Verifying Android hardware attestation certificates with OpenSSL

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Verifying Android hardware attestation certificates with OpenSSL

Pietu Pohjalainen
Dear all,

I have been trying to verify hardware attestation certificates originating from different Android phones with the OpenSSL tool. There seems to be not too much information about how are these supposed to work. With OpenSSL I'm getting mixed results.

Android developer spec for certificate extension data schema is available at
https://developer.android.com/training/articles/security-key-attestation and is linking to a few years old Java code example at https://github.com/googlesamples/android-key-attestation . Unfortunately this Java code has not been updated to match later versions of key attestation, and it fails with many of my real world use cases.

The OpenSSL command shipping with Mac OS 10.13 (LibreSSL 2.2.7) fails even to parse these certificates.

OpenSSL 1.1.0g shipping with Ubuntu parses all of my example certificates just fine. However, trying to verify certificate chains sometime succeeds, sometime fails. ver 1.1.2-dev follows the same pattern. 

So far, I have figured out the following patterns:
- Certificate chain extracted from a real world device is either 3 or 4 certificates.
- When the chain is 4 certificates, the last one is equal to Google's root certificate found in the Java code example https://github.com/googlesamples/android-key-attestation/blob/master/server/src/main/java/com/android/example/KeyAttestationExample.java
- When the chain is 3 certificates, the middle and last certificates are always the same.

- Out of these 8 real world chains, I'm having 
* 3 cases where OpenSSL verifies the chain just nice - branches a, g and h in the upcoming transcript.
* 1 case where OpenSSL gives error

error 20 at 0 depth lookup: unable to get local issuer certificate

error f1.pem: verification failed

139747492622784:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:

139747492622784:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:

139747492622784:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:553:
* 4 cases where OpenSSL gives error

error 20 at 0 depth lookup: unable to get local issuer certificate

error e1.pem: verification failed

The hardware devices are in somewhat random order, as follows:
a: Nokia 8 running Android 8.1
b: Motorola Moto Z running Android 7.1.1
c: Nokia 1 running Android 8.1
d: Nokia 2 running Android 7.1.1
e: Sony Oneplus A5000 running Android 7.1.1
f: Huawei Honor 8 running Android 7.0
g: Nokia 5.1 running Android 8.0
h: OnePlus 3T running Android 8.0


Due to other OpenSSL implementations failing to even parse these certificates, I'm now in doubt is it my wrong usage pattern, certificates that are really faulty, or is this a bug with OpenSSL. 


br,
Pietu

--- clip ---

Here's my full set of files and commands tried:

$ /usr/local/bin/openssl version

OpenSSL 1.1.2-dev  xx XXX xxxx


$ md5sum a2.pem b2.pem d2.pem e2.pem f2.pem h2.pem 

2575f8bb229a2c5bc02260dbc8af5575  a2.pem

2575f8bb229a2c5bc02260dbc8af5575  b2.pem

2575f8bb229a2c5bc02260dbc8af5575  d2.pem

2575f8bb229a2c5bc02260dbc8af5575  e2.pem

2575f8bb229a2c5bc02260dbc8af5575  f2.pem

2575f8bb229a2c5bc02260dbc8af5575  h2.pem


$ md5sum a3.pem b3.pem d3.pem e3.pem f3.pem h3.pem 

0ec1822cb22ea66f96fc459633dfee78  a3.pem

0ec1822cb22ea66f96fc459633dfee78  b3.pem

0ec1822cb22ea66f96fc459633dfee78  d3.pem

0ec1822cb22ea66f96fc459633dfee78  e3.pem

0ec1822cb22ea66f96fc459633dfee78  f3.pem

0ec1822cb22ea66f96fc459633dfee78  h3.pem


$ # Test out chains with 3 certificates - a and h verify fine.

$ for branch in a; do echo; echo "Checking $branch"; cat "$branch"1.pem "$branch"2.pem "$branch"3.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem) "$branch"1.pem; echo; done


Checking a

-----BEGIN CERTIFICATE-----

MIICgDCCAiagAwIBAgIBATAKBggqhkjOPQQDAjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDE7MDkGA1UEAwwyQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUwIBcNNzAwMTAxMDAwMDAwWhgPMjEwNjAyMDcwNjI4MTVaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDRgbsaYD1OPI5P78IVIJsgQlAIDKIoGl7BAbuV4tkx0Km3tfcoMAwfWL1exnBoAxuw2ZHUhlNUhWE8kyAW7bsaOB5jCB4zALBgNVHQ8EBAMCB4AwgbIGCisGAQQB1nkCAREEgaMwgaACAQIKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwSr+FPQgCBgFmrBioCL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEMMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MDehBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT4DAgEAv4U/AgUAMB8GA1UdIwQYMBaAFD/8rNYasTqegSC41SUcxWW7HpGpMAoGCCqGSM49BAMCA0gAMEUCIQC+ty2c6G69zydlw3mhdTV0C+IMN45WIxC4K4kpvQIT2wIgBE48WjBNlRTH3RWURiL1oIriLcfTlN7sKeMVkeH1PCU=

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIICeDCCAh6gAwIBAgICEAEwCgYIKoZIzj0EAwIwgZgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRUwEwYDVQQKDAxHb29nbGUsIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQxMzAxBgNVBAMMKkFuZHJvaWQgS2V5c3RvcmUgU29mdHdhcmUgQXR0ZXN0YXRpb24gUm9vdDAeFw0xNjAxMTEwMDQ2MDlaFw0yNjAxMDgwMDQ2MDlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMTswOQYDVQQDDDJBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOueefhCY1msyyqRTImGzHCtkGaTgqlzJhP+rMv4ISdMIXSXSir+pblNf2bU4GUQZjW8U7ego6ZxWD7bPhGuEBSjZjBkMB0GA1UdDgQWBBQ//KzWGrE6noEguNUlHMVlux6RqTAfBgNVHSMEGDAWgBTIrel3TEXDo88NFhDkeUM6IVowzzASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIChDAKBggqhkjOPQQDAgNIADBFAiBLipt77oK8wDOHri/AiZi03cONqycqRZ9pDMfDktQPjgIhAO7aAV229DLp1IQ7YkyUBO86fMy9Xvsiu+f+uXc/WT/7

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIICizCCAjKgAwIBAgIJAKIFntEOQ1tXMAoGCCqGSM49BAMCMIGYMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMTMwMQYDVQQDDCpBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIFJvb3QwHhcNMTYwMTExMDA0MzUwWhcNMzYwMTA2MDA0MzUwWjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEzMDEGA1UEAwwqQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBSb290MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7l1ex+HA220Dpn7mthvsTWpdamguD/9/SQ59dx9EIm29sa/6FsvHrcV30lacqrewLVQBXT5DKyqO107sSHVBpKNjMGEwHQYDVR0OBBYEFMit6XdMRcOjzw0WEOR5QzohWjDPMB8GA1UdIwQYMBaAFMit6XdMRcOjzw0WEOR5QzohWjDPMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMAoGCCqGSM49BAMCA0cAMEQCIDUho++LNEYenNVg8x1YiSBq3KNlQfYNns6KGYxmSGB7AiBNC/NR2TB8fVvaNTQdqEcbY6WFZTytTySn502vQX3xvw==

-----END CERTIFICATE-----


a1.pem: OK



$ #for keeping msg length in moderation, not duplicating root and intermediate certificates

$ for branch in b d e f h; do echo; echo "Checking $branch"1.pem; cat "$branch"1.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem) "$branch"1.pem; echo; done


Checking b1.pem

-----BEGIN CERTIFICATE-----

MIIBzTCCAXOgAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAgFw03MDAxMDEwMDAwMDBaGA8yMTA2MDIwNzA2MjgxNVowGjEYMBYGA1UEAwwPQSBLZXltYXN0ZXIgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuvoG6Aobkj6eP+Q4bCf7vIY2hLvsQ9rRKG0mdD1YDPoE7lnth4ekSa+lhlMnieHrsH2pnGLZxP4jZoSk3GQdJaOBpTCBojALBgNVHQ8EBAMCB4AwcgYKKwYBBAHWeQIBEQRkMGICAQEKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwDL+FPQgCBgFmrHjFgDA3oQUxAwIBAqIDAgEDowQCAgEApQsxCQIBBAIBBQIBBqoDAgEBv4N3AgUAv4U+AwIBAL+FPwIFADAfBgNVHSMEGDAWgBQ//KzWGrE6noEguNUlHMVlux6RqTAKBggqhkjOPQQDAgNIADBFAiEA+atKJFXAli8iI4u42gP+dRCarhtXYTPvSx4gBUoGWEsCIGdA9chHpZmRaNYr+oODruhF+Q1xIyLJYX+pq2q6wHvl

-----END CERTIFICATE-----


CN = A Keymaster Key

error 20 at 0 depth lookup: unable to get local issuer certificate

error b1.pem: verification failed



Checking d1.pem

-----BEGIN CERTIFICATE-----

MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAeFw03MDAxMDEwMDAwMDBaFw02OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0EgS2V5bWFzdGVyIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABD2A/WLrFMSEGX3XdgKDlxcTAstZnlXgJRZsLC+Z55JR80UYfNgV7EfN3arpKMuJ3fFJ/cYEoACTLHjinhmXVFijgbEwga4wCwYDVR0PBAQDAgeAMH4GCisGAQQB1nkCAREEcDBuAgEBCgEAAgECCgEABAtoZWxsbyB3b3JsZAQAME+hBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT0IAgYBZq9Wdbi/hT4DAgEAv4VBBQIDARHVv4VCBQIDAxRPMAAwHwYDVR0jBBgwFoAUP/ys1hqxOp6BILjVJRzFZbsekakwCgYIKoZIzj0EAwIDSAAwRQIhAObHcoPKw6ntrXr+EC7HmGJO9heDbSuFMjO9sbcOw6rYAiBXtqcI6p0VCDN+jPtztLYtxeqkCnZYDve8MTkrReNSJQ==

-----END CERTIFICATE-----


CN = A Keymaster Key

error 20 at 0 depth lookup: unable to get local issuer certificate

error d1.pem: verification failed



Checking e1.pem

-----BEGIN CERTIFICATE-----

MIIBzTCCAXOgAwIBAgIBATAKBggqhkjOPQQDAjAcMRowGAYDVQQDDBFBbmRyb2lkIEtleW1hc3RlcjAgFw03MDAxMDEwMDAwMDBaGA8yMTA2MDIwNzA2MjgxNVowGjEYMBYGA1UEAwwPQSBLZXltYXN0ZXIgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+KjC/Y5eImDnRgreH+fZeXj9r4725cHz3T8p7wCyWJKajku2c8khAJepG4fUEqHwiggPj7V5IWhaxzi29g7U1aOBpTCBojALBgNVHQ8EBAMCB4AwcgYKKwYBBAHWeQIBEQRkMGICAQEKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwDL+FPQgCBgFmr+53yDA3oQUxAwIBAqIDAgEDowQCAgEApQsxCQIBBAIBBQIBBqoDAgEBv4N3AgUAv4U+AwIBAL+FPwIFADAfBgNVHSMEGDAWgBQ//KzWGrE6noEguNUlHMVlux6RqTAKBggqhkjOPQQDAgNIADBFAiEAmm+LNCeZRpBBHUxXGVU9VC/fxEwoLfbC3x7UNCd3ra4CIAW9JO5u6msXwvix4QD0OSBrdrzUCzuS9ItwfjZv+mB3

-----END CERTIFICATE-----


CN = A Keymaster Key

error 20 at 0 depth lookup: unable to get local issuer certificate

error e1.pem: verification failed



Checking f1.pem

-----BEGIN CERTIFICATE-----

MIIB/TCCAaSgAwIBAgIBATAKBggqhkjOPQQDAjAdMRswGQYDVQQDExJBbmRyb2lkIEtleW1hc3RlcjIwHhcNNzAwMTAxMDAwMDAwWhcNMDYwMjA3MDYyODE1WjAaMRgwFgYDVQQDEw9BIEtleW1hc3RlciBLZXkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqHWB8dQg1/Fw67gZvYqIq2WZvbWFll4W5y2uz0UymS34g0FMGkwsJqAlnCquVFraoiaJH35x+jPrGqmdXy6Mo4HXMIHUMAsGA1UdDwQEAwIHgDAIBgNVHR8EAQAwgboGCisGAQQB1nkCAREEgaswgagCAQEKAQECAQIKAQEEC2hlbGxvIHdvcmxkBAAwJL+DdwIFAL+FPQgCBgFmxPuCBb+FQQUCAwERcL+FQgUCAwMUUDBloQUxAwIBAqIDAgEDowQCAgEApQUxAwIBBKoDAgEBv4U+AwIBAL+FQCowKAQgU0HmsmRpeacOV2UwB6HzEBaUIeyb3Z8aVkj3Wt4AWvEBAf8KAQC/hUEFAgMBEXC/hUIFAgMDFFAwCgYIKoZIzj0EAwIDRwAwRAIgEH9o6neMfv7o6ixwUkL4t7r5uS9FbMGAS9Pt9St9qecCICKhqBjZBisaGDSqE3Qo2vFUpvtB03tDHqlzScWXbry1

-----END CERTIFICATE-----



CN = A Keymaster Key

error 20 at 0 depth lookup: unable to get local issuer certificate

error f1.pem: verification failed

140121898299840:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:crypto/asn1/asn1_lib.c:101:

140121898299840:error:0D068066:asn1 encoding routines:asn1_check_tlen:bad object header:crypto/asn1/tasn_dec.c:1118:

140121898299840:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:553:



Checking h1.pem

-----BEGIN CERTIFICATE-----

MIICgDCCAiagAwIBAgIBATAKBggqhkjOPQQDAjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFTATBgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDE7MDkGA1UEAwwyQW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBJbnRlcm1lZGlhdGUwIBcNNzAwMTAxMDAwMDAwWhgPMjEwNjAyMDcwNjI4MTVaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE99dbLWDWw+j/h1MO8Sap27sC+wnjS3w4I2FIea+Tw8AzjCnG3F9tqNwPEDP1Y/NILB0TqgLQ8sKwxXrxXR7yW6OB5jCB4zALBgNVHQ8EBAMCB4AwgbIGCisGAQQB1nkCAREEgaMwgaACAQIKAQACAQEKAQEEC2hlbGxvIHdvcmxkBAAwSr+FPQgCBgFmxQWrGL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEMMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MDehBTEDAgECogMCAQOjBAICAQClCzEJAgEEAgEFAgEGqgMCAQG/g3cCBQC/hT4DAgEAv4U/AgUAMB8GA1UdIwQYMBaAFD/8rNYasTqegSC41SUcxWW7HpGpMAoGCCqGSM49BAMCA0gAMEUCIDyO1O3bN1RqAPlmEku6Bm64EZVsnXP2AUqABbh5uZQmAiEApb4XgXemFO2By1Uk/2YSTmZY8wKUAf4ZsWCc6+fxiio=

-----END CERTIFICATE-----


h1.pem: OK



# Test out chains with 4 certificates - g verifies fine.

$ for branch in c g; do echo; echo "Checking $branch"; cat "$branch"1.pem "$branch"2.pem "$branch"3.pem "$branch"4.pem; /usr/local/bin/openssl verify -CAfile <(cat "$branch"2.pem "$branch"3.pem "$branch"4.pem) "$branch"1.pem; echo; done


Checking c

-----BEGIN CERTIFICATE-----

MIICUTCCAfagAwIBAgIBATAKBggqhkjOPQQDAjAbMRkwFwYDVQQFExA5NWU3MzI4NzZiNjUxNjhkMCIYDzE5MDAwMTAwMDAwMDAwWhgPMTkwMDAxMDAwMDAwMDBaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7Sd6FaAz8BONTGJvtGw5AIaiLhGH4ILfaD9OKzLYjfjB/nTcW6ti+CjSMtaROpXzbuYh6IgCGlD089gPnP5+BaOCASEwggEdMAsGA1UdDwQEAwIHgDCB7AYKKwYBBAHWeQIBEQSB3TCB2gIBAgoBAQIBAwoBAQQLaGVsbG8gd29ybGQEADBKv4U9CAIGAWasjANIv4VFOgQ4MDYxEDAOBAljb20ucHl5cGwCAQwxIgQggyL2Db/9TzsLnfHe3CnrXLorX7bahpOQSMaDJOBfDfswcaEFMQMCAQKiAwIBA6MEAgIBAKULMQkCAQQCAQUCAQaqAwIBAb+DdwIFAL+FPgMCAQC/hUAqMCgEIE15D6Cl/oHWs1K5Cv5DBoTZvIF1GM0kxQ5jQzlffFHyAQEBCgEAv4VBBQIDATjkv4VCBQIDAxRQMB8GA1UdIwQYMBaAFBuQe659NNU7MawBkucw39T1flt2MAoGCCqGSM49BAMCA0kAMEYCIQC14bLPGSNXwYUrFzO3Xno7WLHCy1wFtcP+mXCnVlvCngIhAMX60lRiVTvfl2Bq09opnfb3Y7QgE0DViuhheQyNSvL4

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIICKzCCAbKgAwIBAgIKFhlXZkYXJGEUNDAKBggqhkjOPQQDAjAbMRkwFwYDVQQFExA1YjAzNTljY2E4ODc5Y2I1MB4XDTE2MDUyNjE2NTQxNloXDTI2MDUyNDE2NTQxNlowGzEZMBcGA1UEBRMQOTVlNzMyODc2YjY1MTY4ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJoEzxn1L0hLklubtqi8kvk9KEJf4nu8UB7EfcHn5zGbONW9HGgwBlq5X5llRvmNUToPcgbI3sHOvFoHky5nrgyjgd0wgdowHQYDVR0OBBYEFBuQe659NNU7MawBkucw39T1flt2MB8GA1UdIwQYMBaAFAbd7gqSHZtx4caJQUTvOTlwJgA1MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMCQGA1UdHgQdMBugGTAXghVpbnZhbGlkO2VtYWlsOmludmFsaWQwVAYDVR0fBE0wSzBJoEegRYZDaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8xNjE5NTc2NjQ2MTcyNDYxMTQzNDAKBggqhkjOPQQDAgNnADBkAjAMeVZ84Z55FM2+nOrljCQlb7xpdiYDTc96LQyh8OE6EZj8jkQQL9Lh3MT5p5lZ+QsCMGLwHkdPAeD1M8PYEJRyurfC4EYV1k3zJowZbRmYu3N8ztCb3FBgE+1oJpxEPNXIGQ==

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIIDwzCCAaugAwIBAgIKA4gmZ2BliZaFczANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTE2MDUyNjE2NDEyOVoXDTI2MDUyNDE2NDEyOVowGzEZMBcGA1UEBRMQNWIwMzU5Y2NhODg3OWNiNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABHf4FUKTZivDuwdyVbXyPF12IRuDzZKq61MbqooE3/gx9gIS9pFS4NZgGTnjSMm6ltYrCv3sDzuPQls+V+BLPQgNfRHavmP9eulc1uR3GNgCnKqxB2o0QcTQGPAxJA81c6OBtjCBszAdBgNVHQ4EFgQUBt3uCpIdm3HhxolBRO85OXAmADUwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC9FOEZBMTk2MzE0RDJGQTE4MA0GCSqGSIb3DQEBCwUAA4ICAQAsPFNbAeVGRXKg0H1Ixy31n+vc1GAtLTtdruQGZ3rk6Dq3G5OiNfwLI4vRowDERgTr5RoVRMLs9HzTTCvvdEBhcILKOnaPAd6Jg4HvBi8hsfbXEvRi2kmIfiYAabC71ErJLFEMprTJMSDEOe3lXCJG409z99ofsf/s1M1i77NFVCwstAvRLMjc9TjxRXrGrGD0rMdG2RkionXa3H+4cYqSUf7JCIW6dMB2p+4R3n463DqxxSJNGbchGGUbL6b0qIWdaVcwG2ro+WyItfyw5C4h9XSosauyC9ajjZLt8RAK2ouZHN/kyIXcD1U7IFbSy0SZfaRDLNCzse4iL6IOnuyITEFLnvLfcDSwNX1/ptBRAeeme7G1nwpeohJjiddmf20e421+n3tWUyUhLk9s83MJQQp+mhfApA1Qvz+a7M3OqPvHhBoeu6C4NOlYkb8mrjtuZ/RU5WIRXfyXZqA05Qnu8usuxxNFozU5hWbXIZQx7at2x/7t8/kgHSJhKs4hWIdbVgIDyWIhgoDD+gqTIRlzTwrS876dgy0MTZm1riMEBB5jvAhaeciDBf8u6AFWnMsS0UVtOinr5lTRkHSwie2n90kazqpkeMUdnbBSG7HSMhyg5lvem9G82NakH4S1EPgRBLN1eF8Q51ZmzeNl3DnIGGjNI+LAXw10KVuEkzgd8A==

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk

-----END CERTIFICATE-----


CN = Android Keystore Key

error 20 at 0 depth lookup: unable to get local issuer certificate

error c1.pem: verification failed



Checking g

-----BEGIN CERTIFICATE-----

MIICMzCCAdmgAwIBAgIBATAKBggqhkjOPQQDAjApMRkwFwYDVQQFExBhMTk1Mzk2NGJhMmEyODlkMQwwCgYDVQQMDANURUUwHhcNNzAwMTAxMDAwMDAwWhcNNDkxMjMxMjM1OTU5WjAfMR0wGwYDVQQDDBRBbmRyb2lkIEtleXN0b3JlIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABP8c/Ldx44Ms4bM37CyNoE6Us5uS8dAERkRV8kyxCY7bD3P9rds93fflXJS8Pccyb/fXXJgSS3T2SVdbbPrc5oqjgfswgfgwDAYDVR0PBAUDAweAADCB5wYKKwYBBAHWeQIBEQSB2DCB1QIBAgoBAQIBAwoBAQQLaGVsbG8gd29ybGQEADBLv4U9CQIHBXlxm+8jSL+FRToEODA2MRAwDgQJY29tLnB5eXBsAgEPMSIEIIMi9g2//U87C53x3twp61y6K1+22oaTkEjGgyTgXw37MGuhBTEDAgECogMCAQOjBAICAQClBTEDAgEEqgMCAQG/g3cCBQC/hT4DAgEAv4VAKjAoBCBNeQ+gpf6B1rNSuQr+QwaE2byBdRjNJMUOY0M5X3xR8gEB/woBAL+FQQUCAwE4gL+FQgUCAwMUUDAKBggqhkjOPQQDAgNIADBFAiEA7cObHYk5pcrMI+ZGd5KmVMlr83SbHzDJe6z3rNLqtlwCIAM/9o4YhpHmujecGzSX9sMk/xEaNHXdytqmxwh2wFBM

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIICJjCCAaugAwIBAgIKEyY3BBKHSRYpeTAKBggqhkjOPQQDAjApMRkwFwYDVQQFExAyOTYwY2I5YWViZDUwNWY0MQwwCgYDVQQMDANURUUwHhcNMTgwMzIxMjA1ODE1WhcNMjgwMzE4MjA1ODE1WjApMRkwFwYDVQQFExBhMTk1Mzk2NGJhMmEyODlkMQwwCgYDVQQMDANURUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATHJiYgEb7N5f8ZnbKTZkDSvp2VugEEvz4Mm7wxVmcizwSPMPiTjv6gm2n1CoNBSHLVnTZ84ywfEk7HiftX1K6Co4G6MIG3MB0GA1UdDgQWBBQkYNkasG1v9aQK31IvheOpubhN5jAfBgNVHSMEGDAWgBTZCjmyzP+wdzrAqIzS/zURX5DNxjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDBUBgNVHR8ETTBLMEmgR6BFhkNodHRwczovL2FuZHJvaWQuZ29vZ2xlYXBpcy5jb20vYXR0ZXN0YXRpb24vY3JsLzEzMjYzNzA0MTI4NzQ5MTYyOTc5MAoGCCqGSM49BAMCA2kAMGYCMQCsCvSIoT/6E+cbiD+v4e+Y6PUYX3ZcatDAAM1eWTAWZmnabkTW9u3/BWhzYYYm4fYCMQCdsRDgh8XG4ZWJhuvFtHy/C3vi1Hf1wD93YoHOLLJaIPvuv/hWR+1UpKO2lgHo9+4=

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIID0TCCAbmgAwIBAgIKA4gmZ2BliZaFfTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MB4XDTE4MDMyMTIwNTM1M1oXDTI4MDMxODIwNTM1M1owKTEZMBcGA1UEBRMQMjk2MGNiOWFlYmQ1MDVmNDEMMAoGA1UEDAwDVEVFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEjXELw7zFszCPjAS+Qn6zEFajdp6hD+53zSpN7egUzWfkFEh+wcLa4k67Fv2tKuekmLIhr4xidPllElgiwAyeB33abMJ5BckSX1ayj4lnpMVvYRovl/5ZHIKNIJMN/hC6o4G2MIGzMB0GA1UdDgQWBBTZCjmyzP+wdzrAqIzS/zURX5DNxjAfBgNVHSMEGDAWgBQ2YeEAfIgFCVGLRGxH/xpMyepPEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICBDBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwczovL2FuZHJvaWQuZ29vZ2xlYXBpcy5jb20vYXR0ZXN0YXRpb24vY3JsL0U4RkExOTYzMTREMkZBMTgwDQYJKoZIhvcNAQELBQADggIBAJKrsCoJam9qc1ZaHeQWf2TAjHDDVylLuUvczTSuu8VhZJiU0+yKGbTNnA13n/dvn7rmMj8W6ObWL582Se9MBBdKtAVeCG7qYFq+m6kYFIfL8sOuutKXG5eW+8VY4he0hu+5eZiS2e3mAZGYF9JwQTAv0H//6+9eLm/+j+L5tr2X4b7H6k2h4YW5HTIzIbVMvp/ic/zmv+RvrmYyXliaz1xglRqrJ6EiFI9/KsYYsSSVgorlrXPyKOBeXGc2SFIVQmLwfW4gc9BC8V4qBDcpFK1kxOfnkyXloVZeat4yuYFSIdtJq9FErMFHfp+pDjIKRGeeWWrPzkbELqtHUSeSktbqN229c+86YRfScxpx5iJ0Jp2YsHkiYDFs+0LOex2RNdOKErGKZ+8QbMtVxUIQARTlhZkeLTLAWufFcclEbZkpoe6jo131VjAlUrkQfK6dVVMx+gLhOffLjH9EmUOD8Y1an9DQCsZl1tpBN4WgInbRMlzBsKF17Z9BEW1f2A+Gn0mnznZoq6t0OxsvRJTEHEgswQh4Vkr77UYSdcwQ0flrpD9Oe6ObnB0VSSCVo1yhPC39R35Z5KDhiNS8BkuPaJoUK8RBbkl5ay4O86LFfY9tdAoHT0A/2hmq/NZhz48K1C9AJGtS+0+zHwSatjWJ7rM/KXAhJ0Nln/nMaeteQy2f

-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----

MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk

-----END CERTIFICATE-----



g1.pem: OK


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users