It seems that some (maybe newer) MS countersignatures are not PKCS7 per RFC2315 but rather CMS structures defined by RFC5652. Unfortunately, PKCS7* family of OpenSSL functions is not able to handle it, but there are CMS* functions which are. They however do not provide same set of functions to do the same things as with PKCS7 structures.
This PR adds possibility to fall back to CMS if PKCS7 fails. Some functions had to be simulated and therefore might not be that accurate but just from testing on a few files, it seems to validate them correctly. But it might need a tuning in the future if we test it on a more extensive set of samples.
It seems that some (maybe newer) MS countersignatures are not PKCS7 per RFC2315 but rather CMS structures defined by RFC5652. Unfortunately, PKCS7* family of OpenSSL functions is not able to handle it, but there are CMS* functions which are. They however do not provide same set of functions to do the same things as with PKCS7 structures.
This PR adds possibility to fall back to CMS if PKCS7 fails. Some functions had to be simulated and therefore might not be that accurate but just from testing on a few files, it seems to validate them correctly. But it might need a tuning in the future if we test it on a more extensive set of samples.