verification failed because collateral is out of date
sho4510 opened this issue · 1 comments
I ran Attest enclave but it failed
[ using our own SGX-measurement verification callback (via command line options) ]
- ignoring ISV_PROD_ID
- ignoring ISV_SVN
. Seeding the random number generator... ok
. Connecting to tcp/localhost/8552... ok
. Setting up the SSL/TLS structure... ok
ok
. Installing RA-TLS callback ... ok
. Performing the SSL/TLS handshake...WARNING: The ra_tls_verify_callback_der() API is deprecated in favor of the ra_tls_verify_callback_extended_der() version of API.
Azure Quote Provider: libdcap_quoteprov.so [ERROR]: Could not retrieve environment variable for 'AZDCAP_DEBUG_LOG_LEVEL'
WARNING: The collateral is out of date.
ra_tls_verify_callback: Quote: verification failed because collateral is out of date
failed
! mbedtls_ssl_handshake returned -0x3000
Is it the same as the problem below?
"DCAP returns outdated collateral for Azure DCsv2/v3 machines"
microsoft/Azure-DCAP-Client#154
Looks like that issue. Never had an issue with out of date collateral, as it was just a warning. It should be an error though. If none of the fixes in that issue work, you should verify against Intel directly instead of going through MS. Basically remove az-dcap-client from the attestation verification instance and install all packets required to verify attestation with intel. Sadly, If I recount correctly, you need a full PCCS setup for that as well. There's also onchain DCAP attestation: https://github.com/automata-network/automata-dcap-v3-attestation