Chunk 11 of CMP contribution to OpenSSL: CMP command-line interface #11470
Conversation
|
This is a pretty large body of code and documentation, |
|
About 1000 of the 3500 lines of code in I had tried contributing such changes long ago in the PRs #4277, #4930, and #4940, |
|
Travis CI took too long on one of the test runs as usual; everything else went fine. |
|
It already is 60 minutes. @t8m is working on a PR to remove that build |
|
Rebased to the latest master (now including the fixes of #11448). |
|
Has anyone already tried out the CMP app? For instance:
|
|
Currently shown Travis CI issues are unrelated - |
|
Some review comments so far. I have not yet looked at apps/cmp.c - but I've looked at everything else. |
apps/openssl-vms.cnf
Outdated
Show resolved
Hide resolved
apps/openssl.cnf
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
doc/man1/openssl-cmp.pod.in
Outdated
Show resolved
Hide resolved
Thanks @mattcaswell for these comments - I've answered/handled all of them. |
|
A bit awkward that changes to |
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
@levitte I'm glad that you picked this up. @mattcaswell, this consolidation activity should not have much effect on your review of |
I started to look and then asked @levitte if he could have a look at the engine related stuff. I will try to get back to it...but I'm a little distracted by the looming alpha1 at the moment. Probably it will be later the week before I can look. |
|
Rebased on current master, which includes the newly merged #4940. |
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
apps/cmp.c
Outdated
Show resolved
Hide resolved
|
Normally I set up branches on the Siemens repo or the one by @mpeylo where I have write access, but you won't be able to push to either of those, and I since I'm not the owner I cannot give others write access. Is there a repo where we both can push to? |
|
Or is it sufficient if you have read access to my WIP branch? |
|
See if you can do
|
|
This did not work directly, but as follows:
|
|
I will stop polluting this PR with comments. We can pollute the new PR instead :) |
|
24 hours has passed since 'approval: done' was set, but as this PR has been updated in that time the label 'approval: ready to merge' is not being automatically set. Please review the updates and set the label manually. |
|
Looks like this is good to go @DDvO |
…l.pod Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
…actionID() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from #11470)
|
Pushed - hooray! |
|
@DDvO Hi, When will the cmp and crmf feature plans be fully integrated into the openssl master ? I want to make my openssl version plan based on your plan. https://github.com/mpeylo/cmpossl/wiki, I see that the ossl-cmp branch plan is already inaccurate, I hope you can update the plan |
I updated the plan on https://github.com/mpeylo/cmpossl/wiki yesterday, so it is up-to-date. As of yesterday, the code of the CMP implementation in OpenSSL is complete. Over the next months I do not expect CMP API changes (and if so, they will be minimal). |
This PR adds the CMP app and its documentation.
CLI-based tests will be the topic of the final chunk 12.
Update: List of open spin-off PRs (including current state) on which this PR has been depending:
#4277 (generalize setup_engine) - merged#11736 (generalize HTTP server) - merged#11755 (use OSSL_STORE in apps.c) - mergedThe CLI enables everyone to easily try out typical certificate management use cases
with the demo configuration added to
apps/openssl.cnf, which refers to the Insta Demo CA.For instance, as described in the EXAMPLES section of
doc/man1/openssl-cmp.pod: