|
 |
1495bf |
From 3ca83f42275ac846d63167bee257bb57dc9eb37d Mon Sep 17 00:00:00 2001
|
|
|
1495bf |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
1495bf |
Date: Wed, 31 Jul 2019 14:17:39 -0400
|
|
|
1495bf |
Subject: [PATCH 28/29] No message=<ca ident> from GetCACaps, GetCACert, drop
|
|
|
1495bf |
GetCACertChain
|
|
|
1495bf |
|
|
|
1495bf |
In the SCEP Gutmann 10 spec there are no message=<ca ident> defined
|
|
|
1495bf |
for the GetCACaps or GetCACert commands. The nourse 23 spec still
|
|
|
1495bf |
defines this but it is optional. Don't send it at all.
|
|
|
1495bf |
|
|
|
1495bf |
GetCACertChain doesn't exist at all in gutmann and was dropped in
|
|
|
1495bf |
revision 19 by nourse.
|
|
|
1495bf |
|
|
|
1495bf |
https://pagure.io/certmonger/issue/103
|
|
|
1495bf |
---
|
|
|
1495bf |
src/scep.c | 14 +++++---------
|
|
|
1495bf |
1 file changed, 5 insertions(+), 9 deletions(-)
|
|
|
1495bf |
|
|
|
1495bf |
diff --git a/src/scep.c b/src/scep.c
|
|
|
1495bf |
index fff7ca8..7c9f844 100644
|
|
|
1495bf |
--- a/src/scep.c
|
|
|
1495bf |
+++ b/src/scep.c
|
|
|
1495bf |
@@ -64,7 +64,6 @@
|
|
|
1495bf |
|
|
|
1495bf |
#define OP_GET_CA_CAPS "GetCACaps"
|
|
|
1495bf |
#define OP_GET_CA_CERT "GetCACert"
|
|
|
1495bf |
-#define OP_GET_CA_CERT_CHAIN "GetCACertChain"
|
|
|
1495bf |
#define OP_GET_INITIAL_CERT "PKIOperation"
|
|
|
1495bf |
#define OP_PKCSREQ "PKIOperation"
|
|
|
1495bf |
enum known_ops {
|
|
|
1495bf |
@@ -356,11 +355,11 @@ main(int argc, const char **argv)
|
|
|
1495bf |
break;
|
|
|
1495bf |
case op_get_ca_caps:
|
|
|
1495bf |
/* Only step: read capabilities for the daemon. */
|
|
|
1495bf |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
1495bf |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
1495bf |
break;
|
|
|
1495bf |
case op_get_ca_certs:
|
|
|
1495bf |
/* First step: get the root certificate. */
|
|
|
1495bf |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
|
|
|
1495bf |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
|
|
|
1495bf |
break;
|
|
|
1495bf |
case op_get_initial_cert:
|
|
|
1495bf |
if ((racert == NULL) || (strlen(racert) == 0)) {
|
|
|
1495bf |
@@ -378,7 +377,7 @@ main(int argc, const char **argv)
|
|
|
1495bf |
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
1495bf |
}
|
|
|
1495bf |
/* First step: read capabilities for our use. */
|
|
|
1495bf |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
1495bf |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
1495bf |
}
|
|
|
1495bf |
break;
|
|
|
1495bf |
case op_pkcsreq:
|
|
|
1495bf |
@@ -397,7 +396,7 @@ main(int argc, const char **argv)
|
|
|
1495bf |
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
1495bf |
}
|
|
|
1495bf |
/* First step: read capabilities for our use. */
|
|
|
1495bf |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
1495bf |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
1495bf |
}
|
|
|
1495bf |
break;
|
|
|
1495bf |
}
|
|
|
1495bf |
@@ -511,13 +510,10 @@ main(int argc, const char **argv)
|
|
|
1495bf |
abort(); /* never reached */
|
|
|
1495bf |
break;
|
|
|
1495bf |
case op_get_ca_caps:
|
|
|
1495bf |
+ case op_get_ca_certs:
|
|
|
1495bf |
/* nothing to do here */
|
|
|
1495bf |
params2 = NULL;
|
|
|
1495bf |
break;
|
|
|
1495bf |
- case op_get_ca_certs:
|
|
|
1495bf |
- /* Step two: request the chain. */
|
|
|
1495bf |
- params2 = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT_CHAIN "&message=%s", id);
|
|
|
1495bf |
- break;
|
|
|
1495bf |
case op_get_initial_cert:
|
|
|
1495bf |
/* Step two: actually poll. If we have multiple messages which
|
|
|
1495bf |
* we can use, decide which one to use. */
|
|
|
1495bf |
--
|
|
|
1495bf |
2.17.2
|
|
|
1495bf |
|