From: ori@eigenstate.org
To: 9front@9front.org
Subject: [9front] letsencrypt vs rsa2csr
Date: Sun, 08 Aug 2021 12:05:20 -0400 [thread overview]
Message-ID: <ABE4F143AA41FE67CB5ADEF1A69DBA02@eigenstate.org> (raw)
Earlier today, sirjofri reported a bug with
acmed:
sirjofri | ori: resp={
sirjofri | "type": "urn:ietf:params:acme:error:malformed",
sirjofri | "detail": "Error parsing certificate request:
asn1: structure error: tags don't match (0 vs {class:2 tag:0
length:0 isCompound:false}) {optional:false explicit:false
application:false private:false defaultValue:\u003cnil\u003e
tag:0xc0026c5548 stringType:0 timeType:0 set:false
omitEmpty:false} @323"
After some investigation into what was different between us
and openssl, it looks like openssl was setting empty containers
as constructed, but we werent:
$ diff -u ok.dump sad.dump
--- ok.dumpSun Aug 8 08:21:57 2021
+++ sad.dumpSun Aug 8 08:27:49 2021
@@ -5,13 +5,13 @@
13:d=3 hl=2 l= 23 cons: SET
15:d=4 hl=2 l= 21 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :commonName
- 22:d=5 hl=2 l= 14 prim: UTF8STRING :eigenstate.org
+ 22:d=5 hl=2 l= 14 prim: PRINTABLESTRING :eigenstate.org
38:d=2 hl=4 l= 290 cons: SEQUENCE
42:d=3 hl=2 l= 13 cons: SEQUENCE
44:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
55:d=4 hl=2 l= 0 prim: NULL
57:d=3 hl=4 l= 271 prim: BIT STRING
- 332:d=2 hl=2 l= 0 cons: cont [ 0 ]
+ 332:d=2 hl=2 l= 0 prim: cont [ 0 ]
334:d=1 hl=2 l= 13 cons: SEQUENCE
336:d=2 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
347:d=2 hl=2 l= 0 prim: NULL
Here's a patch that changes this. I'm not
a native asn.1 speaker, so I'm not entirely
sure that this is correct. Do we only want
to do this for some containers, or do we want
it for all of them?
--- //.git/fs/object/3909b83a90ff0c820ef7c903a03fc12b043ebfea/tree/sys/src/libsec/port/x509.c
+++ sys/src/libsec/port/x509.c
@@ -1025,8 +1025,8 @@
el = e.val.u.setval;
else
err = ASN_EINVAL;
+ *pconstr = CONSTR_MASK;
if(el != nil) {
- *pconstr = CONSTR_MASK;
for(; el != nil; el = el->tl) {
err = enc(&p, el->hd, lenonly);
if(err != ASN_OK)
next reply other threads:[~2021-08-08 19:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-08 16:05 ori [this message]
2021-08-08 20:23 ` Michael Forney
2021-08-08 23:54 ` ori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ABE4F143AA41FE67CB5ADEF1A69DBA02@eigenstate.org \
--to=ori@eigenstate.org \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).