We should add support for the profile "D.4" of RFC4210. http://www.apps.ietf.org/rfc/rfc4210.html#page-68
This is the default mode used by cmpforopenssl, so we can use cmpforopenssl for testing. See http://ejbca.org/adminguide.html#Interoperability for details on CMP for OpenSSL.
Add modular authentication facility for CMP
CMP improvement and support more CMP clients