From: "Jacob640 (Joseph Coyle)" Date: 2013-03-28T09:39:49+09:00 Subject: [ruby-core:53791] [ruby-trunk - Bug #8178] OpenSSL::PKCS7::SignerInfo Issue #8178 has been updated by Jacob640 (Joseph Coyle). Because of this bug I have been looking at why it is so difficult to get useful identifying info for pkcs7 signers. I see that OpenSSL provides a utility function to extract a certificate from a pkcs7 message corresponding to a supplied signer info struct called PKCS7_cert_from_signer_info. Unfortunately due to OpenSSL closely following the pkcs7 data structures SignerInfo structs do not appear to contain the certificate or name of the signing certificate. Because of this PKCS7_cert_from_signer_info requires both a pkcs7 message and a signerInfo struct to provide the signer certificates. However if we wish to follow the design decisions of OpenSSL it is fairly easy to construct a utility method for OpenSSL::PKCS7 that takes a SignerInfo object and outputs the corresponding certificate. I have written a basic demonstration in this commit: https://github.com/Jacob640/ruby/commit/10e5f0b74cd08ee23f2b6643a7f86a6dbec857c1 ---------------------------------------- Bug #8178: OpenSSL::PKCS7::SignerInfo https://bugs.ruby-lang.org/issues/8178#change-37984 Author: Jacob640 (Joseph Coyle) Status: Assigned Priority: Normal Assignee: MartinBosslet (Martin Bosslet) Category: ext Target version: current: 2.1.0 ruby -v: ruby 2.1.0dev (2013-03-28 trunk 39971) [x86_64-darwin11.4.2] The instance method OpenSSL::PKCS7::SignerInfo.name does not return the signing certificate name but the X509 name of the signer's issuer. This is because SignerInfo.name is actually an alias of SignerInfo.issuer. This appears to be a mistake particularly because OpenSSL::PKCS7::RecepientInfo doesn't have a corresponding name method. Perhaps OpenSSL::PKCS7::SignerInfo.name should be considered for removal since the method name is misleading. -- http://bugs.ruby-lang.org/