| From 3ca83f42275ac846d63167bee257bb57dc9eb37d Mon Sep 17 00:00:00 2001 |
| From: Rob Crittenden <rcritten@redhat.com> |
| Date: Wed, 31 Jul 2019 14:17:39 -0400 |
| Subject: [PATCH 28/29] No message=<ca ident> from GetCACaps, GetCACert, drop |
| GetCACertChain |
| |
| In the SCEP Gutmann 10 spec there are no message=<ca ident> defined |
| for the GetCACaps or GetCACert commands. The nourse 23 spec still |
| defines this but it is optional. Don't send it at all. |
| |
| GetCACertChain doesn't exist at all in gutmann and was dropped in |
| revision 19 by nourse. |
| |
| https://pagure.io/certmonger/issue/103 |
| |
| src/scep.c | 14 +++++--------- |
| 1 file changed, 5 insertions(+), 9 deletions(-) |
| |
| diff --git a/src/scep.c b/src/scep.c |
| index fff7ca8..7c9f844 100644 |
| |
| |
| @@ -64,7 +64,6 @@ |
| |
| #define OP_GET_CA_CAPS "GetCACaps" |
| #define OP_GET_CA_CERT "GetCACert" |
| -#define OP_GET_CA_CERT_CHAIN "GetCACertChain" |
| #define OP_GET_INITIAL_CERT "PKIOperation" |
| #define OP_PKCSREQ "PKIOperation" |
| enum known_ops { |
| @@ -356,11 +355,11 @@ main(int argc, const char **argv) |
| break; |
| case op_get_ca_caps: |
| /* Only step: read capabilities for the daemon. */ |
| - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); |
| + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); |
| break; |
| case op_get_ca_certs: |
| /* First step: get the root certificate. */ |
| - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id); |
| + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT); |
| break; |
| case op_get_initial_cert: |
| if ((racert == NULL) || (strlen(racert) == 0)) { |
| @@ -378,7 +377,7 @@ main(int argc, const char **argv) |
| return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; |
| } |
| /* First step: read capabilities for our use. */ |
| - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); |
| + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); |
| } |
| break; |
| case op_pkcsreq: |
| @@ -397,7 +396,7 @@ main(int argc, const char **argv) |
| return CM_SUBMIT_STATUS_NEED_SCEP_MESSAGES; |
| } |
| /* First step: read capabilities for our use. */ |
| - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); |
| + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); |
| } |
| break; |
| } |
| @@ -511,13 +510,10 @@ main(int argc, const char **argv) |
| abort(); /* never reached */ |
| break; |
| case op_get_ca_caps: |
| + case op_get_ca_certs: |
| /* nothing to do here */ |
| params2 = NULL; |
| break; |
| - case op_get_ca_certs: |
| - /* Step two: request the chain. */ |
| - params2 = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT_CHAIN "&message=%s", id); |
| - break; |
| case op_get_initial_cert: |
| /* Step two: actually poll. If we have multiple messages which |
| * we can use, decide which one to use. */ |
| -- |
| 2.17.2 |
| |