[Cmpforopenssl-devel] Improper protection of PollReq?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

Question on "improper protection of PollReq messages". The PollReq-messages from OpenSSL-CMP are signed, but the certificate required to verify that signature is not provided (in the extraCerts field). My PKI-environment refuses this polling request due to "badMessageCheck". I've tested another client which does provide the certificate; this request is processed properly.

The CR-request does contain the RA-certificate. Is this a bug?

Ad Schoonen
OIB/ITS/UA/Auth&KeyMngt
Location code HLW C.04.182
T +31 20 584 6470
E ad....@in...<mailto:ad....@in...>

-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.

Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------

[Cmpforopenssl-devel] Improper protection of PollReq?

CMP [RFC4210] implementation based on OpenSSL

[Cmpforopenssl-devel] Improper protection of PollReq?