Hi all, I am trying to create a "Degenerate certificates-only CMS Signed-Data” using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length” in the PKCS7 structure and I don't know how to get rid of it: 0 2395: SEQUENCE { 4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 15 2380: [0] { 19 2376: SEQUENCE { 23 1: INTEGER 1 26 0: SET {} 28 15: SEQUENCE { 30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1) 41 2: [0] { 43 0: OCTET STRING : Error: Object has zero length. <———— here : } : } [snip] The code is here: https://source.redwax.eu/projects/RS/repos/mod_scep/browse/mod_scep.c#1134 Or more specifically looks like this: p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signed); PKCS7_content_new(p7, NID_pkcs7_data); PKCS7_add_certificate(p7, cert); PKCS7_add_certificate(p7, conf->signer); i2d_PKCS7_bio(b, p7); Can anyone confirm what step I am missing? Regards, Graham —
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
