[openssl-users] Help for Bug - time stamp routines:TS_CHECK_SIGNING_CERTS:ess signing, certificate error:ts_rsp_verify.c:291:

Mario Scalabrino mario.scalabrino at yahoo.it
Mon May 23 10:25:33 UTC 2016 

Dear openssl users,

I'm struggling with the error below, I wrote to Openssl development in 
February 2016 but they are busy with the next release, I see they are 
aware of it in git/openssl and working on it.
https://github.com/openssl/openssl/pull/771


The bug is in the command ts -verify

|************** openssl ts -verify -digest 
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 \ -in 
/tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem Verification: FAILED 
140236013643424:error:2F067065:time stamp 
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate 
error:ts_rsp_verify.c:291:|

*****************

I need to verify programmatically that every timestamped document its' 
ok, it is very important for me to provide reliable timestamping from a 
trusted qualified European Union Timestamping Authority.



 From what I understood the bug relates to the fact that the new TSA's 
certificates are not compatible with the old way openssl reads them, or 
their attribute or hashing. My understanding of it is very basic.



*Is there a patch that I can apply?

*The bug has been found in 2013
http://openssl.6102.n7.nabble.com/possible-Bug-in-OpenSSL-rfc-3161-TSA-service-tt43128.html#none

I also opened a thread here
http://stackoverflow.com/questions/35914327/error-0x2f067065-in-ts-rsp-verify-c291/35916523?noredirect=1#comment62213243_35916523

It seems that it has been mentioned also here in git
https://github.com/elabftw/elabftw/issues/242
https://github.com/openssl/openssl/pull/771


Here's my environment

Ubuntu 14.04 LTS guest of a Virtualbox VM in an openstack IaaS.
|OpenSSL 1.0.1f 6 Jan 2014 |
|||Server Info: Apache/2.4.18 (Ubuntu)
PHP Version: 5.5.34-1+deb.sury.org~trusty+1|
mysql  Ver 14.14 Distrib 5.5.49, for debian-linux-gnu (x86_64) using 
readline 6.3


Could you please help?


Thank you in advance

Cheers

Msca

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160523/57238b44/attachment-0001.html>

More information about the openssl-users mailing list