OCSP result embedded in PKCS #7

Tue, 14 Jan 2014 08:06:14 -0800 

Hi,

I try to embed an OCSP basic response in a PKCS #7 SignedData object.

When I run "openssl pkcs7 -inform DER -text -in file.p7c", I get:

unable to load PKCS7 object
5024:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as
n1\tasn_dec.c:1319:
5024:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:.\
crypto\asn1\tasn_dec.c:381:Type=X509_CRL
5024:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e
rror:.\crypto\asn1\tasn_dec.c:711:Field=crl, Type=PKCS7_SIGNED
5024:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e
rror:.\crypto\asn1\tasn_dec.c:751:
5024:error:0D08403A:asn1 encoding routines:ASN1_TEMPLATE_EX_D2I:nested asn1 erro
r:.\crypto\asn1\tasn_dec.c:579:Field=d.sign, Type=PKCS7

An asn1parse of the file give this (truncated to relevant area):

 2976:d=3  hl=4 l=1454 cons: cont [ 1 ]
 2980:d=4  hl=4 l=1450 cons: cont [ 1 ]
 2984:d=5  hl=2 l=   8 prim: OBJECT            :1.3.6.1.5.5.7.16.2
 2994:d=5  hl=4 l=1436 cons: SEQUENCE
 2998:d=6  hl=2 l=   1 prim: ENUMERATED        :00
 3001:d=6  hl=4 l=1429 cons: cont [ 0 ]
 3005:d=7  hl=4 l=1425 cons: SEQUENCE
 3009:d=8  hl=2 l=   9 prim: OBJECT            :Basic OCSP Response
 3020:d=8  hl=4 l=1410 prim: OCTET STRING      [HEX
DUMP]:3082057E30820117A1819F...

And here is the ASN.1 tree as parsed by another program, with
non-relevant nodes folded:

SEQUENCE (2 elem)
-OBJECT IDENTIFIER 1.2.840.113549.1.7.2
-[0] (1 elem)
--SEQUENCE (6 elem)
---INTEGER 5
---SET (1 elem) folded
---SEQUENCE (2 elem) folded
---[0] (3 elem) folded
---[1] (1 elem)
----[1] (2 elem)
-----OBJECT IDENTIFIER 1.3.6.1.5.5.7.16.2
-----SEQUENCE (2 elem)
------ENUMERATED
------[0] (1 elem)
-------SEQUENCE (2 elem)
--------OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1.1
--------OCTECT STRING (1 elem)
---------SEQUENCE (4 elem) folded
---SET (1 elem) folded

I only get the error when the OCSP response is embedded. All I could
find on the internet about this, is another post to this list but I
don't see what's wrong in my file.

Has anyone an idea why OpenSSL is rejecting this file?

Thank you

Laurent
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to