New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface #11470
Conversation
This is a pretty large body of code and documentation, |
About 1000 of the 3500 lines of code in I had tried contributing such changes long ago in the PRs #4277, #4930, and #4940, |
Travis CI took too long on one of the test runs as usual; everything else went fine. |
It already is 60 minutes. @t8m is working on a PR to remove that build |
7979a4f
to
5969173
Compare
Rebased to the latest master (now including the fixes of #11448). |
Has anyone already tried out the CMP app? For instance:
|
5969173
to
3cb7b4c
Compare
Currently shown Travis CI issues are unrelated - |
3cb7b4c
to
870e21f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some review comments so far. I have not yet looked at apps/cmp.c - but I've looked at everything else.
Thanks @mattcaswell for these comments - I've answered/handled all of them. |
A bit awkward that changes to |
@levitte I'm glad that you picked this up. @mattcaswell, this consolidation activity should not have much effect on your review of |
I started to look and then asked @levitte if he could have a look at the engine related stuff. I will try to get back to it...but I'm a little distracted by the looming alpha1 at the moment. Probably it will be later the week before I can look. |
a8068e5
to
52a9fbd
Compare
Rebased on current master, which includes the newly merged #4940. |
0409285
to
912049f
Compare
de0f7ef
to
0de98e4
Compare
@slontis, let's do the adaptation of the CMP & CRMF lib modules for providers in a separate PR. Who should be the one setting up that PR and maintaining the branch with the code changes? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I am happy for you to be in charge. Talking to matt he thought that it should be approached from the view of changing the tests to use providers and then get that working.. I can start looking at the test setup side of it if you like. |
@slontis, sounds good. |
Just set up a branch like you normally would on master and I will add some commits to it |
Normally I set up branches on the Siemens repo or the one by @mpeylo where I have write access, but you won't be able to push to either of those, and I since I'm not the owner I cannot give others write access. Is there a repo where we both can push to? |
Or is it sufficient if you have read access to my WIP branch? |
See if you can do
|
This did not work directly, but as follows:
|
I will stop polluting this PR with comments. We can pollute the new PR instead :) |
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
Looks like this is good to go @DDvO |
…l.pod Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
…actionID() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Pushed - hooray! |
@DDvO Hi, When will the cmp and crmf feature plans be fully integrated into the openssl master ? I want to make my openssl version plan based on your plan. https://github.com/mpeylo/cmpossl/wiki, I see that the ossl-cmp branch plan is already inaccurate, I hope you can update the plan |
I updated the plan on https://github.com/mpeylo/cmpossl/wiki yesterday, so it is up-to-date. As of yesterday, the code of the CMP implementation in OpenSSL is complete. Over the next months I do not expect CMP API changes (and if so, they will be minimal). |
This PR adds the CMP app and its documentation.
CLI-based tests will be the topic of the final chunk 12.
Update: List of open spin-off PRs (including current state) on which this PR has been depending:
Generalize setup_engine of apps/apps.c to allow specific crypto methods #4277 (generalize setup_engine) - mergedGeneralize HTTP server code from apps/ocsp.c to apps/lib/http_server.c #11736 (generalize HTTP server) - mergedUse OSSL_STORE in apps, generalizing and simplifying load_key() etc. #11755 (use OSSL_STORE in apps.c) - mergedThe CLI enables everyone to easily try out typical certificate management use cases
with the demo configuration added to
apps/openssl.cnf
, which refers to the Insta Demo CA.For instance, as described in the EXAMPLES section of
doc/man1/openssl-cmp.pod
: