🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Fake reproducer: Configure empty JSON in the payload part of the JWK for /acme/acme/challenge/... HTTP call.
Real reproducer: Try to generate device certificate using device attestation on MacOS 15 Beta with INTEL processor with profile configuration attribute HardwareBound=false (link).
Your Environment
OS - MacOS 15 Beta
step-ca Version - v0.26.2
INTEL processor
HardwareBound=false
Expected Behavior
The server should return a client error -> status 400.
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Steps to Reproduce
/acme/acme/challenge/...
HTTP call.HardwareBound=false
(link).Your Environment
step-ca
Version - v0.26.2Expected Behavior
The server should return a client error -> status
400
.Actual Behavior
The server returns internal error -> status
500
.Unexpected error:
error validating challenge: error unmarshalling CBOR: EOF
Log message:Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).