Issue #615: SCEP PKIOperation InvalidBERException - dogtagpki

dogtagpki

#615 SCEP PKIOperation InvalidBERException

Closed: Fixed None Opened 12 years ago by nkinder.

Cisco router, the model is probably:
Router MSR20-21 (Comware). 5.20 Release 2207P02
( the config is showing this:
version 5.20, Release 2207P02, Standard
)

Steps to Reproduce:

have a CA instance configured
enable SCEP
/etc/init.d/pki-ca stop
cp -p /etc/pki-ca/CS.cfg /etc/pki-ca/CS.cfg-1
vi /etc/pki-ca/CS.cfg
...
ca.scep.enable=true

/etc/init.d/pki-ca start

take request from collected CA debug log, convert to escape and
remove \n
submit request using csr using wget to the EE interface for SCEP
enrollment, example:

wget http://ca1.example.com:9180/ca/ee/ca/pkiclient --post-data 'operation=PKIO
peration&message=MIIJiAYJKoZIhvcNAQcCoIIJeTCCCXUCAQExDjAMBggqhkiG9w0CBQUAMIIEZg
YJKoZIhvcNAQcBoIIEVwSCBFMwggRPBgkqhkiG9w0BBwOgggRAMIIEPAIBADGCAYcwggGDAgEAMGswZ
jEYMBYGA1UEChMPUGNjU3NuSHAgRG9tYWluMQ8wDQYDVQQLEwZwa2ktY2ExOTA3BgNVBAMTMEhld2xl
dHQtUGFja2FyZCBFUyBQQ0MgTGFiIENlcnRpZmljYXRlIEF1dGhvcml0eQIBBjANBgkqhkiG9w0BAQE
FAASCAQBzZL6jnU6sHn0ZG%2FuQ2Bqm137bwNPjMzH%2BxFy%2Bb2Va0uAJzTYjsU1A66te3r%2BCE9
BcyNZqFl%2F1HQ84BHPVvZyfeDSgx8E0SkOmCG2xnLIL%2BjW%2BlEZUGngr%2BrEeaKZEpcog2gs%2
FDY%2BEAbv36%2FknQyro%2BjrpYL8TI3Y0MT%2F7BssKWq99p1sRnjgR9Bm5o3Uu5E4EudYEj7GETb
SjLCUe8r4a3U63bnx3gYir2rUJX8wwvrcPXBbR24I9fkCIxaUQd89uxYvg7W9k%2F0SMe4nLPq9a39r
BzMPHnuvTVYYLr9eBQiXt2C911lrTtxhekXXI04T1so4lfK8E5T3lsAiTAL85MIICqgYJKoZIhvcNAQ
cBMBEGBSsOAwIHBAjkfW0ASyuioYCCAogbIMh0q6GMmY7kb09Y%2BtoUHuI95XGkavK1%2FetxesN00
cqMECDiW6FC4CtOH7f1zkTlZQGqzTjkpX4p7TfxIoqADraZ4HwI6ZxNa7Oy%2FrkFk1PFP9TeH1CaVW
R34zzGuSOBJmCWcpSc%2BBhrHJX%2FF6%2FV4tCmOmFEZbCZwrv7qYid9LNU47p1jWSa0njpyKGYft4
pDYgQkt29h2wLiNu2N7FsXNhfxngyBI1Hy25xteCcuUtDbrlwaOVosOYyZNGvh7Xv1Ks2Xn05nq2HR7
ZHR3Kvp2pApCiMlMFms%2BWvJxTACjKizjLcqY9QYyeZ3TUvEyTTjcNX72B6rXs8IdD9IBrb3eKIgq9
ZHCyUZCEMdCr1hAFZGW9CVkuBEqrSWTgZn3c0iD8lXflPbLme0BLqfx%2BylJf0QGui6ZInhuBj5Cfq
aUInStEam6aZ6Sm1g6VSEZnMILojn6N236U1aE5rUg5SCsskbFOE1tYDo5dcYyN7OR6N4e%2B3MhuhM
1IIYtCRsR4%2Fja3Gq%2BvYpsKw1l2JPpx%2BP2rPz%2FiPzTHiemSY2PgYw3D8c08fGicLDRYZwLdV
P1UPpQ%2BOXjJwwXivGk18Pbbv26Wb8tusZyO0ut1L1z5vsb%2BRIj6BQpCEZZNl4Xg1q2ZYKGMGeLc
RB5bVm1ceShNgPij5T7R3ZL7QNQ3edrPPGJKUhgWszFHYyRyGgV7vUiNdb6xdLZmCzUkTys%2Ftnz5P
3KnAbrG%2FNLmm%2B8aYwiYR1X2uu8rC5F%2FrC5uxJXWaagnWe%2BC4PtVkeSXYqzX2q8eLU%2F%2B
Fg4BWM%2BnIH3XCjiUjKka%2BxtFGHx889gtt2OZGqCxQvduZDKhS8erxkx22ITvKxwuyF0DTUNCggg
LIMIICxDCCAaygAwIBAwIgRjYyQjM1NzE3NUE5MTJEOUY1RkY2NzBBNjk4NUI4NTAwDQYJKoZIhvcNA
QEEBQAwFjEUMBIGA1UEAxMLcmgtdGVzdC1ydHIwHhcNMTMwMjA4MDU0MDQwWhcNMTQwMjA4MDU0MDQw
WjAWMRQwEgYDVQQDEwtyaC10ZXN0LXJ0cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOs
IpJSMfIm1cr0NE0kpXLBE8Pw3vFfoDxjiwN9lbjyBKRQfwzq1alQbkRmi7ddleuWJS0YsUlqoPfbxL0
j%2FnvwR6lYC4FpAVm8arvijyntHLPKroiS5%2BRe972uEk0Oe4n5cobP7bvy2P9fdmzPoSwukkY2aO
552I1juNneuXVzCO5qwMEgfHGgq1ni1KjommFup3%2FloRvBRsQY165OzTk1QwaKTvi3O9h7OhaIXEl
Fstkp2lW2XwiiZTYcq9b9C83cAHZQ%2F%2BfilvSb6r7wOiZ98m0ZdYqmWgfZUCJmi2tEjC2iN9qh8S
DXg3rxJBywc%2BmoaRn6Hz%2Bwp82Bo7Spi2v0CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEA1kHOSCBC
8NVznzyZGBSiJclyblroTviSmrm%2BhLlieuwmQaFLBzSR4eUT5OYsiDOpsQ4cOBL1XfbaVE%2FTG8B
R8NqBBn3fJgsP8x2Qhqx806xl6Zw%2B5Gw%2B72kMgon%2FN8hYlrpjV%2Fi96h8xnvekHet301cpUG
f7s38o51JIZPw4X5j%2BNBe%2Fhi16qYTAYM7rDCf8IHzrHSZP7KjucwpoTebENb7OzCo5sTk%2Ft97
j1P1pNF%2F2kuElnOKWLVTfSFYOurofOSL8anUUWjtsXhCwQUqakeu0cktFNhzp%2FcabBQAgyKdURb
eCIjKZNUAOQ0jC%2BMRkUcvOOkTg0VGOuPhtFVe0UjGCAigwggIkAgEBMDowFjEUMBIGA1UEAxMLcmg
tdGVzdC1ydHICIEY2MkIzNTcxNzVBOTEyRDlGNUZGNjcwQTY5ODVCODUwMAwGCCqGSIb3DQIFBQCggc
EwEgYKYIZIAYb4RQEJAjEEEwIxOTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJB
TEPFw0xMzAyMDgwNTQwNDBaMB8GCSqGSIb3DQEJBDESBBDmQXWNFDf9DS%2BS52vqZtfvMCAGCmCGSA
GG%2BEUBCQUxEgQQP6KsesXEvFoKz%2FTGfxfbijAwBgpghkgBhvhFAQkHMSITIEY2MkIzNTcxNzVBO
TEyRDlGNUZGNjcwQTY5ODVCODUwMA0GCSqGSIb3DQEBAQUABIIBAA00Uc5qyKVEGTmdNyAWpNNYS5y%
2BKVxfIzcESyKuBbkSIgLylLaFFfoV%2BrBVqIDMPsbpavpsgauvL2Fah3YF7dG4LOBnrRIwPWVwMjw
L2kxCR%2BpIlTGMY0Wlz8sT6GnvII9%2FW1ihlk4qRPu5nS9pk3ZyIyNJ6L%2BMyz%2FnQjVyqEsaer
NDfIIudNOnFVukKfIx%2B84KN0msv203q1kYGguYVfkcpI4B1fsRNJgx8U9Yy11iHu%2FHaIWxguqdD
6A2%2FSRpS6jiUYTnhRRMSZZuuB%2BrwU4xAlGzB0%2FptI2ZYW%2F2gEpPzmjqfj2BgtIr3pWQ2UWW
iMuju7AiMr5JmtQGrD%2BsUUA%3D'

Actual results:

--2013-03-12 15:41:15-- http://ca1.example.com:9180/ca/ee/ca/pkiclient
Resolving ca1.example.com... 10.14.5.17
Connecting to ca1.example.com|10.14.5.17|:9180... connected.
HTTP request sent, awaiting response... 500 Internal Server Error
2013-03-12 15:41:15 ERROR 500: Internal Server Error.

[[12/Mar/2013:15:41:15]http-9180-Processor25:
CRSEnrollment: init: SCEP support is enabled.
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init: SCEP
nickname: caSigningCert cert-pki-ca
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init: CA
nickname: caSigningCert cert-pki-ca
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init: Token
name: Internal Key Storage Token
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init: Is SCEP
using CA keys: true
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mNonceSizeLimit: 16
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mHashAlgorithm: SHA1
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mHashAlgorithmList: SHA1,SHA256,SHA512
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mAllowedHashAlgorithm[0]=SHA1
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mAllowedHashAlgorithm[1]=SHA256
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mAllowedHashAlgorithm[2]=SHA512
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mEncryptionAlgorithm: DES3
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mEncryptionAlgorithmList: DES3
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mAllowedEncryptionAlgorithm[0]=DES3
[12/Mar/2013:15:41:15]http-9180-Processor25: CRSEnrollment: init:
mProfileId=caRARouterCert
[12/Mar/2013:15:41:15]http-9180-Processor25: operation=PKIOperation
[12/Mar/2013:15:41:15]http-9180-Processor25: message=MIIJiAYJKoZIhvcNAQcCoIIJ
eTCCCXUCAQExDjAMBggqhkiG9w0CBQUAMIIEZgYJKoZIhvcNAQcBoIIEVwSCBFMwggRPBgkqhkiG9w0
BBwOgggRAMIIEPAIBADGCAYcwggGDAgEAMGswZjEYMBYGA1UEChMPUGNjU3NuSHAgRG9tYWluMQ8wDQ
YDVQQLEwZwa2ktY2ExOTA3BgNVBAMTMEhld2xldHQtUGFja2FyZCBFUyBQQ0MgTGFiIENlcnRpZmljY
XRlIEF1dGhvcml0eQIBBjANBgkqhkiG9w0BAQEFAASCAQBzZL6jnU6sHn0ZG/uQ2Bqm137bwNPjMzH+
xFy+b2Va0uAJzTYjsU1A66te3r+CE9BcyNZqFl/1HQ84BHPVvZyfeDSgx8E0SkOmCG2xnLIL+jW+lEZ
UGngr+rEeaKZEpcog2gs/DY+EAbv36/knQyro+jrpYL8TI3Y0MT/7BssKWq99p1sRnjgR9Bm5o3Uu5E
4EudYEj7GETbSjLCUe8r4a3U63bnx3gYir2rUJX8wwvrcPXBbR24I9fkCIxaUQd89uxYvg7W9k/0SMe
4nLPq9a39rBzMPHnuvTVYYLr9eBQiXt2C911lrTtxhekXXI04T1so4lfK8E5T3lsAiTAL85MIICqgYJ
KoZIhvcNAQcBMBEGBSsOAwIHBAjkfW0ASyuioYCCAogbIMh0q6GMmY7kb09Y+toUHuI95XGkavK1/et
xesN00cqMECDiW6FC4CtOH7f1zkTlZQGqzTjkpX4p7TfxIoqADraZ4HwI6ZxNa7Oy/rkFk1PFP9TeH1
CaVWR34zzGuSOBJmCWcpSc+BhrHJX/F6/V4tCmOmFEZbCZwrv7qYid9LNU47p1jWSa0njpyKGYft4pD
YgQkt29h2wLiNu2N7FsXNhfxngyBI1Hy25xteCcuUtDbrlwaOVosOYyZNGvh7Xv1Ks2Xn05nq2HR7ZH
R3Kvp2pApCiMlMFms+WvJxTACjKizjLcqY9QYyeZ3TUvEyTTjcNX72B6rXs8IdD9IBrb3eKIgq9ZHCy
UZCEMdCr1hAFZGW9CVkuBEqrSWTgZn3c0iD8lXflPbLme0BLqfx+ylJf0QGui6ZInhuBj5CfqaUInSt
Eam6aZ6Sm1g6VSEZnMILojn6N236U1aE5rUg5SCsskbFOE1tYDo5dcYyN7OR6N4e+3MhuhM1IIYtCRs
R4/ja3Gq+vYpsKw1l2JPpx+P2rPz/iPzTHiemSY2PgYw3D8c08fGicLDRYZwLdVP1UPpQ+OXjJwwXiv
Gk18Pbbv26Wb8tusZyO0ut1L1z5vsb+RIj6BQpCEZZNl4Xg1q2ZYKGMGeLcRB5bVm1ceShNgPij5T7R
3ZL7QNQ3edrPPGJKUhgWszFHYyRyGgV7vUiNdb6xdLZmCzUkTys/tnz5P3KnAbrG/NLmm+8aYwiYR1X
2uu8rC5F/rC5uxJXWaagnWe+C4PtVkeSXYqzX2q8eLU/+Fg4BWM+nIH3XCjiUjKka+xtFGHx889gtt2
OZGqCxQvduZDKhS8erxkx22ITvKxwuyF0DTUNCgggLIMIICxDCCAaygAwIBAwIgRjYyQjM1NzE3NUE5
MTJEOUY1RkY2NzBBNjk4NUI4NTAwDQYJKoZIhvcNAQEEBQAwFjEUMBIGA1UEAxMLcmgtdGVzdC1ydHI
wHhcNMTMwMjA4MDU0MDQwWhcNMTQwMjA4MDU0MDQwWjAWMRQwEgYDVQQDEwtyaC10ZXN0LXJ0cjCCAS
IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOsIpJSMfIm1cr0NE0kpXLBE8Pw3vFfoDxjiwN9lb
jyBKRQfwzq1alQbkRmi7ddleuWJS0YsUlqoPfbxL0j/nvwR6lYC4FpAVm8arvijyntHLPKroiS5+Re9
72uEk0Oe4n5cobP7bvy2P9fdmzPoSwukkY2aO552I1juNneuXVzCO5qwMEgfHGgq1ni1KjommFup3/l
oRvBRsQY165OzTk1QwaKTvi3O9h7OhaIXElFstkp2lW2XwiiZTYcq9b9C83cAHZQ/+filvSb6r7wOiZ
98m0ZdYqmWgfZUCJmi2tEjC2iN9qh8SDXg3rxJBywc+moaRn6Hz+wp82Bo7Spi2v0CAwEAATANBgkqh
kiG9w0BAQQFAAOCAQEA1kHOSCBC8NVznzyZGBSiJclyblroTviSmrm+hLlieuwmQaFLBzSR4eUT5OYs
iDOpsQ4cOBL1XfbaVE/TG8BR8NqBBn3fJgsP8x2Qhqx806xl6Zw+5Gw+72kMgon/N8hYlrpjV/i96h8
xnvekHet301cpUGf7s38o51JIZPw4X5j+NBe/hi16qYTAYM7rDCf8IHzrHSZP7KjucwpoTebENb7OzC
o5sTk/t97j1P1pNF/2kuElnOKWLVTfSFYOurofOSL8anUUWjtsXhCwQUqakeu0cktFNhzp/cabBQAgy
KdURbeCIjKZNUAOQ0jC+MRkUcvOOkTg0VGOuPhtFVe0UjGCAigwggIkAgEBMDowFjEUMBIGA1UEAxML
cmgtdGVzdC1ydHICIEY2MkIzNTcxNzVBOTEyRDlGNUZGNjcwQTY5ODVCODUwMAwGCCqGSIb3DQIFBQC
ggcEwEgYKYIZIAYb4RQEJAjEEEwIxOTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQ
EJBTEPFw0xMzAyMDgwNTQwNDBaMB8GCSqGSIb3DQEJBDESBBDmQXWNFDf9DS+S52vqZtfvMCAGCmCGS
AGG+EUBCQUxEgQQP6KsesXEvFoKz/TGfxfbijAwBgpghkgBhvhFAQkHMSITIEY2MkIzNTcxNzVBOTEy
RDlGNUZGNjcwQTY5ODVCODUwMA0GCSqGSIb3DQEBAQUABIIBAA00Uc5qyKVEGTmdNyAWpNNYS5y+KVx
fIzcESyKuBbkSIgLylLaFFfoV+rBVqIDMPsbpavpsgauvL2Fah3YF7dG4LOBnrRIwPWVwMjwL2kxCR+
pIlTGMY0Wlz8sT6GnvII9/W1ihlk4qRPu5nS9pk3ZyIyNJ6L+Myz/nQjVyqEsaerNDfIIudNOnFVukK
fIx+84KN0msv203q1kYGguYVfkcpI4B1fsRNJgx8U9Yy11iHu/HaIWxguqdD6A2/SRpS6jiUYTnhRRM
SZZuuB+rwU4xAlGzB0/ptI2ZYW/2gEpPzmjqfj2BgtIr3pWQ2UWWiMuju7AiMr5JmtQGrD+sUUA=
org.mozilla.jss.asn1.InvalidBERException: SEQUENCE(item #3) >> SET
at org.mozilla.jss.asn1.SET$Template.decode(SET.java:726)
at org.mozilla.jss.asn1.SET$OF_Template.decode(SET.java:874)
at org.mozilla.jss.asn1.SEQUENCE$Template.decode(SEQUENCE.java:402)
at
org.mozilla.jss.pkcs7.SignedData$Template.decode(SignedData.java:415)
at
org.mozilla.jss.pkcs7.SignedData$Template.decode(SignedData.java:409)
at com.netscape.cmsutil.scep.CRSPKIMessage.decodeCRSPKIMessage(CRSPKIMe
ssage.java:703)
at
com.netscape.cmsutil.scep.CRSPKIMessage.<init>(CRSPKIMessage.java:716)
at com.netscape.cms.servlet.cert.scep.CRSEnrollment.handlePKIOperation(
CRSEnrollment.java:781)
at com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnrollme
nt.java:305)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
ssorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App
licationFilterChain.java:262)
at org.apache.catalina.core.ApplicationFilterChain.access$0(Application
FilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFil
terChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(Application
FilterChain.java:167)
at com.netscape.cms.servlet.filter.EERequestFilter.doFilter(EERequestFi
lter.java:139)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
ssorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:537)
at
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:218)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(App
licationFilterChain.java:210)
at org.apache.catalina.core.ApplicationFilterChain.access$0(Application
FilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFil
terChain.java:171)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(Application
FilterChain.java:167)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapper
Valve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContext
Valve.java:172)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVa
lve.java:108)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.
processConnection(Http11BaseProtocol.java:665)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndp
oint.java:528)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFo
llowerWorkerThread.java:81)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thread
Pool.java:685)
at java.lang.Thread.run(Thread.java:679)
[12/Mar/2013:15:41:15]http-9180-Processor25: ServletException
javax.servlet.ServletException: Could not decode the request.

A dumpasn1 of th request does not show any errors, but that request is quite
larger than usual ones.

awnuk commented 11 years ago

Look at request pretty print included above shows that certificate included in the certificate list has invalid version 4

        . . .
        Certificate List:
            Certificate (1):
                Data:
                    Version: 4 (0x3)
        . . .

where currently allowed versions specified in RFC 5280 are:

   . . .
   Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
   . . .

see: http://tools.ietf.org/html/rfc5280#section-4.1

This issue requires more investigation. (https://bugzilla.redhat.com/show_bug.cgi?id=921307)

awnuk commented 11 years ago

This is copy of [comment #20] from https://bugzilla.redhat.com/show_bug.cgi?id=921307 bug #921307:

Any SCEP request generated with an INCORRECT certificate version 4 causes the same parsing error as reported by this customer, while any SCEP request with certificate version 3 are parsed properly.

As previously reported in [comment #9] of https://bugzilla.redhat.com/show_bug.cgi?id=921307 bug #921307, the standard way to encode the version of any X509 certificate is the following:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
see: http://tools.ietf.org/html/rfc5280#section-4.1 and X509 standard.

Metadata Update from @nkinder:
- Issue assigned to awnuk
- Issue set to the milestone: 10.1 - 10/13 (October)

8 years ago

dmoluguw commented 4 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1185

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

awnuk

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.1 - 10/13 (October)

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=921307

type

defect

version

None

keywords

None

estimate

None

feature

None

origin

RHCust

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

General

proposedmilestone

None

dogtagpki

Source Code

#615 SCEP PKIOperation InvalidBERException Closed: Fixed None Opened 12 years ago by nkinder.

Metadata

#615 SCEP PKIOperation InvalidBERException

Closed: Fixed None Opened 12 years ago by nkinder.