--- openssl-1.0.1e.orig/apps/smime.c	2013-02-11 16:26:04.000000000 +0100
+++ openssl-1.0.1e/apps/smime.c	2013-09-17 23:14:25.209970822 +0200
@@ -709,6 +709,19 @@
 			flags |= PKCS7_REUSE_DIGEST;
 		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
 			{
+			PKCS7_SIGNER_INFO *si = NULL;
+			int signed_string_nid = -1;
+
+			ASN1_OBJECT *algorithm_identifier;
+			ASN1_OCTET_STRING *certificate_hash;
+			ASN1_STRING *seq;
+
+			unsigned char *data;
+			unsigned char *data2;
+			unsigned char *p;
+			int size;
+			int total;
+
 			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
 			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
@@ -719,9 +732,48 @@
 			       "signing key file");
 			if (!key)
 				goto end;
-			if (!PKCS7_sign_add_signer(p7, signer, key,
-						sign_md, flags))
+			if (!(si = PKCS7_sign_add_signer(p7, signer, key,
+							sign_md, flags)))
 				goto end;
+
+			/* ESSCertIDv2 */
+			algorithm_identifier = OBJ_nid2obj(NID_sha256);
+			certificate_hash = ASN1_OCTET_STRING_new();
+			/* here we should put the hash of the hash certificate,
+                         * but I don't know how to get it */
+			ASN1_OCTET_STRING_set(certificate_hash,
+					(unsigned char*)"",strlen(""));
+
+			size = i2d_ASN1_OBJECT(algorithm_identifier, NULL);
+			size += i2d_ASN1_OCTET_STRING(certificate_hash, NULL);
+			total = ASN1_object_size(1,size,V_ASN1_SEQUENCE);
+
+			data = malloc(total);
+			p = data;
+			ASN1_put_object(&p,1,size,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+			i2d_ASN1_OBJECT(algorithm_identifier,&p);
+			i2d_ASN1_OCTET_STRING(certificate_hash,&p);
+
+			/* SigningCertificateV2 */
+			size = total;
+			total = ASN1_object_size(1,size,V_ASN1_SEQUENCE);
+			data2 = malloc (total);
+			p = data2;
+			ASN1_put_object(&p,1,size,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+			memcpy (p, data, size);
+			seq=ASN1_STRING_new();          
+			ASN1_STRING_set(seq,data,total);
+			free(data2);
+			free(data);
+			ASN1_OCTET_STRING_free(certificate_hash);
+			ASN1_OBJECT_free(algorithm_identifier);
+
+			signed_string_nid = OBJ_create("1.2.840.113549.1.9.16.2.47",
+						"id-aa-signingCertificateV2",
+						"id-aa-signingCertificateV2");
+			PKCS7_add_signed_attribute(si, signed_string_nid,
+						V_ASN1_SEQUENCE, seq);
+
 			X509_free(signer);
 			signer = NULL;
 			EVP_PKEY_free(key);