Open fpietrosanti opened 6 years ago
... I'm not entirely sure what went wrong here, but this feels like someone tried to put an internationalized string/domain name for a LE CSR and the entire thing went boom.
@evilaliv3 is that something we may find out from some kind of logs on the platform try. or it's because we're using a wildcard certification for all?
Platform: try.globaleaks.org Host: try.globaleaks.org (bvidswzoj322engc.onion) Version: 3.1.9
OpenSSL.crypto.Error An error occurred in an
OpenSSL.crypto
API.Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/internet/defer.py", line 1126, in _inlineCallbacks result = result.throwExceptionIntoGenerator(g)
File "/usr/lib/python2.7/dist-packages/twisted/python/failure.py", line 389, in throwExceptionIntoGenerator return g.throw(self.type, self.value, self.tb)
File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 548, in put yield acme_cert_issuance(self.request.tid)
File "/usr/lib/python2.7/dist-packages/twisted/python/threadpool.py", line 246, in inContext result = inContext.theWork()
File "/usr/lib/python2.7/dist-packages/twisted/python/threadpool.py", line 262, in
inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/globaleaks/orm.py", line 110, in _wrap result = function(session, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 528, in acme_cert_issuance return db_acme_cert_issuance(session, tid)
File "/usr/lib/python2.7/dist-packages/globaleaks/handlers/admin/https.py", line 518, in db_acme_cert_issuance Settings.acme_directory_url)
File "/usr/lib/python2.7/dist-packages/globaleaks/utils/letsencrypt.py", line 64, in run_acme_reg_to_finish csr = crypto_util.make_csr(priv_key, [hostname], False)
File "/usr/lib/python2.7/dist-packages/acme/crypto_util.py", line 174, in make_csr value=', '.join('DNS:' + d for d in domains).encode('ascii')
File "/usr/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 653, in init _raise_current_error()
File "/usr/lib/python2.7/dist-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue raise exception_type(errors)
Error: [('X509 V3 routines', 'X509V3_parse_list', 'invalid null value'), ('X509 V3 routines', 'DO_EXT_NCONF', 'invalid extension string'), ('X509 V3 routines', 'X509V3_EXT_nconf', 'error in extension')]