Skip to content

Trust Anchor for CMP IR #23706

@sumanth797

Description

@sumanth797

Hi,
I'm performing CMP IR operation by setting the CMP CTX APIs.

But I don't have the trust anchor for setting it to CMP_CTX for performing IR. we have gone through the docs and tried using the OSSL_CMP_CTX_set_option(cmpCtx, OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR, 1); so that extracerts output that is generated as part of IR will be used as trust anchor. So, I'm not setting the OSSL_CMP_CTX_set0_trustedStore , thinking after setting that option(OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR) will be enough to perform IR, but IR is failing saying,
00C73F5B8D7F0000:error:1D0000B3:CMP routines:OSSL_CMP_validate_msg:missing trust anchor:crypto/cmp/cmp_vfy.c:624:
00C73F5B8D7F0000:error:1D00008C:CMP routines:ossl_cmp_msg_check_update:error validating protection:crypto/cmp/cmp_vfy.c:716:

Since we don't have trust anchor CA cert how can we achieve IR. Also, we don't want to use the Preshared Key and reference number (OSSL_CMP_CTX_set1_referenceValue, OSSL_CMP_CTX_set1_secretValue).

Is there any way we can get trust anchor on the go?

Thanks in advance.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions