CSR parsing fails on specific Key Usage?


#1

It appears that having a Key Usage ext on CSR triggers failure to parse the CSR on boulder side. Not always though, but only if “critical” is set. For example:

    Requested Extensions:
        X509v3 Key Usage:
            Digital Signature, Key Encipherment

Works. But:

    Requested Extensions:
        X509v3 Key Usage: critical
            Digital Signature, Key Encipherment

Fails.

Could anyone on the dev team please confirm? Note - this is not the CSR generated by the client, this is an actual use case of CSR used with the client but generated by a specific networking equipment.


#2

Yep, that’s a known bug triggered if there’s any extension with the critical flag in the CSR:

Should be fixed once boulder moves to Go 1.6.


#3

Cheers, good to know. Any estimate on when the shift to 1.6 might happen?


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.