PKCS7: Error: Object has zero length.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

PKCS7: Error: Object has zero length.

Graham Leggett
Hi all,

I am trying to create a "Degenerate certificates-only CMS Signed-Data” using openssl openssl-1.1.1c (from CentOS8) as described by https://tools.ietf.org/html/draft-gutmann-scep-15#section-3.4, and in the process I am getting the entry "Error: Object has zero length” in the PKCS7 structure and I don't know how to get rid of it:

   0 2395: SEQUENCE {
   4    9:   OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
  15 2380:   [0] {
  19 2376:     SEQUENCE {
  23    1:       INTEGER 1
  26    0:       SET {}
  28   15:       SEQUENCE {
  30    9:         OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
  41    2:         [0] {
  43    0:           OCTET STRING
         :             Error: Object has zero length.    <———— here
         :           }
         :         }
[snip]

The code is here: https://source.redwax.eu/projects/RS/repos/mod_scep/browse/mod_scep.c#1134

Or more specifically looks like this:

    p7 = PKCS7_new();
    PKCS7_set_type(p7, NID_pkcs7_signed);
    PKCS7_content_new(p7, NID_pkcs7_data);
    PKCS7_add_certificate(p7, cert);
    PKCS7_add_certificate(p7, conf->signer);
    i2d_PKCS7_bio(b, p7);

Can anyone confirm what step I am missing?

Regards,
Graham



smime.p7s (6K) Download Attachment