F'up: decrypting the PKCS7 shows that there is plain text inside (this should be a DER encoded PKCS10 request!)
openssl smime -inform pem -in innerbad.p7 -inkey ra.key -decrypt Enter pass phrase for ra.key: PKCS7_ISSUER_AND_SUBJECT: subject: C=DE, ST=Hessen, L=MyCity, O=My Company, OU=Infrastructure, CN=testclient01 issuer: CN=oxidemo.rackport.net:scep-ra We might need some better error handling in OXI but the root cause is that sscep sends a broken request. Oli Am 15.03.20 um 08:37 schrieb Oliver Welter: > Hi Daniel, > > thank you for the logs - after anlysing them it looks like the sscep > binary creates an empty payload. > > Your request: > > 661:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data > 672:d=4 hl=2 l= 17 cons: SEQUENCE > 674:d=5 hl=2 l= 5 prim: OBJECT :des-cbc > 681:d=5 hl=2 l= 8 prim: OCTET STRING [HEX > DUMP]:712A21119E349AE6 > 691:d=4 hl=3 l= 160 prim: cont [ 0 ] > > My request: > > 658:d=3 hl=4 l=1250 cons: SEQUENCE > 662:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data > 673:d=4 hl=2 l= 17 cons: SEQUENCE > 675:d=5 hl=2 l= 5 prim: OBJECT :des-cbc > 682:d=5 hl=2 l= 8 prim: OCTET STRING [HEX > DUMP]:FACD1286CEAF27E8 > 692:d=4 hl=4 l=1216 prim: cont [ 0 ] > > Oliver > > Am 13.03.20 um 10:10 schrieb Daniel Heitepriem: >> Oops, sorry just seen that the request from below didn't even trigger a >> certificate enrollment on the WEB UI. Don't know why, maybe the log >> files of the server give a clue >> >> Am 13.03.20 um 10:04 schrieb Daniel Heitepriem: >>> Hi Oliver, >>> >>> I keep the sscep client polling while approving the request. I just >>> tested it against the demo and it fails with the same error. Workflow >>> ID of my request is "#748799" >>> >>> I use this sscep client https://github.com/certnanny/sscep in version >>> 0.7.0 and compiled it with >>> >>> dheitepriem@HOST:~/sscep-0.7.0$ ./Configure >>> Configuring for Linux... >>> dheitepriem@HOST:~/sscep-0.7.0$ make OPENSSL=/usr/lib/x86_64-linux-gnu >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> sscep.o sscep.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o init.o >>> init.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o net.o >>> net.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> sceputils.o sceputils.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> pkcs7.o pkcs7.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o ias.o >>> ias.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> fileutils.o fileutils.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> configuration.o configuration.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -c -o >>> engine.o engine.c >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -o >>> sscep_static sscep.o init.o net.o sceputils.o pkcs7.o ias.o >>> fileutils.o configuration.o engine.o >>> /usr/lib/x86_64-linux-gnu/libcrypto.a -lpthread -ldl >>> gcc -Wall -O -I /usr/lib/x86_64-linux-gnu/include -o sscep_dyn >>> sscep.o init.o net.o sceputils.o pkcs7.o ias.o fileutils.o >>> configuration.o engine.o -lcrypto -lpthread >>> -L/usr/lib/x86_64-linux-gnu >>> dheitepriem@HOST:~/sscep-0.7.0$ ldd sscep_dyn >>> linux-vdso.so.1 (0x00007fff50ff6000) >>> libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 >>> (0x00007eff92e08000) >>> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 >>> (0x00007eff92de7000) >>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007eff92c26000) >>> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 >>> (0x00007eff92c21000) >>> /lib64/ld-linux-x86-64.so.2 (0x00007eff9310d000) >>> >>> which looks like it was working. The debug log of the SCEP client can >>> be found here https://pastebin.com/raw/uDD9myVn >>> >>> Regards, >>> Daniel >>> >>> Am 13.03.20 um 07:50 schrieb Oliver Welter: >>>> Hi Daniel, >>>> >>>> When running sscep - do you terminate and restart the client while you >>>> are approving or do you leave it polling? There was some rework done on >>>> the client in the past and there have been some issues with exactly this >>>> parser part. >>>> >>>> So can you please try to enroll against the demo >>>> http://demo.openxpki.org/scep/test. I have currently no idea why this is >>>> crashing and just want to be sure that the problem ist not your sscep >>>> binary. >>>> >>>> Oliver >>>> >>>> _______________________________________________ >>>> OpenXPKI-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >>> >>> >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
