Commit c797a57dd4 for openssl.org

commit c797a57dd48754d4eb5cebfa129c2e94b2dcc8b8
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Fri May 30 11:13:29 2025 +0200

    apps/cmp.c: avoid misleading warning with p10cr; add warnings on options ignored when not doing rr

    Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Tue Feb  3 08:43:02 2026
    (Merged from https://github.com/openssl/openssl/pull/28478)

diff --git a/apps/cmp.c b/apps/cmp.c
index 6229de6c5e..fe1219ee64 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1924,8 +1924,8 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx)
             CMP_warn1("-days %s", msg);
         if (opt_popo != OSSL_CRMF_POPO_NONE - 1)
             CMP_warn1("-popo %s", msg);
-        if (opt_out_trusted != NULL)
-            CMP_warn1("-out_trusted %s", msg);
+        if (opt_cmd != CMP_P10CR && opt_out_trusted != NULL)
+            CMP_warn("-out_trusted is ignored for 'rr' and 'genm' commands");
     } else if (opt_newkey != NULL) {
         const char *file = opt_newkey;
         const int format = opt_keyform;
@@ -2048,6 +2048,13 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx)
     if (opt_popo >= OSSL_CRMF_POPO_NONE)
         (void)OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_POPO_METHOD, opt_popo);

+    if (opt_cmd != CMP_RR) {
+        if (opt_revreason != CRL_REASON_NONE)
+            CMP_warn("-revreason option is ignored for commands other than 'rr'");
+        if (opt_cmd != CMP_KUR && opt_oldcert != NULL)
+            CMP_warn("-oldcert option used only as reference cert");
+    }
+
     if (opt_oldcert != NULL) {
         if (opt_cmd == CMP_GENM) {
             CMP_warn("-oldcert option is ignored for 'genm' command");