search

globaleaks / whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.22k stars 267 forks source link

Unhandled exception in An error occurred in an `OpenSSL.crypto` API. X509V3_parse_list #2344

Open fpietrosanti opened 6 years ago

fpietrosanti commented 6 years ago

Platform: try.globaleaks.org Host: try.globaleaks.org (bvidswzoj322engc.onion) Version: 3.1.9

OpenSSL.crypto.Error An error occurred in an OpenSSL.crypto API.

Traceback (most recent call last):

File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1126, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g)

File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 389, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb)

File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 548, in put yield acme_cert_issuance(self.request.tid)

File "/usr/lib/python2.7/dist-packages/twisted/python/threadpool.py", line 246, in inContext result = inContext.theWork()

File "/usr/lib/python2.7/dist-packages/twisted/python/threadpool.py", line 262, in inContext.theWork = lambda: context.call(ctx, func, *args, **kw)

File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw)

File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(*args,**kw)

File "/usr/lib/python2.7/dist-packages/globaleaks/orm.py", line 110, in _wrap result = function(session, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 528, in acme_cert_issuance return db_acme_cert_issuance(session, tid)

File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 518, in db_acme_cert_issuance Settings.acme_directory_url)

File "/usr/lib/python2.7/dist-packages/globaleaks/utils/letsencrypt.py", line 64, in run_acme_reg_to_finish csr = crypto_util.make_csr(priv_key, [hostname], False)

File "/usr/lib/python2.7/dist-packages/acme/crypto_util.py", line 174, in make_csr value=', '.join('DNS:' + d for d in domains).encode('ascii')

File "/usr/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 653, in init _raise_current_error()

File "/usr/lib/python2.7/dist-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors)

Error: [('X509 V3 routines', 'X509V3_parse_list', 'invalid null value'), ('X509 V3 routines', 'DO_EXT_NCONF', 'invalid extension string'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')]

NCommander commented 6 years ago

... I'm not entirely sure what went wrong here, but this feels like someone tried to put an internationalized string/domain name for a LE CSR and the entire thing went boom.

fpietrosanti commented 6 years ago

@evilaliv3 is that something we may find out from some kind of logs on the platform try. or it's because we're using a wildcard certification for all?