[openssl-dev] [openssl.org #4276] AutoReply: Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:

Mario Scalabrino via RT rt at openssl.org
Wed Feb 17 13:49:23 UTC 2016 

Hello Openssl,

is there any update? Do you need more information?

Thank you

Cheers

Mario Scalabrino

Untitled Document
*Certify Doc <http://www.certifydoc.eu>* 	

*MARIO SCALABRINO *

Founder & CEO

(+34) 680 128 282

mario.scalabrino at andifyou.com <mailto:mario.scalabrino at andifyou.com>

www.certifydoc.eu <http://www.certifydoc.eu>

Linkedin <https://www.linkedin.com/in/andifyou>Facebook 
<https://www.facebook.com/certifydoc>Twitter 
<https://twitter.com/certifydoc>


On 28/01/2016 17:16, The default queue via RT wrote:
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> 	"Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:",
> a summary of which appears below.
>
> There is no need to reply to this message right now.  Your ticket has been
> assigned an ID of [openssl.org #4276].
>
> Please include the string:
>
>           [openssl.org #4276]
>
> in the subject line of all future correspondence about this issue. To do so,
> you may reply to this message.
>
>                          Thank you,
>                          rt at openssl.org
>
> -------------------------------------------------------------------------
>
> Good afternoon Openssl,
>
> please forward this email to whomever it may concern.
>
> I receive an error and the Timestamping provider suspects it is a
> Openssl bug.
> Could you please check if it is openssl or the certificate?
>
>
> This is when the error occurr
> /openssl ts -verify -digest
> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
> /tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
> (result:)
> *************
> *Verification: FAILED**
> **140236013643424:error:2F067065:time stamp
> routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
> error:ts_rsp_verify.c:291:*/
>
>
> I attach a complete reproduction scenario. I don't know if it is a
> problem of this TSA certificate or in Openssl due to sha256 digest,
> please help.
>
>
> (in the curl command I cannot provide you the username and password, it
> is a paid service)
>
> Attached are the files resulting from the below commands in sequence and
> the certificate of the TSA, but I'm sure you can check yourself the last
> command where the error occur and  advice.
>
> you can copy and paste the commands below if you're in Linux Ubuntu and
> the files are in the /tmp/ folder
>
> *Reproduction scenario:*
>
> OS: Ubuntu 14.04
> Openssl version: OpenSSL 1.0.1f 6 Jan 2014
>
>
>
> Generate tsq:
> openssl ts -query -digest
> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -sha256
> -cert -out /tmp/namirial.tsq
>
> Readable tsq:
> openssl ts -query -in /tmp/namirial.tsq  -text
> (result:)
> ************
> Hash Algorithm: sha256
> Message data:
>       0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
>       0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
> Policy OID: unspecified
> Nonce: 0x8CA62B5766A29A8B
> Certificate required: yes
> Extensions:
> ****************
>
>
> Generate tsr (using curl)
> curl -u xxxxxxx:yyyyyy -s --data-binary @/tmp/namirial.tsq -H
> 'Content-Type: application/timestamp-query' -H 'Pragma: no-cache' -H
> 'Accept: application/timestamp-reply' --output /tmp/namirial.tsr
> http://timestamp.firmacerta.it
>
> Readable tsr
> openssl ts -reply -in /tmp/namirial.tsr  -out /tmp/readable_tsr.txt -text
>
> (result:)
> ******************
> Status info:
> Status: Granted.
> Status description: Operation Okay
> Failure info: unspecified
>
> TST info:
> Version: 1
> Policy OID: 1.3.6.1.4.1.36203.2.1
> Hash Algorithm: sha256
> Message data:
>       0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
>       0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
> Serial number: 0x1947FD96B97A42DE
> Time stamp: Jan 28 14:56:16 2016 GMT
> Accuracy: unspecified seconds, 0x01F4 millis, unspecified micros
> Ordering: no
> Nonce: 0x8CA62B5766A29A8B
> TSA: unspecified
> Extensions:
> ************************
>
>
> Verify
> openssl ts -verify -digest
> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
> /tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
> (result:)
> *************
> *Verification: FAILED**
> **140236013643424:error:2F067065:time stamp
> routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
> error:ts_rsp_verify.c:291:*
> ***************
>
>
>


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4276
Please log in as guest with password guest if prompted

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 03-IMAGOTIPO_GRADIENT-150x150.png
Type: image/png
Size: 6492 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linea.jpg
Type: image/jpeg
Size: 8556 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0007.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon_phone.jpg
Type: image/jpeg
Size: 11081 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0008.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon_mail.jpg
Type: image/jpeg
Size: 10866 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0009.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icon_web.jpg
Type: image/jpeg
Size: 11458 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0010.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: linkedin_icon.jpg
Type: image/jpeg
Size: 10874 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0011.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: facebook_icon.jpg
Type: image/jpeg
Size: 10718 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0012.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twitter_icon.jpg
Type: image/jpeg
Size: 10856 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160217/8c050d4c/attachment-0013.jpg>

More information about the openssl-dev mailing list