PKCS7: Error: Object has zero length.
Graham Leggett
minfrin at sharp.fm
Tue May 5 10:17:55 UTC 2020
Hi all,
I am trying to create a "Degenerate certificates-only CMS Signed-Data” using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length” in the PKCS7 structure and I don't know how to get rid of it:
0 2395: SEQUENCE {
4 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 2380: [0] {
19 2376: SEQUENCE {
23 1: INTEGER 1
26 0: SET {}
28 15: SEQUENCE {
30 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
41 2: [0] {
43 0: OCTET STRING
: Error: Object has zero length. <———— here
: }
: }
[snip]
The code is here: https://source.redwax.eu/projects/RS/repos/mod_scep/browse/mod_scep.c#1134
Or more specifically looks like this:
p7 = PKCS7_new();
PKCS7_set_type(p7, NID_pkcs7_signed);
PKCS7_content_new(p7, NID_pkcs7_data);
PKCS7_add_certificate(p7, cert);
PKCS7_add_certificate(p7, conf->signer);
i2d_PKCS7_bio(b, p7);
Can anyone confirm what step I am missing?
Regards,
Graham
—
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5014 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200505/6282548a/attachment-0001.bin>
More information about the openssl-users
mailing list