aboutsummaryrefslogtreecommitdiff
path: root/doc/man3/OSSL_CMP_CTX_new.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man3/OSSL_CMP_CTX_new.pod')
-rw-r--r--doc/man3/OSSL_CMP_CTX_new.pod8
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index ce7db8f2f086..cab88ae88c91 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -176,6 +176,7 @@ the message timeout is set to 120 seconds,
and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE.
OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure.
+If the argument is NULL, nothing is done.
OSSL_CMP_CTX_reinit() prepares the given I<ctx> for a further transaction by
clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
@@ -312,6 +313,11 @@ RFC 4210.
Allow retrieving a trust anchor from extraCerts and using that
to validate the certificate chain of an IP message.
+ This is a quirk option added to support 3GPP TS 33.310.
+
+ Note that using this option is dangerous as the certificate obtained
+ this way has not been authenticated (at least not at CMP level).
+ Taking it over as a trust anchor implements trust-on-first-use (TOFU).
=back
@@ -796,7 +802,7 @@ OSSL_CMP_CTX_reset_geninfo_ITAVs() was added in OpenSSL 3.0.8.
=head1 COPYRIGHT
-Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-03 00:36:03 +0000