From 5c21bcbc0c189777b8cad8658c47d2cfb4cbd2e5 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 22 May 2020 12:58:44 -0400
Subject: [PATCH] Include &message=CA-IDENT with GetCACaps and GetCACert
requests
The guttman spec is quite unclear on this and in the GetCACaps
section doesn't mention &message at all. It only appears in the
generic GET requests section 4.1
The nourse spec is clearer and requires &message=CA-IDENT on
GetCACaps requests.
AD 2012 R2 servers also require message on GetCACert requests.
This reverts much of 60a4db5796b0575ca2cc9f1af4ecb3fdc6359242
https://bugzilla.redhat.com/show_bug.cgi?id=1839181
https://pagure.io/certmonger/issue/103
---
src/scep.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/scep.c b/src/scep.c
index 46ab149b..6568122c 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -369,11 +369,11 @@ main(int argc, const char **argv)
break;
case op_get_ca_caps:
/* Only step: read capabilities for the daemon. */
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
break;
case op_get_ca_certs:
/* First step: get the root certificate. */
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
break;
case op_get_cert_initial:
if ((racert == NULL) || (strlen(racert) == 0)) {
@@ -392,7 +392,7 @@ main(int argc, const char **argv)
goto done;
}
/* First step: read capabilities for our use. */
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
}
break;
case op_pkcsreq:
@@ -412,7 +412,7 @@ main(int argc, const char **argv)
goto done;
}
/* First step: read capabilities for our use. */
- params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
+ params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
}
break;
}
--
2.25.4