Commit 23ac9d9883 for openssl.org
commit 23ac9d9883968c519e68d9852e6cd6879807c7c5
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Mon Apr 14 20:38:09 2025 +0200
apps/cmp.c: tweak error and warning outputs, e.g., on ignored options and -rspin with too few args
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Tue Feb 3 08:42:57 2026
(Merged from https://github.com/openssl/openssl/pull/28478)
diff --git a/apps/cmp.c b/apps/cmp.c
index e81bc8cd62..fcb7e33c5a 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -584,7 +584,7 @@ const OPTIONS cmp_options[] = {
"NOTE: -tls_used and all other TLS options not supported due to no-sock/no-http build" },
#else
{ "tls_used", OPT_TLS_USED, '-',
- "Enable using TLS (also when other TLS options are not set)" },
+ "Enable using TLS for HTTP (also when other TLS options are not set)" },
{ "tls_cert", OPT_TLS_CERT, 's',
"Client's TLS certificate. May include chain to be provided to TLS server" },
{ "tls_key", OPT_TLS_KEY, 's',
@@ -887,8 +887,8 @@ static int write_PKIMESSAGE(const OSSL_CMP_MSG *msg, char **filenames)
return 0;
}
if (*filenames == NULL) {
- CMP_err("not enough file names provided for writing PKIMessage");
- return 0;
+ CMP_warn("Too few file names provided for writing PKIMessage");
+ return 1;
}
file = *filenames;
@@ -911,7 +911,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(const char *desc, char **filenames)
return NULL;
}
if (*filenames == NULL) {
- CMP_err("not enough file names provided for reading PKIMessage");
+ CMP_err("too few file names provided for reading PKIMessage");
return NULL;
}
@@ -974,10 +974,11 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
res = read_PKIMESSAGE("actually using", &opt_rspin);
} else {
const OSSL_CMP_MSG *actual_req = req_new != NULL ? req_new : req;
+ const char *const msg = "Too few -rspin filename arguments; resorting to";
if (opt_use_mock_srv) {
if (rspin_in_use)
- CMP_warn("too few -rspin filename arguments; resorting to using mock server");
+ CMP_warn1("%s using mock server", msg);
res = OSSL_CMP_CTX_server_perform(ctx, actual_req);
} else {
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
@@ -986,7 +987,7 @@ static OSSL_CMP_MSG *read_write_req_resp(OSSL_CMP_CTX *ctx,
goto err;
}
if (rspin_in_use)
- CMP_warn("too few -rspin filename arguments; resorting to contacting server");
+ CMP_warn1("%s contacting server", msg);
res = OSSL_CMP_MSG_http_perform(ctx, actual_req);
#else
CMP_err("-server not supported on no-sock/no-http build; missing -use_mock_srv option or too few -rspin filename arguments");
@@ -2400,7 +2401,7 @@ set_path:
/* not printing earlier, to minimize confusion in case setup fails before */
if (opt_reqout_only == NULL)
CMP_info3("will contact %s%s%s ", server_buf, proxy_buf,
- opt_rspin == NULL ? "" : " only if -rspin argument gives too few filenames");
+ opt_rspin == NULL ? "" : " only if -rspin argument does not give enough filenames");
ret = 1;
@@ -3742,9 +3743,9 @@ int cmp_main(int argc, char **argv)
&& opt_tls_extra == NULL && opt_tls_trusted == NULL
&& opt_tls_host == NULL) {
if (opt_tls_used)
- CMP_warn("-tls_used given without any other TLS options");
+ CMP_warn("-tls_used is active without any other TLS options");
} else if (!opt_tls_used) {
- CMP_warn("ignoring TLS options(s) since -tls_used is not given");
+ CMP_warn("ignoring TLS options(s) since -tls_used is not active");
}
if (opt_port != NULL) {
if (opt_tls_used) {
@@ -3819,11 +3820,32 @@ int cmp_main(int argc, char **argv)
CMP_err("the -reqout_only client option does not combine with -port implying server behavior");
goto err;
}
- if (opt_server != NULL)
+ if (opt_server != NULL) {
CMP_warn1("-server %s", msg);
+ opt_server = NULL;
+ }
+ if (opt_proxy != NULL) {
+ CMP_warn1("-proxy %s", msg);
+ opt_proxy = NULL;
+ }
+ if (opt_no_proxy != NULL) {
+ CMP_warn1("-no_proxy %s", msg);
+ opt_no_proxy = NULL;
+ }
#endif
- if (opt_use_mock_srv)
+ if (opt_path != NULL) {
+ CMP_warn1("-path %s", msg);
+ opt_path = NULL;
+ }
+ if (opt_tls_used) {
+ CMP_warn1("-tls_used %s", msg);
+ opt_tls_used = 0;
+ }
+
+ if (opt_use_mock_srv) {
CMP_warn1("-use_mock_srv %s", msg);
+ opt_use_mock_srv = 0;
+ }
if (opt_reqout != NULL)
CMP_warn1("-reqout %s", msg);
if (opt_rspin != NULL)
@@ -3832,10 +3854,14 @@ int cmp_main(int argc, char **argv)
CMP_warn1("-rspout %s", msg);
opt_reqout = opt_reqout_only;
}
+#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
+ if (opt_server == NULL && !opt_use_mock_srv && opt_port == NULL)
+ CMP_info("will not contact any server");
+#endif
if (opt_rspin != NULL) {
#if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
if (opt_server != NULL)
- CMP_warn("-server option is not used if enough filenames given for -rspin");
+ CMP_warn("-server option etc. are not used if enough filenames given for -rspin");
#endif
if (opt_use_mock_srv)
CMP_warn("-use_mock_srv option is not used if enough filenames given for -rspin");