From 5c21bcbc0c189777b8cad8658c47d2cfb4cbd2e5 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Fri, 22 May 2020 12:58:44 -0400 Subject: [PATCH] Include &message=CA-IDENT with GetCACaps and GetCACert requests The guttman spec is quite unclear on this and in the GetCACaps section doesn't mention &message at all. It only appears in the generic GET requests section 4.1 The nourse spec is clearer and requires &message=CA-IDENT on GetCACaps requests. AD 2012 R2 servers also require message on GetCACert requests. This reverts much of 60a4db5796b0575ca2cc9f1af4ecb3fdc6359242 https://bugzilla.redhat.com/show_bug.cgi?id=1839181 https://pagure.io/certmonger/issue/103 --- src/scep.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/scep.c b/src/scep.c index 46ab149b..6568122c 100644 --- a/src/scep.c +++ b/src/scep.c @@ -369,11 +369,11 @@ main(int argc, const char **argv) break; case op_get_ca_caps: /* Only step: read capabilities for the daemon. */ - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); break; case op_get_ca_certs: /* First step: get the root certificate. */ - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT); + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CERT "&message=%s", id); break; case op_get_cert_initial: if ((racert == NULL) || (strlen(racert) == 0)) { @@ -392,7 +392,7 @@ main(int argc, const char **argv) goto done; } /* First step: read capabilities for our use. */ - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); } break; case op_pkcsreq: @@ -412,7 +412,7 @@ main(int argc, const char **argv) goto done; } /* First step: read capabilities for our use. */ - params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS); + params = talloc_asprintf(ctx, "operation=" OP_GET_CA_CAPS "&message=%s", id); } break; } -- 2.25.4