X509Certificates export format missing eContentType value

[leestkly]

In the certs-only CMS Signed Data structure exported by the X509Certificates class, the eContentType field is left as the default of an empty OID. However, the CMS RFC 5652 section 5.2 states:

In the degenerate case where there are no signers, the EncapsulatedContentInfo value being "signed" is irrelevant. In this case, the content type within the EncapsulatedContentInfo value being "signed" MUST be id-data (as defined in Section 4), and the content field of the EncapsulatedContentInfo value MUST be omitted.

In particular, the OpenSSL pkcs7 command complains about the empty OID and considers the data malformed:

unable to load PKCS7 object 4402050560:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:crypto/asn1/a_object.c:254: 4402050560:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=type, Type=PKCS7 4402050560:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=contents, Type=PKCS7_SIGNED 4402050560:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646: 4402050560:error:0D08403A:asn1 encoding routines:asn1_template_ex_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:496:Field=d.sign, Type=PKCS7 4402050560:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:

Setting the eContentType field to id_data allows OpenSSL to parse the structure and complies with the standard. I can open a PR with this change for your review.

[leestkly]

The new version 1.7.3 addresses the error seen with OpenSSL. Thanks!