@mattcaswell, I created this PR starting from the last version of mpeylo#199. If successfully build I would like to ask you for a review.

The time exceeding travis job is probably not related to us.

moved some file updates between the commits, the final result is the same.

I've just pushed a new version that completes the cleanup of commits that @Akretsch did 8 hours before.
@mattcaswell, when doing the merge after this PR has been approved, I suggest not squashing these four commits into one:

commit 3c550e0fbcd69810de5cf85d71f29c278859ec90 (HEAD -> cmpossl_incremental7,  origin/cmpossl_fixup6_incremental7)
Author: Dr. David von Oheimb <[email protected]>
Date:   Fri Dec 13 19:45:53 2019 +0100

    chunk 7 of CMP contribution to OpenSSL: CMP message validation and related tests

commit 6d87fc4a1a23014a96364ea6352cf016fbb6967b
Author: Dr. David von Oheimb <[email protected]>
Date:   Fri Dec 13 20:07:08 2019 +0100

    fix various formatting nits in CMP contribution chunks 1-6 found by the new util/check-format.pl
    correct wording in doc, comments, and parameter names: self-signed -> self-issued where appropriate

commit 241a9a67b007124aa79816b25ab3a11049f074c2
Author: Dr. David von Oheimb <[email protected]>
Date:   Fri Dec 13 19:50:20 2019 +0100

    improve CMP logging after changes according to comments on CMP chunk7 preview

commit c5e413ee7c2bc69b44c2e3ca3e1972aaf97cebb9
Author: Dr. David von Oheimb <[email protected]>
Date:   Fri Dec 13 18:54:15 2019 +0100

    add internal doc files actually belonging to CMP contribution chunk 6

There is - like after the push before - one strange Travis CI failure, which I cannot reproduce locally:

80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok

The job exceeded the maximum time limit for jobs, and has been terminated.

For what ever reason, Travis keeps aborting its very last job on this PR at

80-test_ocsp.t ..................... ok
80-test_pkcs12.t ................... ok
The job exceeded the maximum time limit for jobs, and has been terminated.´

Does anyone understand why? This does not seem CMP related.

It seems to be a frequent and very annoying problem at the moment. Don't know why - but it's definitely not CMP related.

It's been plaguing the CI since 77fedcd, with one of the jobs running into a hard cutoff of 50min by Travis. See #10639 for a fix by @slontis.

Thanks @mattcaswell and @h-vetinari for your (comforting to me) comments!

Travis failures seem relevant. Also, already needs a rebase!

@mattcaswell I fixed the Travis failure and did a rebase.

@mattcaswell I fixed the Travis failure and did a rebase.

@Akretsch, when adding fixes to this PR please always use --fixup to make clear which commit is improved and to make sure that auto-squashing will work fine. I've done this by amending your recent commit (of Dec 19).

Thanks a lot @bernd-edlinger for very swiftly finishing your review
and the quick re-approval by @mattcaswell!

So looks like I can squash and merge this chunk after the usual one day grace period?

So looks like I can squash and merge this chunk after the usual one day grace period?

Looks like it - assuming no last minute problems from the CIs.

AppVeyor is always pretty slow, and this time it took even some 12 hours to complete (after presumably being busy grinding on other PRs), but finally it confirmed that the builds and tests pass.

I'll squash the commits (up to a few ones) already now in preparation of the later merge,
which among others should raise the chances that the merge
will be rewarded by that lovely purple-colored 'merged' icon 💜

Done squashing as far as appropriate (and already adding the reviewer & pr info).
Do I need an explicit 'ready to merge' label before (potentially rebasing again) and pushing?

We do usually the final squash and rebase without pushing that to the PR again,
but directly to the openssl git server, once the grace period is over, the labels are just
optional, the final decision is human.
Howver now, I have problems to fetch the revision f431d68
from this pr which @mattcaswell originally approved, so I am unable to double-check that the
squashing / re-basing did not introduce incorrectness.

We do usually the final squash and rebase without pushing that to the PR again,
but directly to the openssl git server, once the grace period is over,

Yes, but @mattcaswell recently asked me regarding PR #10667 to squash it before it was merged, and this had the nice effect that GitHub has been able to recognize the merge automatically, which is indicated by the purple 'Merged' label. I appreciate this, and others as well, and @beldmit even asked to 'incorporate the brilliant changes he made to the workflow' - see #11038

the labels are just optional, the final decision is human.

Good to know, thanks @bernd-edlinger.

However now, I have problems to fetch the revision f431d68
from this pr which @mattcaswell originally approved,

Yes, this indeed is a drawback. One could still follow up the commits via the link you gave and via its parent link etc, but this would be pretty cumbersome.
A workaround would be to save the original/unsquashed PR branch in a backup branch.

so I am unable to double-check that the squashing / re-basing did not introduce incorrectness.

Before force-pushing I double-checked this using

git diff origin/cmpossl_incremental7

@Akretsch, if you still have the previous state of cmpossl_incremental7 locally, please push it as cmpossl_incremental7-orig such that we have it as backup/reference just in case.

cmpossl_incremental7-orig pushed

yes, that would be nice,
please do git reset --hard f431d686479a36131bdbbab23f9399c15d066637 before pushing that
since that was the originally approved version. It should be available in your repo,
but I cannot pull if from github, although I know for sure, that revision is still in their database.

@bernd-edlinger, good idea to reset to the commit in question first.
This did not work out for @Akretsch (since he had fetched last on Feb 3rd), but for me.
I've force-pushed f431d68 to cmpossl_incremental7-orig now.

@DDvO Have the CMP feature and CRMF feature been completed? Are the test cases completed? When are these features planned for openssl 3.0.0?

@DDvO Have the CMP feature and CRMF feature been completed? Are the test cases completed? When are these features planned for openssl 3.0.0?

@yangyangtiantianlonglong Next chunk is here. A you may find their roadmap in this repo.

@yangyangtiantianlonglong, the state of the CMP contribution is shown and kept up-to-date at https://github.com/mpeylo/cmpossl/wiki#planning-and-current-status-of-the-contribution-chunks.
So you can we plan to include everything in OpenSSL 3.0.
The contribution includes extensive tests.

Where is this callback? I get:
test/cmp_vfy_test.c(72): error C2065: 'OSSL_CMP_print_cert_verify_cb': undeclared identifier

Looks like you had an inconsistent source tree or build.
The callback function is meanwhile called X509_STORE_CTX_print_verify_cb.