> On Nov 14, 2017, at 2:30 AM, Marcus Lundblad <marcus.lundblad@xxxxxxxxxxxx> wrote: > > I'm trying to verify a timestamp that was signed using a signer > certificate that has been issued by an intermediate CA. > I'm only able to verify when specifying the intermediate CA certificate > as "-untrusted" and the root CA cert as "-CAfile": This means that: * OpenSSL either does not see or does not support the intermediate CA in the peer's message. * The root CA in question is not part of the default trust store. > When running with just -CAfile pointing to the intermediate CA cert, I > get: > > Using configuration from /usr/lib/ssl/openssl.cnf > Verification: FAILED > 140693337339136:error:2F06D064:time stamp > routines:ts_verify_cert:certificate verify > error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get > issuer certificate For validation based on just the intermediate CA, you'd need to enable "partial chains", which are supported in the 1.1.0 "ts" command via the "-partial_chain" option: https://www.openssl.org/docs/man1.1.0/apps/ts.html > And if setting -CAfile to point to the root CA cert: > > Using configuration from /usr/lib/ssl/openssl.cnf > Verification: FAILED > 140228374308096:error:2F06D064:time stamp > routines:ts_verify_cert:certificate verify > error:../crypto/ts/ts_rsp_verify.c:182:Verify error:unable to get local > issuer certificate Looking at the TS code in OpenSSL, it seems that the peer's chain is not used in the way one might expect (to help construct the untrusted portion of the chain). Rather, surprisingly, it looks like the peer's certificates appear to be used as a "constraint" on the constructed chain, and verification fails some chain element was not provided by the peer. I don't know why this is done. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users