Prior to Go 1.5 it was not possible to parse CSRs which included single attributes like challenge password( OID 1.2.840.113549.1.9.7) See https://github.com/cloudflare/cfssl/issues/115
Currently there is no good way to parse and marshal a CSR with attributes that don't fit in the structure defined by pkix.AttributeTypeAndValueSET. Challenge Password is a necessary attribute when implementing the SCEP Protocol which is widely used in IoT and Mobile Device Management environments like the Apple MDM spec.
To extract or add a challenge password attribute, the CSR has to be unmarshalled and modified separately from the x509/crypto. Here's an example workaround which reimplements parsing and marshaling the CertificateRequest type.
The x509/crypto library should have a method for handling special attributes in the CSR. As CL #8160 mentions in the review comments, one possible solution is to add a RawAttributes field to the CertificateRequest struct.
Prior to Go 1.5 it was not possible to parse CSRs which included single attributes like challenge password( OID 1.2.840.113549.1.9.7) See https://github.com/cloudflare/cfssl/issues/115
This issue was addressed in CL #8160 https://github.com/cloudflare/go/commit/23fca3da84e991bf8b85e1919b65a4ac390814fa by ignoring those attributes.
Currently there is no good way to parse and marshal a CSR with attributes that don't fit in the structure defined by
pkix.AttributeTypeAndValueSET
. Challenge Password is a necessary attribute when implementing the SCEP Protocol which is widely used in IoT and Mobile Device Management environments like the Apple MDM spec. To extract or add a challenge password attribute, the CSR has to be unmarshalled and modified separately from thex509/crypto
. Here's an example workaround which reimplements parsing and marshaling the CertificateRequest type.The
x509/crypto
library should have a method for handling special attributes in the CSR. As CL #8160 mentions in the review comments, one possible solution is to add aRawAttributes
field to the CertificateRequest struct.