[openssl-dev] [openssl.org #4276] Possible bug - ts -verify -digest, error:ts_rsp_verify.c:291:
Mario Scalabrino via RT
rt at openssl.org
Thu Jan 28 16:16:29 UTC 2016
Good afternoon Openssl,
please forward this email to whomever it may concern.
I receive an error and the Timestamping provider suspects it is a
Openssl bug.
Could you please check if it is openssl or the certificate?
This is when the error occurr
/openssl ts -verify -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
/tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
(result:)
*************
*Verification: FAILED**
**140236013643424:error:2F067065:time stamp
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
error:ts_rsp_verify.c:291:*/
I attach a complete reproduction scenario. I don't know if it is a
problem of this TSA certificate or in Openssl due to sha256 digest,
please help.
(in the curl command I cannot provide you the username and password, it
is a paid service)
Attached are the files resulting from the below commands in sequence and
the certificate of the TSA, but I'm sure you can check yourself the last
command where the error occur and advice.
you can copy and paste the commands below if you're in Linux Ubuntu and
the files are in the /tmp/ folder
*Reproduction scenario:*
OS: Ubuntu 14.04
Openssl version: OpenSSL 1.0.1f 6 Jan 2014
Generate tsq:
openssl ts -query -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -sha256
-cert -out /tmp/namirial.tsq
Readable tsq:
openssl ts -query -in /tmp/namirial.tsq -text
(result:)
************
Hash Algorithm: sha256
Message data:
0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
Policy OID: unspecified
Nonce: 0x8CA62B5766A29A8B
Certificate required: yes
Extensions:
****************
Generate tsr (using curl)
curl -u xxxxxxx:yyyyyy -s --data-binary @/tmp/namirial.tsq -H
'Content-Type: application/timestamp-query' -H 'Pragma: no-cache' -H
'Accept: application/timestamp-reply' --output /tmp/namirial.tsr
http://timestamp.firmacerta.it
Readable tsr
openssl ts -reply -in /tmp/namirial.tsr -out /tmp/readable_tsr.txt -text
(result:)
******************
Status info:
Status: Granted.
Status description: Operation Okay
Failure info: unspecified
TST info:
Version: 1
Policy OID: 1.3.6.1.4.1.36203.2.1
Hash Algorithm: sha256
Message data:
0000 - e1 6d b7 d3 05 81 e4 4a-55 40 f1 95 53 85 2b 5a .m.....JU at ..S.+Z
0010 - 4e 4e 26 f9 ad c3 65 cc-84 6f 94 03 8e e3 30 25 NN&...e..o....0%
Serial number: 0x1947FD96B97A42DE
Time stamp: Jan 28 14:56:16 2016 GMT
Accuracy: unspecified seconds, 0x01F4 millis, unspecified micros
Ordering: no
Nonce: 0x8CA62B5766A29A8B
TSA: unspecified
Extensions:
************************
Verify
openssl ts -verify -digest
e16db7d30581e44a5540f19553852b5a4e4e26f9adc365cc846f94038ee33025 -in
/tmp/namirial.tsr -CAfile /tmp/NamirialCATSA.pem
(result:)
*************
*Verification: FAILED**
**140236013643424:error:2F067065:time stamp
routines:TS_CHECK_SIGNING_CERTS:ess signing certificate
error:ts_rsp_verify.c:291:*
***************
--
Untitled Document
*Certify Doc <http://www.certifydoc.eu>*
*MARIO SCALABRINO *
Founder & CEO
(+34) 680 128 282
mario.scalabrino at andifyou.com <mailto:mario.scalabrino at andifyou.com>
www.certifydoc.eu <http://www.certifydoc.eu>
Linkedin <https://www.linkedin.com/in/andifyou>Facebook
<https://www.facebook.com/certifydoc>Twitter
<https://twitter.com/certifydoc>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0009.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0010.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0011.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0012.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0013.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0014.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0015.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0016.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0017.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ScenarioOpensslNamirial.zip
Type: application/x-zip-compressed
Size: 4753 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160128/43e6cd04/attachment-0001.bin>
More information about the openssl-dev
mailing list