CMP for OpenSSL / Bugs / #43 Check CMP message version and handle cmp1999 messages

#43 Check CMP message version and handle cmp1999 messages

Milestone: far future

Status: open

Owner: nobody

Labels: None

Priority: 7

Updated: 2017-11-15

Created: 2017-06-20

Creator: Martin Peylo

Private: No

The following of RFC 4210, section 7.1.1 is not handled - actually the version (hdr->pvno) of incoming messages is nowhere checked.

3123 If, after sending a cmp2000 message, a client receives an
3124 ErrorMsgContent with a version of cmp1999, then it MUST abort the
3125 current transaction. It MAY subsequently retry the transaction using
3126 version cmp1999 messages.
3127
3128 If a client receives a non-error PKIMessage with a version of
3129 cmp1999, then it MAY decide to continue the transaction (if the
3130 transaction hasn't finished) using RFC 2510 semantics. If it does
3131 not choose to do so and the transaction is not finished, then it MUST
3132 abort the transaction and send an ErrorMsgContent with a version of
3133 cmp1999.

... we would NOT decide to continue the transaction as we haven't implemented RFC2510. So we would send ErrormsgContent.

Discussion

Martin Peylo - 2017-07-19

Group: v1.0 (example) --> Upstream submission

Priority: 5 --> 7
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Martin Peylo - 2017-11-15

Group: Upstream submission --> far future
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Check CMP message version and handle cmp1999 messages

CMP [RFC4210] implementation based on OpenSSL

Group

Searches

Help

#43 Check CMP message version and handle cmp1999 messages

Discussion