[openssl-users] Fwd: CMS_NOATTR and CMS_SignerInfo_sign

Luis Bernardo lmpmbernardo at gmail.com
Tue Jan 17 07:24:10 UTC 2017


I have been unable to prevent CMS_SignerInfo_sign() to add a signing time
attribute even though I used CMS_NOATTR. I think the issue is here:

if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
if (!cms_add1_signingTime(si, NULL))
goto err;

This is around line 648 of crypto/cms/cms_sd.c.

It seems to me that no matter what, the signing time attribute will be
added if not present. If I comment out the above lines I get the result I
want, which is no signing time attribute, but maybe I am not using the
flags correctly.

Can someone comment?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170117/0425bbfc/attachment.html>

More information about the openssl-users mailing list