Commit 0a5316e465 for openssl.org

commit 0a5316e46536c788bb972c57b3923151aeb76d0b
Author: Dr. David von Oheimb <dev@ddvo.net>
Date:   Wed Mar 25 13:21:33 2026 +0100

    cmp_client_test.c: disable KUR_bad_pkiConf_protection

    This is a workaround for an issue that lead to fuzz-checker CI failures;
    the preliminary solution is to disable the inessential test case
    test_exec_KUR_bad_pkiConf_protection.

    References: https://github.com/openssl/openssl/pull/28973
    Fixes: 525a4f1efbab "cmp_vfy.c,doc/,test/: when trying to use cached CMP message sender cert, no more check its revocation and chain"

    Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Thu Mar 26 15:55:34 2026
    (Merged from https://github.com/openssl/openssl/pull/30567)

diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index f080fe1615..7e3ab256e6 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -346,7 +346,7 @@ static int test_exec_KUR_ses_transfer_error(void)

 static int test_exec_KUR_bad_pkiConf_protection(void)
 {
-    return test_exec_KUR_ses(0, OSSL_CMP_PKIBODY_PKICONF, 0, 0);
+    return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0);
 }

 static int test_exec_KUR_ses_wrong_popo(void)