CMP: add support for genm with crlStatusList and genp with crls

Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in sec

CMP: add support for genm with crlStatusList and genp with crls

Introduce the capability to retrieve and update Certificate Revocation Lists
(CRLs) in the CMP client, as specified in section 4.3.4 of RFC 9483.

To request a CRL update, the CMP client can send a genm message with the
option -infotype crlStatusList. The server will respond with a genp message
containing the updated CRL, using the -infoType id-it-crls. The client can
then save the CRL in a specified file using the -crlout parameter.

Co-authored-by: Rajeev Ranjan <ranjan.rajeev@siemens.com>

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23768)

show more ...

80-test_cmp_http_data/: add tests for -no_cache_extracerts, fix and extend further test cases

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.o

80-test_cmp_http_data/: add tests for -no_cache_extracerts, fix and extend further test cases

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19948)

show more ...

CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://gi

CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21129)

show more ...

CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()

Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com

CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()

Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)

show more ...

80-test_cmp_http: Make server diagnostics more verbose to aid debugging

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16051)

apps/lib/s_socket.c and 80-test_cmp_http.t: Make ACCEPT port reporting more robust

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15417)

Adapt 80-test_cmp_http.t and its data for random accept ports

Fixes #14694

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/o

Adapt 80-test_cmp_http.t and its data for random accept ports

Fixes #14694

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)

show more ...

test/recipes: split 81_test_cmp_cli.t, add test using -engine loader_attic

The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier.
This should decrease total test

test/recipes: split 81_test_cmp_cli.t, add test using -engine loader_attic

The HTTP-based tests are now in 80_test_cmp_http.t, to start a little earlier.
This should decrease total test run time due to better parallelization.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13551)

show more ...