Hi all, I am trying to create a "Degenerate certificates-only CMS Signed-Data” using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length” in the PKCS7 structure and I don't know how to get rid of it:
0 2395: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 2380: [0] {
19 2376: SEQUENCE {
23 1: INTEGER 1
26 0: SET {}
28 15: SEQUENCE {
30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
41 2: [0] {
43 0: OCTET STRING
: Error: Object has zero length. <———— here
: }
: }
[snip]
The code is here:
https://source.redwax.eu/projects/RS/repos/mod_scep/browse/mod_scep.c#1134
Or more specifically looks like this:
p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_signed);
PKCS7_content_new(p7, NID_pkcs7_data);
PKCS7_add_certificate(p7, cert);
PKCS7_add_certificate(p7, conf->signer);
i2d_PKCS7_bio(b, p7);
Can anyone confirm what step I am missing?
Regards,
Graham
—
smime.p7s
Description: S/MIME cryptographic signature
