For the last few days we're getting this error when trying to sign our windows installer: > Failed to convert timestamp reply from http://timestamp.globalsign.com/?signature=sha2; HTTP status 415 > 4154365632:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130: > 4154365632:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=TimeStampResp > RFC 3161 timestamping failed 415 is "unsupported media type" so it seems globalsign has changed something. However I'm unable to find anyone else having this issue, or any new information from globalsign. Another thread[1] for globalsign timestamp issues does mention a change of URL though, from "http://timestamp.globalsign.com/?signature=sha2" to "https://rfc3161timestamp.globalsign.com/advanced". Our curl doesn't support https for some reason, but when changing the URL to http then the signing suddenly starts working. I can also verify that Windows accepts the signature. [1] https://developercommunity.visualstudio.com/t/impossible-to-sign-code-with-globalsign/1324584
Tested build with URL changed and Windows gladly accepts those signature. Considering fixed.
I could reproduce this issue by trying to make an older commit (r36246) that was working at the time of commit, but this time I got the same error as in comment #0. Tested nightly build (6767) on Windows 10. The signatures seems to be ok!
Something is wrong again: > osslsigncode -pkcs12 /var/lib/jenkins/jobs/thinlinc_client/workspace/pki/codesign_windows.p12 -pass `cat /etc/codesign.pass` -n "ThinLinc Client" -i "http://www.cendio.com/" -comm -ts 'http://rfc3161timestamp.globalsign.com/advanced' -h sha256 -in installer/customizer.exe -out tl-4.12.1post-client-customizer.exe || cp installer/customizer.exe tl-4.12.1post-client-customizer.exe > Failed to convert timestamp reply from http://rfc3161timestamp.globalsign.com/advanced; HTTP status 302 > 4154963648:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1130: > 4154963648:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:290:Type=TimeStampResp > RFC 3161 timestamping failed
Never mind. Works fine again. Temporary server glitch I guess.