[SignServer-develop] Signserver certificate request not valid

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi signserver developers!

I'm writing you to notify that Signserver 3.5.0 provide a bit invalid
certificate request:

In current case the the KeyOne software from Safelayer company does not
accept it like valid request.
Here is this in more detail:
--------
In the ASN.1 specification of PKCS#10 :

CertificationRequestInfo ::= SEQUENCE {
version       INTEGER { v1(0) } (v1,...),
subject       Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes    [0] Attributes{{ CRIAttributes }}
}

the attributes field is NOT OPTIONAL, then the DER encoding of this
structure in case it doesnt' specify any atribute must be a SET OF of
length 0.

In DER encoding you've sent this SET OF is not present and then is not a
correct PKCS#10
------

It seems like "attributes" field is missing?

Our components are:
RHEL6 + Oracle JDK7 + JBOSS 7.1.1 + Signserver 3.5.0 and nCipher netHSM using PKCS11 library

Best regards

-- 
Martin Kannel