Closed nlang closed 1 year ago
Hi @nlang
Your CSR is malformed...
If you look at your ASN.1:
The outer SEQUENCE has the right number of elements, but the first inner SEQUENCE has 3 elements, but needs 4:
This follows here: https://www.rfc-editor.org/rfc/rfc2986#section-4.1 -- notice how there's 4 elements in the CertificationRequestInfo
element, none of which are marked optional.
P.S. https://lapo.it/asn1js/ is a useful site for debugging ASN.1 blobs -- I find it is more clear than openssl asn1parse
, which works offline but lacks the helpful highlighting in the hexdump &c.
Thanks @cipherboy, we'll have to take a look on our CSR generation then.
Yeah, I'm rather curious to hear how this CSR was generated :-)
Unless you're doing manual construction somehow, most ecosystems I know of (OpenSSL, NSS, Golang, and perhaps BouncyCastle) will generate CSRs correctly... I think the exception to the latter ecosystem (JSS, BouncyCastle, JDK) is if you're using the raw ASN construction directly, versus a higher-level interface over CSR. I suppose that holds for Golang or OpenSSL as well... But 90% of people probably just use openssl req
...
The CSR is generated on a embedded device with limited resources. I had a chat with the developers, and as far as I understood they construct the CSR themselves because BouncyCastle would not fit on the device and they have no tools for it in their Java Version which apparently is 1.7.
Does sun.security.pkcs.PKCS10
work on this embedded device? My Java is admittedly rusty (I think JDK7 exposes everything but maybe JDK9+ put it into a module and hid it).
But that is interesting, note the javadoc:
* The ASN.1 syntax for a Certification Request is:
* <pre>
* CertificationRequest ::= SEQUENCE {
* certificationRequestInfo CertificationRequestInfo,
* signatureAlgorithm SignatureAlgorithmIdentifier,
* signature Signature
* }
*
* SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
* Signature ::= BIT STRING
*
* CertificationRequestInfo ::= SEQUENCE {
* version Version,
* subject Name,
* subjectPublicKeyInfo SubjectPublicKeyInfo,
* attributes [0] IMPLICIT Attributes
* }
* Attributes ::= SET OF Attribute
* </pre>
Here, in the JDK it mentions that the attribute is IMPLICIT, but RFC 2986 doesn't make it IMPLICIT... (PKCS10 Version 1.7)...
It looks like the older RFC 2314 PKCS10 version 1.5 makes it IMPLICIT. This is likely why OpenSSL parses it.
I'll try filing a Go issue about this -- may I use your CSR above, or would you prefer to provide another CSR with just a example.com
CN?
(Our CSR parser is from Go's crypto/x509
).
Hi @cipherboy, thanks for the input. I forwarded it to the developers. Of course you can use the CSR for filing the issue. By the way, we also use "node-forge" (a native javascript crypto lib) and it also parses the CSR without complaining. Thanks for your support!
@nlang Aha, I reviewed my ASN.1 terminology in preparing to file the Go issue: IMPLICIT
doesn't mean OPTIONAL
, but instead has to do with the type tagging (taking the value [0]
) on the CertificationRequestInfo
's SEQUENCE
member. See e.g., 2.3 Implicitly and explicitly tagged types
of https://luca.ntop.org/Teaching/Appunti/asn1.html.
I believe, if you're getting a CSR without this attribute, its just poorly constructed, unless you've got an even earlier reference to PKCS10 prior to RFC 2314 where it is both IMPLICIT
and OPTIONAL
.
I'll still file this as a Go issue, but while OpenSSL and node-forge
parse it, I'm less optimistic (about Go accepting this for fix).
Describe the bug wIth a default configured PKI backend and generated CA, when trying to issue a certificate using a csr, vault produces the following error:
To Reproduce Steps to reproduce the behavior:
Expected behavior A new certificate to be issued
Environment:
vault status
): 1.7.1vault version
): Vault v1.10.1 ('e452e9b30a9c2c8adfa1611c26eb472090adc767+CHANGES')Vault server configuration file(s):
Additional context The error does not occur with every CSR. But the CSR with which the error occurs is completely fine and can be used with
openssl x509 -req ...
command to get a certifcate without errors when using the same CA that vault uses.Unfortunately, the error does not help to figure out what is really going on. As the CSR can be used with openssl to issue a certificate I consider this a bug. If nevertheless this is not considered a bug, any help would be greatly appreciated to resolve the issue.