Commit 713beaf046 for openssl.org
commit 713beaf046c8954070888ea1336ea49d320a5452
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Wed Oct 22 15:48:01 2025 +0200
crypto/cmp/: generalize info/debug messages and code comments from mentioning 'server' to 'sender'
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/28973)
diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index e3991d0e39..f2717de83f 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -750,7 +750,7 @@ DEFINE_OSSL_set1_up_ref(OSSL_CMP_CTX, oldCert, X509)
*/
DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
- /* Get successfully validated server cert, if any, of current transaction */
+ /* Get successfully validated sender cert, if any, of current transaction */
DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
/*
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 4d704377de..b96acf77ce 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -57,7 +57,7 @@ struct ossl_cmp_ctx_st {
int unprotectedErrors;
int noCacheExtraCerts;
X509 *srvCert; /* certificate used to identify the server */
- X509 *validatedSrvCert; /* caches any already validated server cert */
+ X509 *validatedSrvCert; /* caches any already validated sender cert */
X509_NAME *expected_sender; /* expected sender in header of response */
X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 16541d1af3..a28cafd704 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -646,7 +646,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
scrt = ctx->srvCert;
if (scrt == NULL) {
if (ctx->trusted == NULL && ctx->secretValue != NULL) {
- ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
+ ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
return 0;
}
@@ -660,7 +660,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
/* use ctx->srvCert for signature check even if not acceptable */
if (verify_signature(ctx, msg, scrt)) {
ossl_cmp_debug(ctx,
- "successfully validated signature-based CMP message protection using pinned server cert");
+ "successfully validated signature-based CMP message protection using pinned sender cert");
return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
}
ossl_cmp_warn(ctx, "CMP message signature verification failed");