tests: add test for signing with certificate list

Signing with one certificate, but includes the other certificates
inside the PKCS#7 structure.

Signed-off-by: Karl Tarbe <karl.tarbe@cyber.ee>

5 files changed, 361 insertions, 2 deletions

diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am
index 47a2e1ec3b..e155fef509 100644
--- a/tests/cert-tests/Makefile.am
+++ b/tests/cert-tests/Makefile.am
@@ -75,7 +75,8 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
 	data/pkcs7.smime data/invalid-date-hour.der data/invalid-date-mins.der \
 	data/invalid-date-secs.der data/invalid-date-month.der data/invalid-date-day.der \
 	data/mem-leak.p12 data/alt-chain-new-ca.pem data/alt-chain-old-ca.pem \
-	data/alt-chain.pem
+	data/alt-chain.pem data/pkcs7-chain.pem data/pkcs7-chain-root.pem \
+	data/pkcs7-chain-endcert-key.pem
 
 dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \
@@ -83,7 +84,7 @@ dist_check_SCRIPTS = pathlen aki certtool invalid-sig email \
 	provable-privkey-rsa2048 provable-privkey-gen-default pkcs7-constraints \
 	pkcs7-constraints2 certtool-long-oids pkcs7-cat cert-sanity cert-critical \
 	pkcs12 certtool-crl-decoding pkcs12-encode pkcs12-corner-cases inhibit-anypolicy \
-	smime cert-time alt-chain
+	smime cert-time alt-chain pkcs7-list-sign
 
 if WANT_TEST_SUITE
 dist_check_SCRIPTS += provable-dh-default
diff --git a/tests/cert-tests/data/pkcs7-chain-endcert-key.pem b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem
new file mode 100644
index 0000000000..c68464589e
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain-endcert-key.pem
@@ -0,0 +1,182 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: High (3072 bits)
+
+modulus:
+	00:cf:4d:4a:09:00:a6:0d:58:ac:03:1d:60:d5:fc:5e
+	b7:e7:04:42:09:27:eb:01:f3:a5:52:6d:1d:d9:2b:87
+	2e:d2:7f:58:f9:d9:8e:34:51:a7:cd:82:80:d9:ae:a2
+	e8:5c:61:7c:d1:e6:1e:ee:21:3d:1f:8f:5f:03:1d:d9
+	50:03:2e:d9:92:fb:fc:db:3d:38:c0:68:de:a0:4e:7a
+	88:12:3f:e2:50:5a:97:ab:1b:bc:ab:37:b8:8c:dc:03
+	7f:b3:44:53:0e:59:da:81:7a:6b:3f:fb:48:6a:cb:06
+	53:7d:49:41:60:69:2d:0b:3c:fb:85:28:c6:0a:3e:f9
+	94:f6:b1:05:c9:9b:87:ce:e0:8b:d1:bd:d4:10:ff:ab
+	a0:22:dd:c4:c9:62:eb:09:8d:4b:30:03:3c:e8:96:d3
+	bc:cf:40:6d:e2:d3:c6:15:97:57:61:b6:9c:01:d4:60
+	1c:23:a8:f7:18:82:a4:41:86:5d:3e:1c:b8:e2:6b:e4
+	a5:ca:83:40:14:a3:8a:ea:7e:21:c0:85:3b:0d:b0:b0
+	6e:00:d9:fc:53:34:c5:b9:ab:3b:18:89:5c:4d:3b:6b
+	91:0b:6d:57:d6:58:e2:08:6d:eb:74:9b:bf:c1:01:89
+	a2:f5:f3:32:5e:86:6e:9d:26:21:3b:b5:36:b1:e5:f8
+	68:d2:df:12:4a:5b:4d:7f:71:b7:4c:04:cf:b2:17:fa
+	cf:b7:4b:9f:fb:59:01:60:ee:93:6f:c8:20:df:ad:d0
+	17:0c:e6:03:90:10:5c:26:dc:33:a0:15:ac:1d:49:1c
+	63:03:36:fd:b5:d7:36:10:a0:57:3f:dd:64:22:22:37
+	fb:bd:8c:2a:b7:12:bf:b5:9b:3c:ac:5c:9d:a9:b9:f1
+	ae:ae:a1:12:e7:af:5f:c4:c7:f2:66:cf:b5:a9:f2:74
+	1c:26:f7:bb:44:85:00:d1:8e:35:73:27:98:05:cd:97
+	b8:4e:fb:f7:3c:56:49:de:e2:3b:18:62:0c:34:b7:b8
+	0d:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	00:c2:c9:10:e3:dc:a4:2a:ae:43:12:ba:2c:1f:65:7f
+	6a:b5:bb:9e:81:13:ed:12:6c:69:cf:45:90:62:5b:30
+	2e:a2:c3:de:4b:06:4d:44:83:e5:74:89:47:a1:43:22
+	f7:ca:b6:1f:9e:ea:e7:ed:41:76:39:8d:71:ed:6f:c2
+	9e:18:1f:91:79:37:25:a4:ab:a6:03:c5:86:4a:82:f3
+	47:a0:3e:3e:dc:da:02:e1:58:b2:b2:ff:2c:7d:ce:cd
+	ca:d4:1b:43:1f:9c:f6:5f:eb:33:93:6e:fd:e0:ba:dc
+	3a:de:e2:52:77:d0:db:ee:4f:62:d7:00:34:f5:b3:ae
+	b8:76:04:68:37:c3:d8:9c:5f:09:82:0f:28:90:c0:6b
+	f7:90:4b:69:79:01:65:70:18:3f:a9:e1:a0:fd:bb:9b
+	41:32:4c:8b:f4:32:a1:51:f0:5e:bf:05:e3:19:25:01
+	19:ef:b7:f8:56:23:8b:4b:b6:81:2e:b7:b6:51:aa:a7
+	b0:1e:c6:7c:01:b6:3f:93:37:e2:87:7f:45:57:46:7a
+	4f:a9:d3:3c:8b:fc:27:34:79:bd:60:da:0d:f8:c6:2a
+	a8:95:5e:62:51:ea:40:95:0f:da:18:02:0c:91:0a:0d
+	fd:dd:13:36:36:45:d7:f6:bb:db:f6:54:fb:f6:31:b4
+	8f:1f:a5:65:70:bf:60:12:b2:bb:a4:9c:d0:a5:9d:70
+	2f:e9:22:f3:83:e3:4c:4d:5a:50:d3:37:ce:77:4b:9b
+	98:4c:8d:7b:48:85:01:2c:48:eb:cd:6d:80:1b:26:b5
+	bc:9f:a9:ae:df:36:a8:f6:ad:31:7f:9f:f5:cf:7a:fb
+	d3:99:5d:97:f7:37:ba:4b:df:89:e4:1f:57:a1:f5:dc
+	f0:7a:44:48:4b:2a:c9:b7:f5:96:4a:85:f2:5a:be:f8
+	b1:9b:c9:da:1c:e8:65:54:7a:66:e4:68:33:f8:be:1f
+	4e:17:b1:2d:b7:1c:63:ac:cf:7a:a3:4b:5c:57:3c:b7
+	51:
+
+prime1:
+	00:f7:ab:33:e9:01:38:02:87:49:0c:56:8f:8e:f7:35
+	e5:88:97:cf:7b:d0:2b:84:28:b4:4f:b3:17:fd:b2:27
+	1c:10:7b:1e:0b:bb:3a:ac:4d:de:87:fe:e1:0e:f3:33
+	3c:28:3d:f5:be:a1:ee:be:51:09:2f:d7:91:80:07:6c
+	c9:82:cd:91:26:73:0a:3f:3c:e8:01:8c:89:fb:60:9e
+	67:c0:6d:84:3d:25:2a:88:0d:1a:b1:c0:6b:26:81:13
+	10:2e:01:85:75:70:de:01:0f:47:49:b0:d7:3c:e0:e9
+	cf:1e:de:a8:bb:67:4f:26:ec:c3:5e:f2:90:28:1c:8b
+	43:f5:33:0e:f3:a2:92:3c:e3:5e:ca:94:a6:4d:f7:a9
+	84:7b:11:03:cb:34:1a:d9:c1:54:37:d3:a3:06:49:bd
+	43:16:52:6d:c5:44:db:e4:cf:90:48:13:7d:18:cd:f6
+	db:1c:80:95:0a:b4:bf:ff:78:ef:c0:66:69:0e:c9:4e
+	7f:
+
+prime2:
+	00:d6:46:77:b9:7c:1b:06:fe:eb:ba:cf:48:a4:9b:0a
+	98:8c:99:9d:b4:40:e3:1b:61:d3:9d:85:78:f6:56:c0
+	65:7b:6c:a5:e9:18:10:7d:65:c7:48:95:ff:f4:f5:94
+	cf:49:38:d7:04:3f:3b:c1:ae:d1:e5:a6:20:ff:dc:12
+	a9:41:84:1a:ff:56:53:3d:33:91:c8:a5:a5:a2:91:f4
+	92:07:95:92:29:4b:f7:80:de:d1:91:1c:f8:97:64:a1
+	df:57:ed:0e:9d:ca:23:77:30:8b:bb:2c:eb:52:9e:4d
+	cd:41:63:dc:9d:8f:1d:0c:f6:4e:e6:26:38:55:69:1e
+	1d:8b:b6:f0:68:a9:b9:38:b0:97:b5:be:34:c7:9b:60
+	08:b6:e0:83:d8:f8:f6:62:b4:be:be:01:fd:2f:6f:5d
+	2a:a0:8d:aa:52:f5:2c:23:56:8d:3a:50:73:0d:ea:31
+	95:59:32:60:9c:e9:3f:34:5a:c7:99:57:a5:55:16:0b
+	73:
+
+coefficient:
+	00:88:98:51:9a:a6:1c:ce:44:54:5d:c7:f5:df:a7:0a
+	db:39:c3:d8:6b:ec:5d:ee:89:64:bf:25:2e:9a:25:a6
+	ee:dc:e5:cb:01:13:9a:19:9f:7f:24:52:b6:e7:40:e1
+	21:8d:8f:9f:69:92:e4:3d:a4:25:db:2d:0a:74:bc:ea
+	44:d6:81:90:d5:59:3f:6a:63:cd:2c:0e:7f:83:ce:0c
+	e7:7b:bb:22:c8:6d:f8:15:5d:7b:52:be:e1:c6:1f:c5
+	55:5a:76:8a:b4:ae:18:29:55:86:e0:a7:40:23:28:c0
+	c7:6d:dc:a3:a8:6b:56:97:b4:64:88:a1:7b:f1:5f:b4
+	f0:bf:1b:9e:b3:b7:db:59:a3:01:49:40:2d:df:2b:bb
+	f4:e3:84:e8:b9:0c:c5:31:f6:05:38:4c:7f:8e:b6:2e
+	8b:7f:fc:69:c2:57:e5:f5:10:3e:4e:47:3a:3d:d2:57
+	a7:5f:73:54:8d:9a:60:90:d6:10:b7:e3:31:57:83:40
+	87:
+
+exp1:
+	00:f4:cd:e1:da:9f:5c:c8:8b:06:76:4e:9d:49:d8:2b
+	0a:fd:cf:e8:c3:5e:49:95:31:52:c1:30:aa:37:16:c0
+	37:aa:46:b7:b5:2a:d4:dc:f9:7f:4b:77:70:e8:01:16
+	14:91:46:65:40:8f:f9:57:5e:ec:30:c0:e8:4d:df:88
+	f5:49:f8:7d:4f:bf:08:52:e7:95:ff:e9:f5:7d:66:cc
+	4c:8b:54:f5:10:27:4b:79:fd:51:f4:7e:d8:aa:cf:8c
+	93:42:96:38:5f:94:37:ac:5e:78:bd:6b:31:e5:37:ff
+	83:bd:e4:a2:6d:d2:b8:d7:25:d2:1b:68:b1:7b:24:73
+	b7:b1:87:4d:71:1e:b1:63:c3:ee:af:58:ed:65:45:b6
+	e6:7f:6a:9b:10:61:29:65:32:06:57:c4:36:71:01:b4
+	34:ba:bc:b1:49:fb:3d:4b:56:ab:2b:c3:2f:b4:b3:e9
+	1c:3d:79:0f:58:ec:be:96:fb:e8:27:8a:52:af:cd:e5
+	6b:
+
+exp2:
+	50:8c:54:dd:49:25:ef:cf:4c:56:01:2d:d1:92:e6:bc
+	c9:bd:c5:66:c9:2d:96:51:83:f7:27:01:7d:b8:c6:c2
+	5f:4f:4c:5e:ff:48:d3:9a:ba:fb:32:47:f1:91:8f:cb
+	0c:3f:6d:b4:8f:00:ab:a2:48:0d:08:12:47:9c:36:f7
+	a1:45:43:d0:d0:66:a2:0f:0c:b2:5c:72:93:56:42:95
+	d2:7c:0b:61:b2:c8:eb:8c:d7:42:b1:9d:51:6b:e6:dd
+	ca:73:b6:96:e2:31:ca:d0:58:f6:97:c0:2e:62:8b:e4
+	a8:bc:1d:66:ad:31:c2:79:a4:d7:27:6e:ed:cc:82:21
+	a1:2f:b7:d7:e0:55:5c:56:25:f1:8f:fa:cf:3e:3d:2f
+	89:6f:84:a0:bf:95:ff:2c:ea:b7:0a:90:5e:90:82:79
+	4f:b9:71:59:96:08:6d:90:4f:ae:a8:27:58:07:bd:73
+	e2:ff:e9:09:93:34:cb:3d:84:e2:c3:eb:c6:bc:6e:b9
+	
+
+
+Public Key PIN:
+	pin-sha256:bQF0mUATY710KqQP8ajdnqREqJUPc/Z4II4Fn33CZL8=
+Public Key ID:
+	sha256:6d017499401363bd742aa40ff1a8dd9ea444a8950f73f678208e059f7dc264bf
+	sha1:9612983dbe342ee129ce2aaa5be249c695676212
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j5
+2Y40UafNgoDZrqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQ
+WperG7yrN7iM3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJ
+m4fO4IvRvdQQ/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcY
+gqRBhl0+HLjia+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfW
+WOIIbet0m7/BAYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7
+WQFg7pNvyCDfrdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3
+Er+1mzysXJ2pufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8
+Vkne4jsYYgw0t7gNAgMBAAECggGBAMLJEOPcpCquQxK6LB9lf2q1u56BE+0SbGnP
+RZBiWzAuosPeSwZNRIPldIlHoUMi98q2H57q5+1BdjmNce1vwp4YH5F5NyWkq6YD
+xYZKgvNHoD4+3NoC4Viysv8sfc7NytQbQx+c9l/rM5Nu/eC63Dre4lJ30NvuT2LX
+ADT1s664dgRoN8PYnF8Jgg8okMBr95BLaXkBZXAYP6nhoP27m0EyTIv0MqFR8F6/
+BeMZJQEZ77f4ViOLS7aBLre2UaqnsB7GfAG2P5M34od/RVdGek+p0zyL/Cc0eb1g
+2g34xiqolV5iUepAlQ/aGAIMkQoN/d0TNjZF1/a72/ZU+/YxtI8fpWVwv2ASsruk
+nNClnXAv6SLzg+NMTVpQ0zfOd0ubmEyNe0iFASxI681tgBsmtbyfqa7fNqj2rTF/
+n/XPevvTmV2X9ze6S9+J5B9XofXc8HpESEsqybf1lkqF8lq++LGbydoc6GVUembk
+aDP4vh9OF7EttxxjrM96o0tcVzy3UQKBwQD3qzPpATgCh0kMVo+O9zXliJfPe9Ar
+hCi0T7MX/bInHBB7Hgu7OqxN3of+4Q7zMzwoPfW+oe6+UQkv15GAB2zJgs2RJnMK
+PzzoAYyJ+2CeZ8BthD0lKogNGrHAayaBExAuAYV1cN4BD0dJsNc84OnPHt6ou2dP
+JuzDXvKQKByLQ/UzDvOikjzjXsqUpk33qYR7EQPLNBrZwVQ306MGSb1DFlJtxUTb
+5M+QSBN9GM322xyAlQq0v/9478BmaQ7JTn8CgcEA1kZ3uXwbBv7rus9IpJsKmIyZ
+nbRA4xth052FePZWwGV7bKXpGBB9ZcdIlf/09ZTPSTjXBD87wa7R5aYg/9wSqUGE
+Gv9WUz0zkcilpaKR9JIHlZIpS/eA3tGRHPiXZKHfV+0OncojdzCLuyzrUp5NzUFj
+3J2PHQz2TuYmOFVpHh2LtvBoqbk4sJe1vjTHm2AItuCD2Pj2YrS+vgH9L29dKqCN
+qlL1LCNWjTpQcw3qMZVZMmCc6T80WseZV6VVFgtzAoHBAPTN4dqfXMiLBnZOnUnY
+Kwr9z+jDXkmVMVLBMKo3FsA3qka3tSrU3Pl/S3dw6AEWFJFGZUCP+Vde7DDA6E3f
+iPVJ+H1PvwhS55X/6fV9ZsxMi1T1ECdLef1R9H7Yqs+Mk0KWOF+UN6xeeL1rMeU3
+/4O95KJt0rjXJdIbaLF7JHO3sYdNcR6xY8Pur1jtZUW25n9qmxBhKWUyBlfENnEB
+tDS6vLFJ+z1LVqsrwy+0s+kcPXkPWOy+lvvoJ4pSr83lawKBwFCMVN1JJe/PTFYB
+LdGS5rzJvcVmyS2WUYP3JwF9uMbCX09MXv9I05q6+zJH8ZGPyww/bbSPAKuiSA0I
+EkecNvehRUPQ0GaiDwyyXHKTVkKV0nwLYbLI64zXQrGdUWvm3cpztpbiMcrQWPaX
+wC5ii+SovB1mrTHCeaTXJ27tzIIhoS+31+BVXFYl8Y/6zz49L4lvhKC/lf8s6rcK
+kF6QgnlPuXFZlghtkE+uqCdYB71z4v/pCZM0yz2E4sPrxrxuuQKBwQCImFGaphzO
+RFRdx/XfpwrbOcPYa+xd7olkvyUumiWm7tzlywETmhmffyRStudA4SGNj59pkuQ9
+pCXbLQp0vOpE1oGQ1Vk/amPNLA5/g84M53u7Isht+BVde1K+4cYfxVVadoq0rhgp
+VYbgp0AjKMDHbdyjqGtWl7RkiKF78V+08L8bnrO321mjAUlALd8ru/TjhOi5DMUx
+9gU4TH+Oti6Lf/xpwlfl9RA+Tkc6PdJXp19zVI2aYJDWELfjMVeDQIc=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/cert-tests/data/pkcs7-chain-root.pem b/tests/cert-tests/data/pkcs7-chain-root.pem
new file mode 100644
index 0000000000..3a4be5ec36
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain-root.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk
+fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b
+z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ
+ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF
+PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do
+88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb
+yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO
+GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2
+aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC
+AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud
+DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ
+V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl
+oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e
+LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ
+CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5
+lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5
+/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0
+tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4
+LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/data/pkcs7-chain.pem b/tests/cert-tests/data/pkcs7-chain.pem
new file mode 100644
index 0000000000..4800eb5629
--- /dev/null
+++ b/tests/cert-tests/data/pkcs7-chain.pem
@@ -0,0 +1,72 @@
+-----BEGIN CERTIFICATE-----
+MIIEITCCAomgAwIBAgIMWRVcaAigQxpHMLElMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTEwIBcNMTcwNTEyMDY1NTM2WhgPOTk5OTEyMzEyMzU5NTlaMBMx
+ETAPBgNVBAMTCHNlcnZlci0yMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKC
+AYEAz01KCQCmDVisAx1g1fxet+cEQgkn6wHzpVJtHdkrhy7Sf1j52Y40UafNgoDZ
+rqLoXGF80eYe7iE9H49fAx3ZUAMu2ZL7/Ns9OMBo3qBOeogSP+JQWperG7yrN7iM
+3AN/s0RTDlnagXprP/tIassGU31JQWBpLQs8+4Uoxgo++ZT2sQXJm4fO4IvRvdQQ
+/6ugIt3EyWLrCY1LMAM86JbTvM9AbeLTxhWXV2G2nAHUYBwjqPcYgqRBhl0+HLji
+a+SlyoNAFKOK6n4hwIU7DbCwbgDZ/FM0xbmrOxiJXE07a5ELbVfWWOIIbet0m7/B
+AYmi9fMyXoZunSYhO7U2seX4aNLfEkpbTX9xt0wEz7IX+s+3S5/7WQFg7pNvyCDf
+rdAXDOYDkBBcJtwzoBWsHUkcYwM2/bXXNhCgVz/dZCIiN/u9jCq3Er+1mzysXJ2p
+ufGurqES569fxMfyZs+1qfJ0HCb3u0SFANGONXMnmAXNl7hO+/c8Vkne4jsYYgw0
+t7gNAgMBAAGjdzB1MAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0
+MA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJYSmD2+NC7hKc4qqlviScaVZ2IS
+MB8GA1UdIwQYMBaAFFRxDgQyZHU8liZv3WQ/ksokQCSpMA0GCSqGSIb3DQEBCwUA
+A4IBgQAN1f7NR1o0JV2IgEDO+ahN5sx/ad+SYvSaRth8TogKjRMY9C/w13rwzs6M
+Y8qaipz2D5Nso2FHysveW3IoEtqS9UB2wYmfh97P3cePz9FEvmGA+8SdL+rCLTpi
+u6eioKk04C56cMsf7cFls1MZ1iCbbU/HlXoqjg4mJZeVW443MlmT/xyZLuqNhnke
+b5C0MHJ0Y/dBtRzdE1yrphLurpC39RLqAj1K3U/iWt9ZXbIYPioPXKpWcEdXgFsE
+Pboe4Aj1ZweK6siijaEZ1HdyRdEvi77MaMTuL5i42JzV8j9OoKA8IVdf4FJgIGOo
+yHW9oBVzYmEIzQ7+lpp68Fk8w+esk5WafPRdP5AQNRXN4KFJmdYZe2K7BSEArc4c
+iIB+gNjFOiAbXnlW+URHiOMPZCXza7Fxae33B5lMBcpi1yDSa2XOO/xPu5z9vA1L
+9ugcdi3EqBmVEf1h4MQuXP0rKp85L4Bd8qqIbXz6pE85Yz5AjcXU/VD/y4ugJV6V
+oVNlbsQ=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIECjCCAnKgAwIBAgIMWRVcZzdMb3w6rL9cMA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTEwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDK
+VudX96t79AYqJxe0I9D5d1QAS2UOQ04A/brEmdZ0gMNdXT99cesrPy9dIOq2Vtyq
+dr5HEqCmEGZUnB9882OosNCwM8qMu+xkPlDdApLfM1UV8tyPMTLDyKDYcGxBcx1B
+x/vYDSHQ9OZZaHOkaK8qjWN1G7ZZk+7j+fKsFee+VVaY/LNZVtNjA6PQC8/fQeEF
+6NdKFFNZGA6xOjPAdfcpidJAAqhs0nCwlZocLSTrlAplLtXj3jjIpWZA9pnqZTQB
+dk2dSukhbBqbjOaRcAoS96CNB9BPTfiYoBFIrO18CeDuyqNhriAKS4wLKhUOtB0C
+vkuJC77NLeYFPXLI/8RbUD9M2BBeveswX5S9oEqghrsJuehHPy3Uces6oK9nipIN
+9Uj/mkemgXjZqfIUcLMJisk3WBG4JZEcFCrLRKHbEMhQ1borBexi+y0qE0tKpc6k
+pq6SvSkmyAoy8yURtcyw43AgULp7RaS0F6kLkyuY4WbVDkZHT/6zqD8178kig8EC
+AwEAAaNkMGIwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1Ud
+DgQWBBRUcQ4EMmR1PJYmb91kP5LKJEAkqTAfBgNVHSMEGDAWgBTZfEXSOVCPbOBH
+kMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEAD9S9gNKUzT4CpHZ1WZ+TMlJN
+0uVwchW5ivsimghmD3T2e+7rSwpxsvQAKb1ifZS5H4L2We6e4Rq5KjfaZZxBy0F4
+TziK6Vy6KRPqtyH2YZwiqpgoJ/kCzdmiPwIuSagZYkXebgzRESAXJHxmANk8WuBT
+fuTWlN9WhqUsubB/b5CLKwYx99k5W55VKld44bqWWG9b9qma42+7tllKV1ctOHUz
+W/tZDWFDTZlMi4NoDnHlciGuNKM2rN37kwmjE2oVUQc1FVQhmdlbdGj/kO14Ur0u
+dlTWO1ApZ+0bGmcB+QOHbM5wwnH2yyqBf2ipS9jjxqo2Xi2mb8GuSj4zXuB3sbSm
+ms11RUNZdBUe56SO/mflywXfxYBslr56+n4uFtKo/LS/HQbGbURDLxRCbNual8tb
+CqdvPriHx9No3EmZEF9fVLy4PQ1k8oau1eQYgTA14aRkkchCJEnPnzVQgUKuHZTC
+79Ek2RkRK1p2o5rB/C+Bg2IyhQlWSqPjua1dmM54
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID6TCCAlGgAwIBAgIMWRVcZxmAWkc1Mhq3MA0GCSqGSIb3DQEBCwUAMA8xDTAL
+BgNVBAMTBENBLTAwIBcNMTcwNTEyMDY1NTM1WhgPOTk5OTEyMzEyMzU5NTlaMA8x
+DTALBgNVBAMTBENBLTAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDk
+fS4dWnVZWp/e3SPUjXDvGmg0c/kcXCAmVq7jqgn18LA7p6Bp+hW79NXYATUz133b
+z7XK8RJWm+XcDB2qVT1HC4bxlRpc2G6nBmc5qyRTOFV2VTHcO8Aqg9C4rkbmsofZ
+ixJ+1HEseTM63yySmP7SiALwj55wvSDbpAcgfU92hC8jjUQNB4fAbc92byg82MPF
+PT+4FBCCBZVGHV6X1t5CBL8n9yq8Z8ufkBI1K6J/dNSXLhja3m5Q3J+WZpv445do
+88U1csw3G38frq6RFVHbb0Pusrdbj6+BAJsF5ZGbacPzcuobosVyb5OmNhpiwSzb
+yxD7rNUsVis8ClDSDTT4EP6Qxs7rnF/5UyWtVEnUg15xEqtj3CFlgY2mkI0v7YIO
+GAf3uo8iXHE0vaQHlQ2DMp8/IL3rRTujxXukjO1SH/4h9VXnNjGMrOpQRSajhMx2
+aHw/tPnNLTMqGfDV/rUFMGzJbhe1ZPH6L9kGFJzwDSd78D6ho/jWa/bH5306L4kC
+AwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0GA1Ud
+DgQWBBTZfEXSOVCPbOBHkMnezrD5wKsxpTANBgkqhkiG9w0BAQsFAAOCAYEALDBQ
+V/cMcuhDVChs5JICijycvZpxlxzxY34bQ3dm0NWeMjL+6dIyOQ5ThF6joG3nIScl
+oACurHcrZgrCTbw3LWXll0Hbwb0FRASCKgsg3a5BuRqc33A3vyQAOiyTiN+bje8e
+LpuhJNlAVFYu52+ywObwd1pf6CN4IqbXWlJ6j9rYY6Trquar3uYc1dHLy/RBsatQ
+CqurVTcZ+/2R1itHFfvT2fJ+pOw/kgAg62Tkkj2Ck0PaNcplbgQY0RUALV3V1Db5
+lnNCYcr5Iyl/ag5Unf1QD16Tp0SYI0+670xqq7Q4U6xQroZbMgPTI+DaCUFINOE5
+/2XiHxuWhM8N9fgfw8u9RyMKe7bgiQzeJkb3CKbsf9ytF8yUSK6nJc+/9Lqnh0Z0
+tf2yIpNKC2gc93dM1W1yVSuLLU5jwEkcMwh7JQJLofUgkfenKLOleNQ5UsHuAmy4
+LJS7OTnwtTfqtnszZGGmKqOS6HKE7rP1jI9AZgqRfGLIYoRY0skYtFsgZwzy
+-----END CERTIFICATE-----
diff --git a/tests/cert-tests/pkcs7-list-sign b/tests/cert-tests/pkcs7-list-sign
new file mode 100755
index 0000000000..1c4e930e5b
--- /dev/null
+++ b/tests/cert-tests/pkcs7-list-sign
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# Copyright (C) 2017 Karl Tarbe
+#
+# This file is part of GnuTLS.
+#
+# GnuTLS is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 3 of the License, or (at
+# your option) any later version.
+#
+# GnuTLS is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+#set -e
+
+srcdir="${srcdir:-.}"
+CERTTOOL="${CERTTOOL:-../../src/certtool${EXEEXT}}"
+DIFF="${DIFF:-diff -b -B}"
+
+if ! test -x "${CERTTOOL}"; then
+	exit 77
+fi
+
+if ! test -z "${VALGRIND}"; then
+	VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND} --error-exitcode=15"
+fi
+
+OUTFILE=out-pkcs7.$$.tmp
+OUTFILE2=out2-pkcs7.$$.tmp
+
+. ${srcdir}/../scripts/common.sh
+
+check_for_datefudge
+# Test signing
+FILE="signing-with-cert-list"
+${VALGRIND} "${CERTTOOL}" --p7-sign --load-certificate "${srcdir}/data/pkcs7-chain.pem" --load-privkey "${srcdir}/data/pkcs7-chain-endcert-key.pem" --infile "${srcdir}/data/pkcs7-detached.txt" >"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed"
+	exit ${rc}
+fi
+
+#test chain verification
+FILE="signing-verify"
+${VALGRIND} "${CERTTOOL}" --p7-verify --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification"
+	exit ${rc}
+fi
+
+#check extraction of embedded data in signature
+FILE="signing-cert-list-verify-data"
+${VALGRIND} "${CERTTOOL}" --p7-verify --p7-show-data --load-ca-certificate "${srcdir}/data/pkcs7-chain-root.pem" --outfile "${OUTFILE2}" <"${OUTFILE}"
+rc=$?
+
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 struct signing failed verification with data"
+	exit ${rc}
+fi
+
+cmp "${OUTFILE2}" "${srcdir}/data/pkcs7-detached.txt"
+rc=$?
+if test "${rc}" != "0"; then
+	echo "${FILE}: PKCS7 data detaching failed"
+	exit ${rc}
+fi
+
+rm -f "${OUTFILE}"
+rm -f "${OUTFILE2}"
+
+exit 0