Hello, I discovered a bit user unfriendly behavior: I made a SCEP request to enroll a certificate, but I encrypted it with a wrong CA certificate. The openxpki returned "500 Internal Server Error" saying "SCEP Response was empty" in the message body, which is a bit misleading message. The correct error is was hidden in the openxpki.log, which said "no recipient matches certificate".
Is this the right error to be returned in this case? Kind Regards, Petr P.S. This was the openxpki.log 2020/04/12 13:39:15 ERROR 139915524977088:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:../crypto/pkcs7/pk7_doit.c:491: 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:../crypto/pkcs7/pk7_smime.c:500:message_static_functions.c:221: decryption failed LibSCEP.xs:1197: scep_unwrap failed [pid=13596|sid=hQ1P] 2020/04/12 13:39:15 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => 139915524977088:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:../crypto/pkcs7/pk7_doit.c:491: 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:../crypto/pkcs7/pk7_smime.c:500: message_static_functions.c:221: decryption failed LibSCEP.xs:1197: scep_unwrap failed [pid=13596|sid=hQ1P] 2020/04/12 13:39:15 ERROR Error executing SCEP command 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => 139915524977088:error:21070073:PKCS7 routines:PKCS7_dataDecode:no recipient matches certificate:../crypto/pkcs7/pk7_doit.c:491: 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt error:../crypto/pkcs7/pk7_smime.c:500:message_static_functions.c:221: decryption failed LibSCEP.xs:1197: scep_unwrap failed [pid=13596|sid=hQ1P]
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
