False-positive Malformed CSR Advisory?

iandunn · October 12, 2016, 5:27pm

I got an automated email from LE informing me that my CSRs were affected by the OpenSSL bug that resulted in malformed integer fields, but when I checked them, they look correct:

> openssl asn1parse -inform pem -in 2013.albuquerque.wordcamp.org.crt
    0:d=0  hl=4 l=1279 cons: SEQUENCE          
    4:d=1  hl=4 l= 999 cons: SEQUENCE          
    8:d=2  hl=2 l=   3 cons: cont [ 0 ]        
   10:d=3  hl=2 l=   1 prim: INTEGER           :02
   [...]

(full output)

I posted a comment asking if there could be any other causes for receiving the email, or anything else I should test for, but I haven’t heard anything.

So, now I’m worried that something might be broken, but I won’t know until the 17th when they start rejecting requests, and then I’ll have to scramble to fix it, without knowing what is actually wrong.

Does anyone have any extra insight into this or ideas of things I can test for?

schoen · October 12, 2016, 6:16pm

@jsha @cpu could someone on the server side take a look at this?

jsha · October 12, 2016, 6:34pm

Thanks for tagging me! I posted on the original thread: OpenSSL bug information.

system · November 11, 2016, 6:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.