Issue #8178 has been updated by Jacob640 (Joseph Coyle).


Because of this bug I have been looking at why it is so difficult to get useful identifying info for pkcs7 signers. I see that OpenSSL provides a utility function to extract a certificate from a pkcs7 message corresponding to a supplied signer info struct called PKCS7_cert_from_signer_info.    

Unfortunately due to OpenSSL closely following the pkcs7 data structures SignerInfo structs do not appear to contain the certificate or name of the signing certificate.   Because of this PKCS7_cert_from_signer_info requires both a pkcs7 message and a signerInfo struct to provide the signer certificates.

However if we wish to follow the design decisions of OpenSSL it is fairly easy to construct a utility method for OpenSSL::PKCS7 that takes a SignerInfo object and outputs the corresponding certificate.   I have written a basic demonstration in this commit: https://github.com/Jacob640/ruby/commit/10e5f0b74cd08ee23f2b6643a7f86a6dbec857c1
----------------------------------------
Bug #8178: OpenSSL::PKCS7::SignerInfo
https://bugs.ruby-lang.org/issues/8178#change-37984

Author: Jacob640 (Joseph Coyle)
Status: Assigned
Priority: Normal
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: current: 2.1.0
ruby -v: ruby 2.1.0dev (2013-03-28 trunk 39971) [x86_64-darwin11.4.2]


The instance method OpenSSL::PKCS7::SignerInfo.name does not return the signing certificate name but the X509 name of the signer's issuer.   This is because SignerInfo.name is actually an alias of SignerInfo.issuer.   This appears to be a mistake particularly because OpenSSL::PKCS7::RecepientInfo doesn't have a corresponding name method.

Perhaps OpenSSL::PKCS7::SignerInfo.name should be considered for removal since the method name is misleading.


-- 
http://bugs.ruby-lang.org/