<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
Good afternoon Openssl,<br>
<br>
please forward this email to whomever it may concern.<br>
<br>
I receive an error and the Timestamping provider suspects it is a
Openssl bug.<br>
Could you please check if it is openssl or the certificate?<br>
<br>
<br>
This is when the error occurr<br>
<i><small><small>openssl ts -verify -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025
-in /tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem<br>
(result:)<br>
*************<br>
<b>Verification: FAILED</b><b><br>
</b><b>140236013643424:error:2F067065:time stamp
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
error:ts_rsp_verify.c:291:</b></small></small></i><br>
<br>
<br>
I attach a complete reproduction scenario. I don't know if it is a
problem of this TSA certificate or in Openssl due to sha256 digest,
please help.<br>
<br>
<br>
(in the curl command I cannot provide you the username and password,
it is a paid service)<br>
<br>
Attached are the files resulting from the below commands in sequence
and the certificate of the TSA, but I'm sure you can check yourself
the last command where the error occur and advice.<br>
<br>
you can copy and paste the commands below if you're in Linux Ubuntu
and the files are in the /tmp/ folder<br>
<br>
<b>Reproduction scenario:</b><br>
<br>
OS: Ubuntu 14.04<br>
Openssl version: OpenSSL 1.0.1f 6 Jan 2014<br>
<br>
<br>
<br>
Generate tsq:<br>
openssl ts -query -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025
-sha256 -cert -out /tmp/namirial.tsq<br>
<br>
Readable tsq:<br>
openssl ts -query -in /tmp/namirial.tsq -text<br>
(result:)<br>
************<br>
Hash Algorithm: sha256<br>
Message data:<br>
0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a
.m.....JU@..S.+Z<br>
0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25
NN&...e..o....0%<br>
Policy OID: unspecified<br>
Nonce: 0x8CA62B5766A29A8B<br>
Certificate required: yes<br>
Extensions:<br>
****************<br>
<br>
<br>
Generate tsr (using curl)<br>
curl -u xxxxxxx:yyyyyy -s --data-binary @/tmp/namirial.tsq -H
'Content-Type: application/timestamp-query' -H 'Pragma: no-cache' -H
'Accept: application/timestamp-reply' --output /tmp/namirial.tsr
<a class="moz-txt-link-freetext" href="http://timestamp.firmacerta.it">http://timestamp.firmacerta.it</a> <br>
<br>
Readable tsr<br>
openssl ts -reply -in /tmp/namirial.tsr -out /tmp/readable_tsr.txt
-text<br>
<br>
(result:)<br>
******************<br>
Status info:<br>
Status: Granted.<br>
Status description: Operation Okay<br>
Failure info: unspecified<br>
<br>
TST info:<br>
Version: 1<br>
Policy OID: 1.3.6.1.4.1.36203.2.1<br>
Hash Algorithm: sha256<br>
Message data:<br>
0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a
.m.....JU@..S.+Z<br>
0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25
NN&...e..o....0%<br>
Serial number: 0x1947FD96B97A42DE<br>
Time stamp: Jan 28 14:56:16 2016 GMT<br>
Accuracy: unspecified seconds, 0x01F4 millis, unspecified micros<br>
Ordering: no<br>
Nonce: 0x8CA62B5766A29A8B<br>
TSA: unspecified<br>
Extensions:<br>
************************<br>
<br>
<br>
Verify<br>
openssl ts -verify -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
/tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem<br>
(result:)<br>
*************<br>
<b>Verification: FAILED</b><b><br>
</b><b>140236013643424:error:2F067065:time stamp
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
error:ts_rsp_verify.c:291:</b><br>
***************<br>
<br>
<br>
<br>
<div class="moz-signature">-- <br>
<meta charset="UTF-8">
<title>Untitled Document</title>
<br>
<table border="0" width="750" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="text-align: center" align="" height="169"
width="181"><strong><a href="http://www.certifydoc.eu"
target="_blank" class="clink"><img
src="cid:part1.07010607.03050604@andifyou.com"
alt="Certify Doc" height="180" width="180"></a></strong></td>
<td style="padding: 0;margin:0; text-align: left;"
align="left" valign="top" width="569">
<p style="font-family: Gill Sans MT, Gill 'Gill Sans',
'Gill Sans MT', Bold; font-size: 24px; color:
rgba(17,47,127,1); margin-top: 0px; text-align: left;"><strong>MARIO
SCALABRINO <style="margin:0" data_temp_dwid="1"><img
src="cid:part3.00040005.07050402@andifyou.com"
alt="" height="1" width="400"></style="margin:0"></strong></p>
<p style="font-family: Gill Sans MT, Gill 'Gill Sans',
'Gill Sans MT', 'Myriad Pro', 'DejaVu Sans Condensed',
Gill Sans MT, Gill Sans MT, sans-serif, sans-serif;
font-size: 21px; color: rgba(151,151,151,1); margin-top:
0px; text-align: left;">Founder & CEO </p>
<p style="font-family: Gill Sans MT, Gill 'Gill Sans',
'Gill Sans MT', 'Myriad Pro', 'DejaVu Sans Condensed',
Gill Sans MT, Gill Sans MT, sans-serif; font-size: 16px;
color: rgba(17,47,127,1); line-height: 10px; text-align:
left;"><img
src="cid:part4.09080403.05050209@andifyou.com" alt=""
height="12" width="13"> (+34) 680 128 282</p>
<a style="font-family: Gill Sans MT, Gill 'Gill Sans',
'Gill Sans MT', 'Myriad Pro', 'DejaVu Sans Condensed',
Gill Sans MT, Gill Sans MT, sans-serif; font-size: 16px;
color: rgba(17,47,127,1); line-height: 10px; text-align:
left;" href="mailto:mario.scalabrino@andifyou.com"
target="_blank" class="clink"><img
src="cid:part5.00040307.09020602@andifyou.com" alt=""
height="12" width="13"> mario.scalabrino@andifyou.com</a>
<br>
<br>
<a style="font-family: Gill Sans MT, Gill 'Gill Sans',
'Gill Sans MT', 'Myriad Pro', 'DejaVu Sans Condensed',
Gill Sans MT, Gill Sans MT, sans-serif; font-size: 16px;
color: rgba(17,47,127,1); line-height: 10px; text-align:
left;" href="http://www.certifydoc.eu" target="_blank"
class="clink"><img
src="cid:part7.08080901.04030004@andifyou.com" alt=""
height="12" width="13"> www.certifydoc.eu</a>
<p style="font-family: Helvetica, Arial, sans-serif;
font-size: 12px; color: rgba(51,51,51,1); line-height:
10px; text-align: left;"><a
href="https://www.linkedin.com/in/andifyou"
target="_blank"><img
src="cid:part9.01020606.03070302@andifyou.com"
alt="Linkedin" height="30" width="30"></a><a
href="https://www.facebook.com/certifydoc"
target="_blank"><img
src="cid:part11.09000400.01040709@andifyou.com"
alt="Facebook" height="30" width="30"></a><a
href="https://twitter.com/certifydoc" target="_blank"><img
src="cid:part13.01030104.03000706@andifyou.com"
alt="Twitter" height="30" width="30"></a></p>
</td>
</tr>
<tr>
<td colspan="3"><br>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>