Proxmox/pve-common
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-common.git synced 2025-01-06 21:17:37 +03:00
Code Releases Activity

cert: fix invalid CSR version

Browse Source 
According to rfc2986 the only valid version is 0. No newer rfc changed
that.
See section 4.1:
https://www.rfc-editor.org/rfc/rfc2986#section-4.1

Manually verifying the CSR with openssl results in the following error:
```
$ openssl req -in bad.csr -text -noout
Certificate Request:
    Data:
        Version: Unknown (2)
```

Signed-off-by: Mira Limbeck <m.limbeck@proxmox.com>
This commit is contained in:
Mira Limbeck 2023-03-31 18:12:24 +02:00 committed by Fabian Grünbichler
parent 4cb946a81c
commit 8ebb0f82ac
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/PVE/Certificate.pm
View File

@ -430,7 +430,7 @@ sub generate_csr {
$cleanup->("Failed to set public key\n") if !Net::SSLeay::X509_REQ_set_pubkey($req, $pk);
$cleanup->("Failed to set CSR version\n") if !Net::SSLeay::X509_REQ_set_version($req, 2);
$cleanup->("Failed to set CSR version\n") if !Net::SSLeay::X509_REQ_set_version($req, 0);
$cleanup->("Failed to sign CSR\n") if !Net::SSLeay::X509_REQ_sign($req, $pk, $md);