On Sun, Sep 19, 2004, Dr. Stephen Henson wrote: > On Thu, Sep 16, 2004, Antonio Ruiz Martínez wrote: > > I tried to put the sequence in an octet_string and with that way there > > is no problem but I would like to use the SEQUENCE directley if it is > > possible. > > > > I tried that test file and it chokes several asn1 parsing tools. It looks like > the attribute is added OK and then things go badly amiss after it. This would > be the case if you'd added the PKCS#7 structure along with some trailing data, > for example if the length was wrong you passed to ASN1_STRING_set(). > >
This appears to indeed be the case. dumpasn1 will partly display the structure but chokes later on. Here is the start of the attribute: 1186 A1 1345: [1] { 1190 30 1341: SEQUENCE { 1194 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2) 1205 31 1326: SET { 1209 30 1257: SEQUENCE { The last SET length field is noticeably larger than the following SEQUENCE. This suggests there's some extra invalid data after the SEQUENCE. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]