crypto/x509: missing support for EC parameter encoding #16660
Labels
FrozenDueToAge
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
LetsEncrypt's "Boulder" server, the backend for processing CSRs, apparently uses
and specifically
If a CSR submitted to LetsEncrypt service references a PrivKey that has ec parameters explicitly encoded, e.g.,
, perfectly valid under Openssl, the Boulder server process fails with a server error
This is claimed as a result of GoLang's X509 pkg lacking support
Despite their befuddling insistence that
it'll be useful for GoLang's X509 pkg to implement feature parity with Openssl in supporting the explicit parameter encoding
More detail's provided in the original bug post there
Certbot “Exiting abnormally” if CSR uses PrivKey with ec parameters encoded (=param_enc explicit)
https://community.letsencrypt.org/t/certbot-exiting-abnormally-if-csr-uses-privkey-with-ec-parameters-encoded-param-enc-explicit/18814
I can provide additional info here as requested
The text was updated successfully, but these errors were encountered: