Hi,
I'm performing CMP IR operation by setting the CMP CTX APIs.

But I don't have the trust anchor for setting it to CMP_CTX for performing IR. we have gone through the docs and tried using the OSSL_CMP_CTX_set_option(cmpCtx, OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR, 1); so that extracerts output that is generated as part of IR will be used as trust anchor. So, I'm not setting the OSSL_CMP_CTX_set0_trustedStore , thinking after setting that option(OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR) will be enough to perform IR, but IR is failing saying,
00C73F5B8D7F0000:error:1D0000B3:CMP routines:OSSL_CMP_validate_msg:missing trust anchor:crypto/cmp/cmp_vfy.c:624:
00C73F5B8D7F0000:error:1D00008C:CMP routines:ossl_cmp_msg_check_update:error validating protection:crypto/cmp/cmp_vfy.c:716:

Since we don't have trust anchor CA cert how can we achieve IR. Also, we don't want to use the Preshared Key and reference number (OSSL_CMP_CTX_set1_referenceValue, OSSL_CMP_CTX_set1_secretValue).

Is there any way we can get trust anchor on the go?

Thanks in advance.