You may try a routine like the following by replacing all occurences of
ESS_SIGNING_CERTIFICATE by PKCS7
and change the nid to the PKCS9 V2 defined one.
Or to consider to (mis)use
id-aa-timeStampToken OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) aa(2) 14 }
The difference I see is that the i2d is done before setting the attribute.
int ESS_add_attrib_signcert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERTIFICATE *sc) {
ASN1_STRING *seq;
unsigned char *p, *pp ;
int len;
len = i2d_ESS_SIGNING_CERTIFICATE(sc, NULL);
if (!(pp = (unsigned char *) OPENSSL_malloc(len)))
{
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
p = pp;
i2d_ESS_SIGNING_CERTIFICATE(sc, &p);
if(!(seq = ASN1_STRING_new())) {
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
if(!ASN1_STRING_set (seq, pp, len)) {
ASN1_STRING_free(seq);
OPENSSL_free(pp);
ESSerr(ESS_F_ADD_ATTRIB_SIGNCERT,ERR_R_MALLOC_FAILURE);
return 0;
}
OPENSSL_free(pp);
return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
V_ASN1_SEQUENCE, seq);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
