Martin Peylo
-
2017-07-19
- Group: Next Release (example) --> Version 2
The RFC section 5.3.2 says that
...if the PKI
Message Protection is "shared secret information" (see Section
5.1.3), then any certificate transported in the caPubs field may be
directly trusted as a root CA certificate by the initiator.
So caPubs are stored in context in cmp_ses.c - but so far there is no way to figure out whether the CA actually used shared secret, as it could use MSG_SIG_ALG eventhough the client was using MSG_MAC_ALG.
So, the information which protection was used when sending caPubs should be made available to the recipient.