CSR parsing fails on specific Key Usage?

leader · July 18, 2016, 8:30pm

It appears that having a Key Usage ext on CSR triggers failure to parse the CSR on boulder side. Not always though, but only if “critical” is set. For example:

    Requested Extensions:
        X509v3 Key Usage:
            Digital Signature, Key Encipherment

Works. But:

    Requested Extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment

Fails.

Could anyone on the dev team please confirm? Note - this is not the CSR generated by the client, this is an actual use case of CSR used with the client but generated by a specific networking equipment.

pfg · July 18, 2016, 8:43pm

Yep, that’s a known bug triggered if there’s any extension with the critical flag in the CSR:

Should be fixed once boulder moves to Go 1.6.

leader · July 18, 2016, 9:18pm

Cheers, good to know. Any estimate on when the shift to 1.6 might happen?

system · August 17, 2016, 9:19pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.