From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Wed, 27 May 2020 15:52:53 +0000 (+0200)
Subject: Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg()
X-Git-Tag: openssl-3.0.0-alpha4~116
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7aa70fd5e1281d86fbddcdfab03a474d0b6978af;p=oweals%2Fopenssl.git

Remove misleading diagnostics on pinned sender cert in OSSL_CMP_validate_msg()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)
---

diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index f73a0a06a5..323bd9c867 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -659,9 +659,6 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
             /* use ctx->srvCert for signature check even if not acceptable */
             if (verify_signature(ctx, msg, scrt))
                 return 1;
-            /* call cert_acceptable() for adding diagnostic information */
-            (void)cert_acceptable(ctx, "explicitly set", "sender cert", scrt,
-                                  NULL, NULL, msg);
             ossl_cmp_warn(ctx, "msg signature verification failed");
             CMPerr(0, CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG);
         }