regards
custodio
--
View this message in context:
http://openssl.6102.n7.nabble.com/possible-Bug-in-OpenSSL-rfc-3161-TSA-service-tp43128p62434.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
openssl-users mailing list
.html
Dragan
--
View this message in context:
http://openssl.6102.n7.nabble.com/possible-Bug-in-OpenSSL-rfc-3161-TSA-service-tp43128p44380.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
:
http://openssl.6102.n7.nabble.com/possible-Bug-in-OpenSSL-rfc-3161-TSA-service-tp43128p44380.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http
Dne 16.3.2013 20:58, Walter H. napsal(a):
I tried this with my Adobe Acrobat,
and you wouldn't believe it; it doesn't work with Adobe Acrobat, too.
the error message - I use German version:
Fehler beim Erstellen der Unterschriftseigenschaften des Zeitstempels:
Verifizierungsfehler
in English
On 17.03.2013 16:37, kap...@mizera.cz wrote:
Dne 16.3.2013 20:58, Walter H. napsal(a):
I tried this with my Adobe Acrobat,
and you wouldn't believe it; it doesn't work with Adobe Acrobat, too.
the error message - I use German version:
Fehler beim Erstellen der Unterschriftseigenschaften des
Dne 17.3.2013 18:21, Walter H. napsal(a):
On 17.03.2013 16:37, kap...@mizera.cz wrote:
Dne 16.3.2013 20:58, Walter H. napsal(a):
I tried this with my Adobe Acrobat,
and you wouldn't believe it; it doesn't work with Adobe Acrobat, too.
the error message - I use German version:
Fehler beim
On 17.03.2013 18:48, kap...@mizera.cz wrote:
be verified - the same as you had ...
OpenSSL and Adobe conform to RFC 3161;
but not this TSA ...
correct, the error message means, that the received timestamp could not
But the discussed TSA postsignum would not exist at all if there would
be a
Dne 17.3.2013 19:08, Walter H. napsal(a):
?= it could be probably problem on yours side.
not really ...
What Adobe product and version are you using ? Maybe too old ?
not newest, but RFC 3161 is old, too
If you use older version of Adobe, it maybe do not support attribute
certificates
Dne 15.3.2013 20:24, Walter H. napsal(a):
are you shure this TSA is working at all?
Of course, it is the One TSA in our coutry.
can you give me for a try userid and pwd, then I may find out where the
bug is;
Unfortunately not, it is official paid service.
But You can make tests on testing
Dne 15.3.2013 22:34, Peter Sylvester napsal(a):
for those who don't read openssl-dev
Thanks - I did not know that it is discussed there too.
I have no experiences with patching, compiling, .. so I have to wait for
package in repo or PPA.
=
If you have the updated version, could you please
SORRY - now with attachment :-)
Dne 15.3.2013 22:34, Peter Sylvester napsal(a):
for those who don't read openssl-dev
Thanks - I did not know that it is discussed there too.
I have no experiences with patching, compiling, .. so I have to wait for
package in repo or PPA.
=
If you have the
Dne 16.3.2013 12:58, Walter H. napsal(a):
Unfortunately not, it is official paid service.
But You can make tests on testing TSA:
http://www.postsignum.cz/testovaci_casova_razitka.html
I don't understand this language; can you tell me the URL of this Test TSA?
Try to use
On 16.03.2013 19:27, kap...@mizera.cz wrote:
Dne 16.3.2013 12:58, Walter H. napsal(a):
Unfortunately not, it is official paid service.
But You can make tests on testing TSA:
http://www.postsignum.cz/testovaci_casova_razitka.html
I don't understand this language; can you tell me the URL of this
On 13.03.2013 01:19, kap...@mizera.cz wrote:
Dne 12.3.2013 20:36, Walter H. napsal(a):
Hello,
I found the following:
http://tsa.postsignum.cz:444
do you have account by this TSA ?
No.
if there is a need to have an account; then this page is not conforming
to any RFC - HTTP 400 is not an
for those who don't read openssl-dev
Original Message
Subject:[openssl.org #3016] openssl ts fix
Date: Wed, 13 Mar 2013 16:13:31 +0100
From: Peter Sylvester via RT r...@openssl.org
Reply-To: openssl-...@openssl.org
CC: openssl-...@openssl.org
Hi,
I
On 03/11/2013 11:17 PM, kap...@mizera.cz wrote:
That is what we talk about here.
Try to check previous posts in this thread.
rfc 3126 tells
This document mandates the presence of this attribute as a signed CMS
attribute, and the sequence must not be empty. The certificate used
to
On 03/12/2013 09:30 AM, kap...@mizera.cz wrote:
RFC 3161 is written badly. The whole text was a joke anyway.
The requester SHALL verify that the
TimeStampToken contains the correct certificate identifier of the TSA
One may conclude that openssl should simply not validate anything
Dne 12.3.2013 11:54, Peter Sylvester napsal(a):
On 03/12/2013 09:30 AM, kap...@mizera.cz wrote:
RFC 3161 is written badly. The whole text was a joke anyway.
The requester SHALL verify that the
TimeStampToken contains the correct certificate identifier of the TSA
One may
Hello,
I found the following:
http://tsa.postsignum.cz:444
produces the following error, when using this as time stamp server with
adobe standard/pro
BER decoding error
what software do they use?
my solution with OpenSSL works ...
Greetings,
Walter
smime.p7s
Description: S/MIME
You should have received an HTTP 400 error, with an HTML page. The
service behind it may not be RFC3161 compliant, it may even not be
advertised as RFC3161 compliant.
Your solution works, but it doesn't answer the problem.
--
Erwann ABALEA
-
québésectophile: séparatiste québécois
Le
Dne 12.3.2013 20:36, Walter H. napsal(a):
Hello,
I found the following:
http://tsa.postsignum.cz:444
do you have account by this TSA ?
produces the following error, when using this as time stamp server with
adobe standard/pro
BER decoding error
Are you sure you (adobe program) get
Hello,
after long time and many communication with the Certification Authority,
they send me final conclusion:
The problem with verification of their timestamps in openssl is caused
by improper/none handling of ATTRIBUTE CERTIFICATEs in openssl.
Other apps, e.b. Adobe, have no problem with
Am 11.03.2013 13:01, schrieb kap...@mizera.cz:
P.S: is this forum monitored by developers of openssl or should I report
it in devel forum?
At least Stephen Henson answers regularily in this mailing list (as you
can see by looking into a couple of threads), therefore i would stay in
this
On Mon, Mar 11, 2013, Richard Knning wrote:
Am 11.03.2013 13:01, schrieb kap...@mizera.cz:
P.S: is this forum monitored by developers of openssl or should I report
it in devel forum?
At least Stephen Henson answers regularily in this mailing list (as
you can see by looking into a couple
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the timestamping code. OpenSSL
doesn't support attribute certificates and adding support is not trivial.
The attribute certificates are common possible in CMS, not just in TS =
attr.
On 03/11/2013 06:43 PM, kap...@mizera.cz wrote:
Hello,
...
As I know, the attr. certs are not very necessary = that is why I mean, that temporary solution
would be to ignore them in verification process. At least in TS it would solve the problem.
Just for info: converting te stuff to
Could you please explain it in detail ?
Commands sentence as example ?
INPUT:
- timestamp reply
- certificates (whole chain)
COMMANDS:
OUTPUT:
successful verification
Thanks --kapetr
Dne 11.3.2013 19:39, Peter Sylvester napsal(a):
On 03/11/2013 06:43 PM, kap...@mizera.cz wrote:
On Mon, Mar 11, 2013, kap...@mizera.cz wrote:
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the timestamping code. OpenSSL
doesn't support attribute certificates and adding support is not trivial.
The attribute certificates are
Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.
--kapetr
Dne 11.3.2013 19:51, Dr. Stephen Henson napsal(a):
On Mon, Mar 11, 2013, kap...@mizera.cz wrote:
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the
Hello,
try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile
TSA-query -inkey ts.key -signer ts.crt -out TSA-reply
where ts.crt and ts.key are the timestamping certificate and private key
(without passphrase)
and TSA-query is the
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
}
by 3721926ea67e877df5f4e35dd3c87397eef33d4f
is the hash of the der version of te
On 03/11/2013 08:01 PM, kap...@mizera.cz wrote:
Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.
not quite but ts -reply -tokenout converts it to such a thing
__
OpenSSL Project
Thank you,
but this thread is about TS from real Certification Authority and
problem with attribute certificates.
--kapetr
Dne 11.3.2013 21:16, Walter H. napsal(a):
Hello,
try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
}
by
On 03/11/2013 10:31 PM, kap...@mizera.cz wrote:
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
That is what we talk about here.
Try to check previous posts in this thread.
--kapetr
Dne 11.3.2013 22:51, Peter Sylvester napsal(a):
On 03/11/2013 10:31 PM, kap...@mizera.cz wrote:
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
Just note.
I accidentally deleted: http://2i.cz/dcc5b69c4f
Here is new copy: http://2i.cz/0f81f2d80b
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Do you think OpenSSL is a game?
On 11.03.2013 22:02, kap...@mizera.cz wrote:
Thank you,
but this thread is about TS from real Certification Authority and
problem with attribute certificates.
--kapetr
Dne 11.3.2013 21:16, Walter H. napsal(a):
Hello,
try this for generating the TSA-reply
Hello,
thanks to your very detailed report I've managed to troubleshoot your
problem very fast. I've discovered that in TSA response
(file.txt-nononce-sha256-nocert.postsigDEMO.tsr) there is Signing
Certificate attribute (1.2.840.113549.1.9.16.2.12) that contains two
ESSCertIDs:
1st -
Hello,
My CA Authority (Europe Union qualified!) claims - there is Bug in OpenSSL =
verifying digi. timestamp fails.
The CA says (my bad translation - sorry): our timestamps contain in addition
Time Attribute Certificate - TAC included according to RFC 3126. They are
RFC 3161 according and
40 matches
Mail list logo