From 3ca83f42275ac846d63167bee257bb57dc9eb37d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 31 Jul 2019 14:17:39 -0400
Subject: [PATCH 28/29] No message=<ca ident> from GetCACaps, GetCACert, drop
 GetCACertChain

In the SCEP Gutmann 10 spec there are no message=<ca ident> defined
for the GetCACaps or GetCACert commands. The nourse 23 spec still
defines this but it is optional. Don't send it at all.

GetCACertChain doesn't exist at all in gutmann and was dropped in
revision 19 by nourse.

https://pagure.io/certmonger/issue/103
---
 src/scep.c | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/src/scep.c b/src/scep.c
index fff7ca8..7c9f844 100644
--- a/src/scep.c
+++ b/src/scep.c
@@ -64,7 +64,6 @@
 
 #define OP_GET_CA_CAPS "GetCACaps"
 #define OP_GET_CA_CERT "GetCACert"
-#define OP_GET_CA_CERT_CHAIN "GetCACertChain"
 #define OP_GET_INITIAL_CERT "PKIOperation"
 #define OP_PKCSREQ "PKIOperation"
 enum known_ops {
@@ -356,11 +355,11 @@ main(int argc, const char **argv)
 		break;
 	case op_get_ca_caps:
 		/* Only step: read capabilities for the daemon. */
-		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
+		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
 		break;
 	case op_get_ca_certs:
 		/* First step: get the root certificate. */
-		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id);
+		params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT);
 		break;
 	case op_get_initial_cert:
 		if ((racert == NULL) || (strlen(racert) == 0)) {
@@ -378,7 +377,7 @@ main(int argc, const char **argv)
 				return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
 			}
 			/* First step: read capabilities for our use. */
-			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
+			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
 		}
 		break;
 	case op_pkcsreq:
@@ -397,7 +396,7 @@ main(int argc, const char **argv)
 				return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES;
 			}
 			/* First step: read capabilities for our use. */
-			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id);
+			params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS);
 		}
 		break;
 	}
@@ -511,13 +510,10 @@ main(int argc, const char **argv)
 		abort(); /* never reached */
 		break;
 	case op_get_ca_caps:
+	case op_get_ca_certs:
 		/* nothing to do here */
 		params2 = NULL;
 		break;
-	case op_get_ca_certs:
-		/* Step two: request the chain. */
-		params2 = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT_CHAIN "&message=%s", id);
-		break;
 	case op_get_initial_cert:
 		/* Step two: actually poll.  If we have multiple messages which
 		 * we can use, decide which one to use. */
-- 
2.17.2