Different out file between GnuTLS p7-sign and OpenSSL smime
I signed a mobileconfig on OS X and tried to import to OS X, failed with error message:
Title: "Could not open profile."
Message: "The profile data was signed but could not be verified. The profile may have been corrupted."
This file is accepted by iOS #56 (closed).
I've attached test files. gnutls-openssl-pkcs7-test.tar.gz
In this tar ball:
test.mobileconfig is a plain text xml file, generated by apple configurator.
test.gnutls.mobileconfig is signed by certtool
/opt/gnutls/bin/certtool --p7-sign --p7-include-cert --p7-time --load-privkey '/Users/sskaje/Documents/CA/SSKAJE CA/sskaje_ca.key' --load-certificate '/Users/sskaje/Documents/CA/SSKAJE CA/sskaje_ca.pem' --infile test.mobileconfig --outder --outfile test.mobileconfig.signed
test.openssl.mobileconfig is signed by openssl
openssl smime -sign -signer ~/Documents/CA/SSKAJE\ CA/sskaje_ca.pem -inkey ~/Documents/CA/SSKAJE\ CA/sskaje_ca.key -outform DER -in test.mobileconfig -out test.openssl.mobileconfig -nodetach
test.ac.mobileconfig is exported and signed by apple configurator with a different key/cert.
ac.txt, gnutls.txt, openssl.txt is generated by commands like
openssl asn1parse -inform der -in test.gnutls.mobileconfig > gnutls.txt
The plain text part in OpenSSL signed file was convert to \r\n by openssl, I ran dos2unix on openssl.txt to make it easier comparing with gnutls.txt