Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

 Standard preamble:
 ========================================================================
..

..


..
 Set up some character translations and predefined strings. \*(-- will
 give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 double quote, and \*(R" will give a right double quote. \*(C+ will
 give a nicer C++. Capital omega is used to do unbreakable dashes and
 therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
 nothing in troff, for use with C<>.
.tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
 Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] 
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
 ========================================================================

 Title "OSSL_CMP_SRV_CTX_NEW 3ossl" 
 OSSL_CMP_SRV_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL"
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 "NAME"
OSSL_CMP_SRV_process_request,
OSSL_CMP_CTX_server_perform,
OSSL_CMP_SRV_CTX_new,
OSSL_CMP_SRV_CTX_free,
OSSL_CMP_SRV_cert_request_cb_t,
OSSL_CMP_SRV_rr_cb_t,
OSSL_CMP_SRV_certConf_cb_t,
OSSL_CMP_SRV_genm_cb_t,
OSSL_CMP_SRV_error_cb_t,
OSSL_CMP_SRV_pollReq_cb_t,
OSSL_CMP_SRV_CTX_init,
OSSL_CMP_SRV_CTX_get0_cmp_ctx,
OSSL_CMP_SRV_CTX_get0_custom_ctx,
OSSL_CMP_SRV_CTX_set_send_unprotected_errors,
OSSL_CMP_SRV_CTX_set_accept_unprotected,
OSSL_CMP_SRV_CTX_set_accept_raverified,
OSSL_CMP_SRV_CTX_set_grant_implicit_confirm
\- generic functions to set up and control a CMP server

 "SYNOPSIS"
 Header "SYNOPSIS" .Vb 1
 #include <openssl/cmp.h>
\&
 OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req);
 OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
  const OSSL_CMP_MSG *req);
 OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
 void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
\&
 typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(
  OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  int certReqId,
  const OSSL_CRMF_MSG *crm,
  const X509_REQ *p10cr,
  X509 **certOut,
  STACK_OF(X509) **chainOut,
  STACK_OF(X509) **caPubs);
 typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  const X509_NAME *issuer,
  const ASN1_INTEGER *serial);
 typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  STACK_OF(OSSL_CMP_ITAV) *in,
  STACK_OF(OSSL_CMP_ITAV) **out);
 typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  const OSSL_CMP_PKISI *statusInfo,
  const ASN1_INTEGER *errorCode,
  const OSSL_CMP_PKIFREETEXT *errorDetails);
 typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  int certReqId,
  const ASN1_OCTET_STRING *certHash,
  const OSSL_CMP_PKISI *si);
 typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
  const OSSL_CMP_MSG *req,
  int certReqId,
  OSSL_CMP_MSG **certReq,
  int64_t *check_after);
 int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
  OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
  OSSL_CMP_SRV_rr_cb_t process_rr,
  OSSL_CMP_SRV_genm_cb_t process_genm,
  OSSL_CMP_SRV_error_cb_t process_error,
  OSSL_CMP_SRV_certConf_cb_t process_certConf,
  OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
\&
 OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
 void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
\&
 int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
  int val);
 int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
 int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
 int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
  int val);
.Ve

 "DESCRIPTION"
 Header "DESCRIPTION" \fBOSSL_CMP_SRV_process_request() implements the generic aspects of a \s-1CMP\s0 server.
Its arguments are the \s-1OSSL_CMP_SRV_CTX\s0 srv_ctx and the \s-1CMP\s0 request message
\fIreq. It does the typical generic checks on req, calls
the respective callback function (if present) for more specific processing,
and then assembles a result message, which may be a \s-1CMP\s0 error message.
If after return of the function the expression
\fIOSSL_CMP_CTX_get_status(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx)) yields -1
then the function has closed the current transaction,
which may be due to normal successful end of the transaction or due to an error.


\fBOSSL_CMP_CTX_server_perform() is an interface to
\fBOSSL_CMP_SRV_process_request() that can be used by a \s-1CMP\s0 client
in the same way as OSSL_CMP_MSG_http_perform\|(3).
The \s-1OSSL_CMP_SRV_CTX\s0 must be set as transfer_cb_arg of client_ctx.


\fBOSSL_CMP_SRV_CTX_new() creates and initializes an \s-1OSSL_CMP_SRV_CTX\s0 structure
associated with the library context libctx and property query string
\fIpropq, both of which may be \s-1NULL\s0 to select the defaults.


\fBOSSL_CMP_SRV_CTX_free() deletes the given srv_ctx.


\fBOSSL_CMP_SRV_CTX_init() sets in the given srv_ctx a custom server context
pointer as well as callback functions performing the specific processing of \s-1CMP\s0
certificate requests, revocation requests, certificate confirmation requests,
general messages, error messages, and poll requests.
All arguments except srv_ctx may be \s-1NULL.\s0
If a callback for some message type is not given this means that the respective
type of \s-1CMP\s0 message is not supported by the server.


\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx() returns the \s-1OSSL_CMP_CTX\s0 from the srv_ctx.


\fBOSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context from
\fIsrv_ctx that has been set using OSSL_CMP_SRV_CTX_init().


\fBOSSL_CMP_SRV_CTX_set_send_unprotected_errors() enables sending error messages
and other forms of negative responses unprotected.


\fBOSSL_CMP_SRV_CTX_set_accept_unprotected() enables acceptance of requests
without protection of with invalid protection.


\fBOSSL_CMP_SRV_CTX_set_accept_raverified() enables acceptance of ir/cr/kur
messages with \s-1POPO\s0 'RAVerified'.


\fBOSSL_CMP_SRV_CTX_set_grant_implicit_confirm() enables granting implicit
confirmation of newly enrolled certificates if requested.

 "NOTES"
 Header "NOTES" \s-1CMP\s0 is defined in \s-1RFC 4210\s0 (and \s-1CRMF\s0 in \s-1RFC 4211\s0).


So far the \s-1CMP\s0 server implementation is limited to one request per \s-1CMP\s0 message
(and consequently to at most one response component per \s-1CMP\s0 message).

 "RETURN VALUES"
 Header "RETURN VALUES" \fBOSSL_CMP_SRV_CTX_new() returns a \s-1OSSL_CMP_SRV_CTX\s0 structure on success,
\s-1NULL\s0 on error.


\fBOSSL_CMP_SRV_CTX_free() does not return a value.


\fBOSSL_CMP_SRV_CTX_get0_cmp_ctx() returns a \s-1OSSL_CMP_CTX\s0 structure on success,
\s-1NULL\s0 on error.


\fBOSSL_CMP_SRV_CTX_get0_custom_ctx() returns the custom server context
that has been set using OSSL_CMP_SRV_CTX_init().


All other functions return 1 on success, 0 on error.

 "HISTORY"
 Header "HISTORY" The OpenSSL \s-1CMP\s0 support was added in OpenSSL 3.0.

 "COPYRIGHT"
 Header "COPYRIGHT" Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.


Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.