|
|
52bf73 |
From 3ca83f42275ac846d63167bee257bb57dc9eb37d Mon Sep 17 00:00:00 2001
|
|
|
52bf73 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
52bf73 |
Date: Wed, 31 Jul 2019 14:17:39 -0400
|
|
|
52bf73 |
Subject: [PATCH 28/29] No message=<ca ident> from GetCACaps, GetCACert, drop
|
|
|
52bf73 |
GetCACertChain
|
|
|
52bf73 |
|
|
|
52bf73 |
In the SCEP Gutmann 10 spec there are no message=<ca ident> defined
|
|
|
52bf73 |
for the GetCACaps or GetCACert commands. The nourse 23 spec still
|
|
|
52bf73 |
defines this but it is optional. Don't send it at all.
|
|
|
52bf73 |
|
|
|
52bf73 |
GetCACertChain doesn't exist at all in gutmann and was dropped in
|
|
|
52bf73 |
revision 19 by nourse.
|
|
|
52bf73 |
|
|
|
52bf73 |
https://pagure.io/certmonger/issue/103
|
|
|
52bf73 |
---
|
|
|
52bf73 |
src/scep.c | 14 +++++---------
|
|
|
52bf73 |
1 file changed, 5 insertions(+), 9 deletions(-)
|
|
|
52bf73 |
|
|
|
52bf73 |
diff --git a/src/scep.c b/src/scep.c
|
|
|
52bf73 |
index fff7ca8..7c9f844 100644
|
|
|
52bf73 |
--- a/src/scep.c
|
|
|
52bf73 |
+++ b/src/scep.c
|
|
|
52bf73 |
@@ -64,7 +64,6 @@
|
|
|
52bf73 |
|
|
|
52bf73 |
#define OP_GET_CA_CAPS "GetCACaps"
|
|
|
52bf73 |
#define OP_GET_CA_CERT "GetCACert"
|
|
|
52bf73 |
-#define OP_GET_CA_CERT_CHAIN "GetCACertChain"
|
|
|
52bf73 |
#define OP_GET_INITIAL_CERT "PKIOperation"
|
|
|
52bf73 |
#define OP_PKCSREQ "PKIOperation"
|
|
|
52bf73 |
enum known_ops {
|
|
|
52bf73 |
@@ -356,11 +355,11 @@ main(int argc, const char **argv)
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
case op_get_ca_caps:
|
|
|
52bf73 |
/* Only step: read capabilities for the daemon. */
|
|
|
52bf73 |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
52bf73 |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
case op_get_ca_certs:
|
|
|
52bf73 |
/* First step: get the root certificate. */
|
|
|
52bf73 |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
|
|
|
52bf73 |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
case op_get_initial_cert:
|
|
|
52bf73 |
if ((racert == NULL) || (strlen(racert) == 0)) {
|
|
|
52bf73 |
@@ -378,7 +377,7 @@ main(int argc, const char **argv)
|
|
|
52bf73 |
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
52bf73 |
}
|
|
|
52bf73 |
/* First step: read capabilities for our use. */
|
|
|
52bf73 |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
52bf73 |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
52bf73 |
}
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
case op_pkcsreq:
|
|
|
52bf73 |
@@ -397,7 +396,7 @@ main(int argc, const char **argv)
|
|
|
52bf73 |
return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
|
|
|
52bf73 |
}
|
|
|
52bf73 |
/* First step: read capabilities for our use. */
|
|
|
52bf73 |
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
|
|
|
52bf73 |
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
|
|
|
52bf73 |
}
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
}
|
|
|
52bf73 |
@@ -511,13 +510,10 @@ main(int argc, const char **argv)
|
|
|
52bf73 |
abort(); /* never reached */
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
case op_get_ca_caps:
|
|
|
52bf73 |
+ case op_get_ca_certs:
|
|
|
52bf73 |
/* nothing to do here */
|
|
|
52bf73 |
params2 = NULL;
|
|
|
52bf73 |
break;
|
|
|
52bf73 |
- case op_get_ca_certs:
|
|
|
52bf73 |
- /* Step two: request the chain. */
|
|
|
52bf73 |
- params2 = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT_CHAIN "&message=%s", id);
|
|
|
52bf73 |
- break;
|
|
|
52bf73 |
case op_get_initial_cert:
|
|
|
52bf73 |
/* Step two: actually poll. If we have multiple messages which
|
|
|
52bf73 |
* we can use, decide which one to use. */
|
|
|
52bf73 |
--
|
|
|
52bf73 |
2.17.2
|
|
|
52bf73 |
|