CSR parsing fails on specific Key Usage?

It appears that having a Key Usage ext on CSR triggers failure to parse the CSR on boulder side. Not always though, but only if “critical” is set. For example:

    Requested Extensions:
        X509v3 Key Usage:
            Digital Signature, Key Encipherment

Works. But:

    Requested Extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment


Could anyone on the dev team please confirm? Note - this is not the CSR generated by the client, this is an actual use case of CSR used with the client but generated by a specific networking equipment.

Yep, that’s a known bug triggered if there’s any extension with the critical flag in the CSR:

Should be fixed once boulder moves to Go 1.6.

Cheers, good to know. Any estimate on when the shift to 1.6 might happen?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.