Public Mendelson test server (http://testas2.mendelson-e-c.com:8080/as2/HttpReceiver) returns the following response header:
Content-Type: multipart/report; report-type=disposition-notification; \r\n\tboundary="----=_Part_60757_145870613.1732521603055"
Our application uses Apache's httpcore5 client, which honors line folding and thus, leads to the following header line:
Content-Type: multipart/report; report-type=disposition-notification; boundary="----=_Part_60757_145870613.1732521603055"
When calculating the message digest to verify the message's signature, we encounter a mismatch between our calculation and the signature provided in the "application/pkcs7-signature" part.
When we add the original whitespace characters (CR+LF+HTAB) to the "Content-Type" header value, validation is successful.
My conclusion is
a) Mendelson server uses a deprecated feature (see https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.4)
b) miscalculates the message digest by including line-folding indicators
Any hints, suggestions or corrections are welcome!