Hello, for an university project I am implementing RFC3161 time stamps into git. when creating a TSQ it is possible to force the TSA server to include its signing certificate in the TSR. However, I was wondering how to extract this certificate at the client side, as neither 'openssl ts -reply' nor 'openssl ts -verify' seemed to offer an appropriate functionality. As the TSA field in TST_INFO is optional according to RFC3161 and might be unspecified, it is not a reliable way to determine the issuer of the timestamp signature. I would like to display the issuers name to the user if verification of the timestamp failed or the corresponding public key was not found in the user's certificate store. Is there any built-in way to extract the issuer's certificate from a TSR? Regards, Anton Wuerfel
