I met the same problem with my SCEP Server written by ruby with OpenSSL 1.0.2k (OS bundles).
I show iOS consolelog with Xcode. May be iOS "profiled" program can't accept PKCS#7 certificate create by OpenSSL 1.0.2k.
I don't which program bugs, iOS profiled or OpenSSL 1.0.2K.
I avoid this problem recreating ruby link OpenSSL 1.0.1e.
I found a way to solve it.
The reason is the change of treating ASP.1 in OpenSSL library.
From OpenSSL 1.0.1i, 0 ID format is rejected, so that the output PKCS#7 which is passed to iOS is broken and iOS client cannot read them.
produce this broken data.
To fix this problem, create non 0 ID object with PKCS7_content_new(p7, NID_pkcs7_data).
It must be called after PKCS7_set_type(p7, type), otherwise, the content will be initialized with 0 ID object.
will produce fixed data.
SCEP servers which have been originally implemented with above API might have no problem.