You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, I'm trying to access one field and it complains that the other field is missing.
I believe this should not happen, because RFC 3161 defines:
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL }
and further states:
When the TimeStampToken is not present, the failInfo indicates the
reason why the time-stamp request was rejected and may be one of the
following values.
So, an error condition is transmitted to the client as a legitimate response, but the client cannot read it, because the library is raising an exception.
Suggestion (almost a pull request...)
I believe that the issue lies in asn1crypto/tsp.py, lines 156-160:
Just to be sure, this is a question about
asn1crypto
, notopenssl
. I'm usingasn1crypto
1.5.1 (latest).Setup
I created a couple requests and replies with openssl:
The config file was this:
And this is the file to be timestamped, just for good measure:
10_Visuals.pdf
Here are the openssl verifications:
$ openssl ts -verify -queryfile req.tsq -in req.tsr -CAfile ca.crt -untrusted tsa.crt Using configuration from /etc/ssl/openssl.cnf Verification: OK $ openssl ts -verify -config x509.cnf -queryfile reqpol.tsq -in reqpol.tsr -CAfile ca.crt -untrusted tsa.crt Using configuration from x509.cnf Verification: FAILED 40C739B922740000:error:1780006B:time stamp routines:ts_check_status_info:no time stamp token:../crypto/ts/ts_rsp_verify.c:390:status code: rejection, status text: Requested policy is not supported., failure codes: unacceptedPolicy
So, the verification failed, but this is an operational error, not a bug. The response file
reqpol.tsr
is fully legitimate according to RFC3161.asn1crypto
Now I had these 4 files and I loaded them with the appropriate loaders:
asn1crypto.tsp.TimeStampReq.load
for the requestsasn1crypto.tsp.TimeStampResp.load
for the repliesNo errors were issued at this point.
I can get the native of the query:
However, when I try and visualize the failed response, I get an error:
I cannot even access its status field:
So, I'm trying to access one field and it complains that the other field is missing.
I believe this should not happen, because RFC 3161 defines:
and further states:
So, an error condition is transmitted to the client as a legitimate response, but the client cannot read it, because the library is raising an exception.
Suggestion (almost a pull request...)
I believe that the issue lies in
asn1crypto/tsp.py
, lines 156-160:Particularly, line 159 should read:
In fact, I introduced this change in
tsp.py
, and now I have:The text was updated successfully, but these errors were encountered: