-
Re: MDM profile cannot be installed with OpenSSL updated
jormiya Apr 3, 2019 4:07 PM (in response to jopie)I met the same problem with my SCEP Server written by ruby with OpenSSL 1.0.2k (OS bundles).
I show iOS consolelog with Xcode. May be iOS "profiled" program can't accept PKCS#7 certificate create by OpenSSL 1.0.2k.
I don't which program bugs, iOS profiled or OpenSSL 1.0.2K.
I avoid this problem recreating ruby link OpenSSL 1.0.1e.
Kind regards,
-
Re: MDM profile cannot be installed with OpenSSL updated
jopie Apr 11, 2019 10:54 PM (in response to jormiya)I found a way to solve it.
The reason is the change of treating ASP.1 in OpenSSL library.
From OpenSSL 1.0.1i, 0 ID format is rejected, so that the output PKCS#7 which is passed to iOS is broken and iOS client cannot read them.
Just
1.PKCS7_new
2.PKCS7_set_type
produce this broken data.
To fix this problem, create non 0 ID object with PKCS7_content_new(p7, NID_pkcs7_data).
It must be called after PKCS7_set_type(p7, type), otherwise, the content will be initialized with 0 ID object.
1.PKCS7_new
2.PKCS7_set_type
3.PKCS7_content_new
will produce fixed data.
SCEP servers which have been originally implemented with above API might have no problem.
-
Re: MDM profile cannot be installed with OpenSSL updated
jormiya Jul 7, 2019 6:17 PM (in response to jopie)Thanks tell me response.
-
-