[openssl-dev] [openssl.org #4276] AutoReply: Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:

Mario Scalabrino via RT rt at openssl.org
Tue Feb 23 10:34:24 UTC 2016 

Hello Openssl,

can you please tell me something?
I don't understand if anybody reads this email.

Almost a month has passed.

Mario Scalabrino


Untitled Document On 17/02/2016 14:49, Mario Scalabrino wrote:
> Hello Openssl,
>
> is there any update? Do you need more information?
>
> Thank you
>
> Cheers
>
> Mario Scalabrino
>
> Untitled Document
> *Certify Doc <http://www.certifydoc.eu>* 	
>
> *MARIO SCALABRINO *
>
> Founder & CEO
>
> (+34) 680 128 282
>
> mario.scalabrino at andifyou.com <mailto:mario.scalabrino at andifyou.com>
>
> www.certifydoc.eu <http://www.certifydoc.eu>
>
> Linkedin <https://www.linkedin.com/in/andifyou>Facebook 
> <https://www.facebook.com/certifydoc>Twitter 
> <https://twitter.com/certifydoc>
>
>
> On 28/01/2016 17:16, The default queue via RT wrote:
>> Greetings,
>>
>> This message has been automatically generated in response to the
>> creation of a trouble ticket regarding:
>> 	"Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:",
>> a summary of which appears below.
>>
>> There is no need to reply to this message right now.  Your ticket has been
>> assigned an ID of [openssl.org #4276].
>>
>> Please include the string:
>>
>>           [openssl.org #4276]
>>
>> in the subject line of all future correspondence about this issue. To do so,
>> you may reply to this message.
>>
>>                          Thank you,
>>                          rt at openssl.org
>>
>> -------------------------------------------------------------------------
>>
>> Good afternoon Openssl,
>>
>> please forward this email to whomever it may concern.
>>
>> I receive an error and the Timestamping provider suspects it is a
>> Openssl bug.
>> Could you please check if it is openssl or the certificate?
>>
>>
>> This is when the error occurr
>> /openssl ts -verify -digest
>> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
>> /tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
>> (result:)
>> *************
>> *Verification: FAILED**
>> **140236013643424:error:2F067065:time stamp
>> routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
>> error:ts_rsp_verify.c:291:*/
>>
>>
>> I attach a complete reproduction scenario. I don't know if it is a
>> problem of this TSA certificate or in Openssl due to sha256 digest,
>> please help.
>>
>>
>> (in the curl command I cannot provide you the username and password, it
>> is a paid service)
>>
>> Attached are the files resulting from the below commands in sequence and
>> the certificate of the TSA, but I'm sure you can check yourself the last
>> command where the error occur and  advice.
>>
>> you can copy and paste the commands below if you're in Linux Ubuntu and
>> the files are in the /tmp/ folder
>>
>> *Reproduction scenario:*
>>
>> OS: Ubuntu 14.04
>> Openssl version: OpenSSL 1.0.1f 6 Jan 2014
>>
>>
>>
>> Generate tsq:
>> openssl ts -query -digest
>> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -sha256
>> -cert -out /tmp/namirial.tsq
>>
>> Readable tsq:
>> openssl ts -query -in /tmp/namirial.tsq  -text
>> (result:)
>> ************
>> Hash Algorithm: sha256
>> Message data:
>>       0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
>>       0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
>> Policy OID: unspecified
>> Nonce: 0x8CA62B5766A29A8B
>> Certificate required: yes
>> Extensions:
>> ****************
>>
>>
>> Generate tsr (using curl)
>> curl -u xxxxxxx:yyyyyy -s --data-binary @/tmp/namirial.tsq -H
>> 'Content-Type: application/timestamp-query' -H 'Pragma: no-cache' -H
>> 'Accept: application/timestamp-reply' --output /tmp/namirial.tsr
>> http://timestamp.firmacerta.it
>>
>> Readable tsr
>> openssl ts -reply -in /tmp/namirial.tsr  -out /tmp/readable_tsr.txt -text
>>
>> (result:)
>> ******************
>> Status info:
>> Status: Granted.
>> Status description: Operation Okay
>> Failure info: unspecified
>>
>> TST info:
>> Version: 1
>> Policy OID: 1.3.6.1.4.1.36203.2.1
>> Hash Algorithm: sha256
>> Message data:
>>       0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
>>       0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
>> Serial number: 0x1947FD96B97A42DE
>> Time stamp: Jan 28 14:56:16 2016 GMT
>> Accuracy: unspecified seconds, 0x01F4 millis, unspecified micros
>> Ordering: no
>> Nonce: 0x8CA62B5766A29A8B
>> TSA: unspecified
>> Extensions:
>> ************************
>>
>>
>> Verify
>> openssl ts -verify -digest
>> e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
>> /tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
>> (result:)
>> *************
>> *Verification: FAILED**
>> **140236013643424:error:2F067065:time stamp
>> routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
>> error:ts_rsp_verify.c:291:*
>> ***************
>>
>>
>>
>


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4276
Please log in as guest with password guest if prompted

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 6492 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 8556 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0007.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 11081 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0008.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10866 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0009.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 11458 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0010.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10874 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0011.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10718 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0012.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 10856 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160223/029e4460/attachment-0013.jpe>

More information about the openssl-dev mailing list