:06 2026
(Merged from https://github.com/openssl/openssl/pull/28478)
diff --git a/apps/cmp.c b/apps/cmp.c
index 90b8b4c522..eb48acbfbc 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -534,9 +534,9 @@ const OPTIONS cmp_options[] = {
{ "oldwithnew", OPT_OLDWITHNEW, 's',
"File to save OldWithNew cert received in genp of type rootCaKeyUpdate" },
{ "crlcert", OPT_CRLCERT, 's',
- "certificate to request a CRL for in genm of type crlStatusList" },
+ "certificate to take CRL source data from in genm of type crlStatusList" },
{ "oldcrl", OPT_OLDCRL, 's',
- "CRL to request update for in genm of type crlStatusList" },
+ "CRL to obtain an update for in genm of type crlStatusList" },
{ "crlout", OPT_CRLOUT, 's',
"File to save new CRL received in genp of type 'crls'" },
@@ -1716,8 +1716,7 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx)
char *file = opt_reqin, *end = file, bak;
OSSL_CMP_MSG *req;
const X509_PUBKEY *pubkey;
- EVP_PKEY *pkey;
- EVP_PKEY *pkey1;
+ EVP_PKEY *pkey, *pkey1;
int res = 0;
/* temporarily separate first file name in opt_reqin */
@@ -1738,9 +1737,9 @@ static int set_fallback_pubkey(OSSL_CMP_CTX *ctx)
goto err;
}
pkey1 = EVP_PKEY_dup(pkey);
- if (pkey == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, 0 /* priv */, pkey1)) {
+ if (pkey1 == NULL || !OSSL_CMP_CTX_set0_newPkey(ctx, 0 /* priv */, pkey1)) {
EVP_PKEY_free(pkey1);
- CMP_err1("Failed to get fallback public key obtained from ir/cr/kur file '%s'", file);
+ CMP_err1("Failed to set fallback public key obtained from ir/cr/kur file '%s'", file);
goto err;
}
res = 1;
@@ -2399,7 +2398,9 @@ set_path:
goto err;
/* not printing earlier, to minimize confusion in case setup fails before */
- if (opt_reqout_only == NULL)
+ if (opt_reqout_only != NULL)
+ CMP_info("Will not contact any server");
+ else
CMP_info3("Will contact %s%s%s ", server_buf, proxy_buf,
opt_rspin == NULL ? "" : " only if -rspin argument does not give enough filenames");
@@ -3818,18 +3819,6 @@ int cmp_main(int argc, char **argv)
CMP_warn1("-server %s", msg);
opt_server = NULL;
}
- if (opt_proxy != NULL) {
- CMP_warn1("-proxy %s", msg);
- opt_proxy = NULL;
- }
- if (opt_no_proxy != NULL) {
- CMP_warn1("-no_proxy %s", msg);
- opt_no_proxy = NULL;
- }
- if (opt_tls_used) {
- CMP_warn1("-tls_used %s", msg);
- opt_tls_used = 0;
- }
#endif
if (opt_path != NULL) {
CMP_warn1("-path %s", msg);