[openssl-users] Verifying a timestamp signed using a cert issued by a sub CA (intermediate)

Viktor Dukhovni openssl-users at dukhovni.org
Tue Nov 14 17:37:23 UTC 2017



> On Nov 14, 2017, at 2:30 AM, Marcus Lundblad <marcus.lundblad at primekey.com> wrote:
> 
> I'm trying to verify a timestamp that was signed using a signer
> certificate that has been issued by an intermediate CA.
> I'm only able to verify when specifying the intermediate CA certificate
> as "-untrusted" and the root CA cert as "-CAfile":

This means that:

  * OpenSSL either does not see or does not support the intermediate
    CA in the peer's message.
  * The root CA in question is not part of the default trust store.

> When running with just -CAfile pointing to the intermediate CA cert, I
> get:
> 
> Using configuration from /usr/lib/ssl/openssl.cnf
> Verification: FAILED
> 140693337339136:error:2F06D064:time stamp
> routines:ts_verify_cert:certificate verify
> error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get
> issuer certificate

For validation based on just the intermediate CA, you'd need
to enable "partial chains", which are supported in the 1.1.0
"ts" command via the "-partial_chain" option:

   https://www.openssl.org/docs/man1.1.0/apps/ts.html


> And if setting -CAfile to point to the root CA cert:
> 
> Using configuration from /usr/lib/ssl/openssl.cnf
> Verification: FAILED
> 140228374308096:error:2F06D064:time stamp
> routines:ts_verify_cert:certificate verify
> error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get local
> issuer certificate

Looking at the TS code in OpenSSL, it seems that the peer's
chain is not used in the way one might expect (to help construct
the untrusted portion of the chain).  Rather, surprisingly, it
looks like the peer's certificates appear to be used as a "constraint"
on the constructed chain, and verification fails some chain element
was not provided by the peer.  I don't know why this is done.

-- 
	Viktor.



More information about the openssl-users mailing list