[rs-commit] r549 - /mod_scep/trunk/mod_scep.c

[rs-commit at redwax.eu]

Author: minfrin at redwax.eu
Date: Sat Mar 14 12:00:37 2026
New Revision: 549

Log:
Add RFC descriptions for operations.

Modified:
    mod_scep/trunk/mod_scep.c

Modified: mod_scep/trunk/mod_scep.c
==============================================================================
--- mod_scep/trunk/mod_scep.c	(original)
+++ mod_scep/trunk/mod_scep.c	Sat Mar 14 12:00:37 2026
@@ -3214,12 +3214,39 @@
         return HTTP_BAD_REQUEST;
     }
     else if (!strcmp(operation, "GetCACert")) {
+    	/*
+    	 * 4.2. Get CA Certificate
+    	 *
+    	 * To get the CA certificate(s), the client sends a GetCACert
+    	 * message to the CA. The OPERATION MUST be set to "GetCACert".
+    	 * There is no request data associated with this message.
+    	 */
         return get_ca_cert(r, conf, message);
     }
     else if (!strcmp(operation, "GetNextCACert")) {
+
+    	/*
+    	 * 4.7. Get Next Certificate Authority Certificate
+    	 *
+    	 * When a CA certificate is about to expire, clients
+    	 * need to retrieve the CA's next CA certificate
+    	 * (i.e., the rollover certificate). This is done via
+    	 * the GetNextCACert message. The OPERATION MUST be
+    	 * set to "GetNextCACert". There is no request data
+    	 * associated with this message.
+    	 */
         return get_next_ca_cert(r, conf, message);
     }
     else if (!strcmp(operation, "GetCACaps")) {
+
+    	/*
+    	 * 3.5. CA Capabilities
+    	 *
+    	 * In order to provide support for future enhancements
+    	 * to the protocol, CAs MUST implement the GetCACaps
+    	 * message to allow clients to query which functionality
+    	 * is available from the CA.
+    	 */
         return get_ca_caps(r, conf, message);
     }
     else if (!strcmp(operation, "PKIOperation")) {