After upgrading from v3.26 to v3.28 the ASN.1 parsing of the
SCEP GetCertInitial request containing an issuer_serial payload fails
because the parser seems to expect a pkcs10 payload instead
as the following log shows:
# PKIOperation - PKCSReq request with pkcs10 payload successful
2024/01/22 13:12:45 DEB Parsed URI: generic =>
[pid=1407|endpoint=generic|server=generic]
2024/01/22 13:12:45 DEB Incoming SCEP operation PKIOperation on endpoint
generic [pid=1407|server=generic|endpoint=generic]
2024/01/22 13:12:45 DEB Got PKIOperation via POST
[pid=1407|endpoint=generic|server=generic]
2024/01/22 13:12:45 DEB Config created
[pid=1407|endpoint=generic|server=generic]
2024/01/22 13:12:45 DEB Initialize client
[pid=1407|endpoint=generic|server=generic]
2024/01/22 13:12:45 DEB Started volatile session with id:
KZ+dfqjvSrqMY0bR8kWbLA== [pid=1407|endpoint=generic|server=generic]
2024/01/22 13:12:45 DEB Selecting auth stack _System
[pid=1407|server=generic|endpoint=generic]
2024/01/22 13:12:46 DEB Handle enrollment
[pid=1407|server=generic|endpoint=generic]
2024/01/22 13:12:46 DEB Adding extra params for message type PKCSReq
[pid=1407|server=generic|endpoint=generic]
2024/01/22 13:12:46 DEB Pickup via attribute with transaction_id =>
5A2019C1EB3543921E4FD658ECF88073BA62D781
[pid=1407|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic|server=generic]
2024/01/22 13:12:46 DEB Initialize certificate_enroll with params interface,
_url_params, signer_cert, server, pkcs10, transaction_id
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
2024/01/22 13:12:46 DEB Workflow created (ID: 28671), State:
MANUAL_AUTHORIZATION
[pid=1407|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic|server=generic]
2024/01/22 13:12:46 INF Request Pending - MANUAL_AUTHORIZATION
[pid=1407|server=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic]
2024/01/22 13:12:46 DEB Status: 202 Request Pending - Retry Later
(5A2019C1EB3543921E4FD658ECF88073BA62D781)
[pid=1407|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|server=generic]
2024/01/22 13:12:46 INF Send pending response for
5A2019C1EB3543921E4FD658ECF88073BA62D781
[pid=1407|server=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic]
2024/01/22 13:12:46 INF Disconnect client
[pid=1407|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic|server=generic]
# PKIOperation - GetCertInitial request with transaction_id and issuer_serial
payload fails
2024/01/22 13:13:46 DEB Parsed URI: generic =>
[pid=1407|server=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic]
2024/01/22 13:13:46 DEB Incoming SCEP operation PKIOperation on endpoint
generic
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
2024/01/22 13:13:46 DEB Got PKIOperation via POST
[pid=1407|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic|server=generic]
2024/01/22 13:13:46 DEB Config created
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
2024/01/22 13:13:46 DEB Initialize client
[pid=1407|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|server=generic]
2024/01/22 13:13:46 DEB Started volatile session with id:
siYXZDTVRqifdA3BD8uZxg==
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
2024/01/22 13:13:46 DEB Selecting auth stack _System
[pid=1407|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|server=generic]
2024/01/22 13:13:46 DEB Handle enrollment
[pid=1407|server=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic]
2024/01/22 13:13:46 DEB Adding extra params for message type GetCertInitial
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
2024/01/22 13:13:46 ERR Unable to parse PKCS10: decode: decode error 06<=>30 4
8 certificationRequestInfo at /usr/share/perl5/Convert/ASN1/_decode.pm line 117.
Cannot handle input or missing ASN.1 definitions at
/usr/share/perl5/Crypt/PKCS10.pm line 756.
Crypt::PKCS10::_new(undef, undef, undef, "ignoreNonBase64", 1,
"verifySignature", 1) called at /usr/share/perl5/Crypt/PKCS10.pm line 607
eval {...} called at /usr/share/perl5/Crypt/PKCS10.pm line 604
Crypt::PKCS10::new("Crypt::PKCS10",
"0\x{82}\x{b}\x{18}\x{6}\x{9}*\x{86}H\x{86}\x{f7}\x{d}\x{1}\x{7}\x{2}\x{a0}\x{82}\x{b}\x{9}0\x{82}\x{b}\x{5}\x{2}\x{1}\x{1}1\x{f}0\x{d}\x{6}\x{9}`\x{86}H\x{1}e\x{3}\x{4}\x{2}\x{1}\x{5}\x{0}0\x{82}\x{3}\x{e}\x{6}\x{9}*\x{86}H\x{86}\x{f7}\x{d}\x{1}\x{7}\x{1}\x{a0}\x{82}\x{2}"...,
"ignoreNonBase64", 1, "verifySignature", 1) called at
/usr/share/perl5/OpenXPKI/Client/Service/Base.pm line 185
OpenXPKI::Client::Service::Base::handle_enrollment_request(OpenXPKI::Client::Service::SCEP=HASH(0x5574a92cd9b0),
CGI::Fast=HASH(0x5574a6bc5e40)) called at /usr/lib/cgi-bin/scepv3.fcgi line 100
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
...
2024/01/22 13:13:46 DEB Status: 400 Unable to parse request
[pid=1407|server=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|endpoint=generic]
2024/01/22 13:13:46 WAR Client error / malformed request badRequest
[pid=1407|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781|server=generic]
2024/01/22 13:13:46 INF Disconnect client
[pid=1407|server=generic|endpoint=generic|tid=5A2019C1EB3543921E4FD658ECF88073BA62D781]
Best regards
Andreas
======================================================================
Andreas Steffen [email protected]
strongSwan - the Open Source VPN Solution! www.strongswan.org
strongSec GmbH, 8952 Schlieren (Switzerland)
======================================================================
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
