The documentation still lists the 'openssl ts' command but I couldn't find it in the source code anymore. I wanted to explore the features of OpenSSL recently, so I developed a RFC 3161-conformant timestamp server using OpenSSL based on the PKCS7 support. Some questions regading this:
1. After having successfully tested the server implementation with a Java client, I'm currently developing a client based on OpenSSL. Would you consider this as a useful addition to OpenSSL, is there a way to contribute my work to the project? The implementation is currently based on PKCS7, but it could be ported to the more appropriate CMS functions once these are official. 2. In order to be conformant to the RFC, one needs to add the signed attribute "signing certificate" to the SignerInfo structure that forms the timestamp. It's easy to add signed attributes whose value is a primitive DER value, but in this case the value was again a ASN.1 value that I created using the template functions. The function "PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)" expects a V_ASN1_XXX type, which I chose as V_ASN1_ANY in my case. But then I needed to pass "value" as a ASN1_TYPE, encode my value using the i2d function created for my template and setting the ASN1_TYPE's value to an ASN1_STRING of type V_ASN1_SEQUENCE, length and encoding being derived from the former encoding of my template. This worked in the end, but is there no easier way, e.g. by handing over the pointer to my template directly, so that the template i2d functions are used when encoding the attribute? Best regards, Martin Boßlet
