Hi Martin, we have a first beta version of the new SCEP server and I have installed it on our demo.openxpki.org server. So in case you are able to test against this, I would appreciate if you can give it a try. The service will also be part of the next release which will likely be done by the end of the week - so if you prefer/need to test in your own environment this will also be possible.
The new code is a pure perl implemenation and will accept any nonce size (and respond with a nonce of the same size) so I hope that the problem with 8 Bytes nonces will be solved. Any feedback is highly appreciated. best regards Oliver Am 24.10.21 um 20:09 schrieb Martin Arendtsen: > Hi > > I have been reading on the ML about this problem but I’m not able to > fix it with the commit > (https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815 > <https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815>) > > When trying to retrieve a certificate by SCEP I get this error. > > 2021/10/24 19:46:16 openxpki.system.ERROR > message_static_functions.c:249: Not valid CSR after decrpytion > LibSCEP.xs:1197: scep_unwrap failed > 34374492160:error:0D0C40D8:asn1 encoding > routines:c2i_ASN1_OBJECT:invalid object > encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, > Type=X509_NAME_ENTRY > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, > Type=X509_REQ_INFO > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, > Type=X509_REQ > [pid=80956|sid=Sonc] > 2021/10/24 19:46:16 openxpki.system.ERROR > I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => > OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => > message_static_functions.c:249: Not valid CSR after decrpytion > LibSCEP.xs:1197: scep_unwrap failed > 34374492160:error:0D0C40D8:asn1 encoding > routines:c2i_ASN1_OBJECT:invalid object > encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, > Type=X509_NAME_ENTRY > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, > Type=X509_REQ_INFO > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, > Type=X509_REQ > [pid=80956|sid=Sonc] > 2021/10/24 19:46:16 openxpki.system.ERROR Error executing SCEP command > 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => > OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => > message_static_functions.c:249: Not valid CSR after decrpytion > LibSCEP.xs:1197: scep_unwrap failed > 34374492160:error:0D0C40D8:asn1 encoding > routines:c2i_ASN1_OBJECT:invalid object > encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, > Type=X509_NAME_ENTRY > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, > Type=X509_REQ_INFO > 34374492160:error:0D08303A:asn1 encoding > routines:asn1_template_noexp_d2i:nested asn1 > error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, > Type=X509_REQ > [pid=80956|sid=Sonc] > > I have added the fix as linked above but it still gives me that error. > sscep works like a charm. > > So I need a hint to what I have missed - any ideas? > > Best regards > Martin Arendtsen > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
