🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Besides checking for an empty attestation object, which can be the case when a client is not able to provide an attestation and which should fail issuance, there's now an additional check for the CBOR data to be well formed. Effectively that check will be performed twice, as it's done during unmarshaling too, but this way it's easier to surface invalid CBOR data errors to the user. The alternative is to catch specific errors from the cbor package.
Instead of returning an error to the client immediately, the error is stored with the challenge instead, as the challenge won't be solved using the same request body again.
Fixes #1902
Besides checking for an empty attestation object, which can be the case when a client is not able to provide an attestation and which should fail issuance, there's now an additional check for the CBOR data to be well formed. Effectively that check will be performed twice, as it's done during unmarshaling too, but this way it's easier to surface invalid CBOR data errors to the user. The alternative is to catch specific errors from the
cbor
package.Instead of returning an error to the client immediately, the error is stored with the challenge instead, as the challenge won't be solved using the same request body again.