CAIdentifier will send with GETCA even it is not defined in the call

[oregano87]

I am using EJBCA for SCEP enrollment. It is not possible for me to call getca because the response is 404 wrong (or missing) MIME content type. Any ideas?

$ sscep getca -u http://ejbca.domain.tld/ejbca/publicweb/apply/scep/demo/pkiclient.exe -c /tmp/ca.crt -vd
sscep: starting sscep, version 0.10.0
sscep: new transaction
sscep: transaction id: SSCEP transactionId
sscep: hostname: ejbca.domain.tld
sscep: directory: ejbca/publicweb/apply/scep/demo/pkiclient.exe
sscep: port: 80
sscep: SCEP_OPERATION_GETCAPS
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACaps HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 200, MIME header: text/plain
POSTPKIOperation
Renewal
SHA-512
SHA-256
SHA-1
DES3
sscep: scep caps bitmask: 0x02ba
sscep: SCEP_OPERATION_GETCA
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACert&message=CAIdentifier HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 404, MIME header: text/html
sscep: wrong (or missing) MIME content type
sscep: error while sending message

[oregano87]

Bug found. When calling with -i '' then it works well.

$ sscep getca -u http://ejbca.domain.tld/ejbca/publicweb/apply/scep/demo/pkiclient.exe -c /tmp/ca.crt -i '' -vd
[...]
sscep: scep caps bitmask: 0x02ba
sscep: SCEP_OPERATION_GETCA
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACert HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 200, MIME header: application/x-x509-ca-ra-cert
sscep: valid response from server
[...]

If no parameter -i is defined, then the GET request must not include the MESSAGE.