Skip Menu |
 

This queue is for tickets about the Crypt-LE CPAN distribution.

Report information
The Basics
Id: 123255
Status: resolved
Priority: 0/
Queue: Crypt-LE

People
Owner: LEADER [...] cpan.org
Requestors: su.00018 [...] cherry.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.27
Fixed in: (no value)



Subject: enhancement to support "old" openssl versions
running on centos 6.x ... dist openssl version says 1.0.1, but those package versions are somewhat deceptive; they contain backported patches for security issues ... so, even though my openssl is ok, i ran into this letsencrypt issue the other night: https://community.letsencrypt.org/t/openssl-bug-information/19591 long story short, their now-stricter asn parser rejects csrs where the x509 version is unset, which happens with some "old" versions of openssl. the current version of crypt::le doesn't handle this, so i had to hack mine to get cert renewal working again. it's a pretty simple fix (although you may want to implement it in a more robust way than i did), i just added the following line to LE.pm, to explicitly set the version, right after line 1432: return _free(k => $pk, r => $req) unless Net::SSLeay::X509_REQ_set_version($req, 0); # version 1 i thought you might want to include something like that in a future release. let me know if you have any questions, etc. and thanks for writing the module in the first place!
Download (untitled) / with headers
text/plain 127b
Thank you for the report. This is a good suggestion indeed, I will have a look and likely make the changes in the next release.
Fixed in v0.28 (Verified on CentOS 6).
From: su.00018 [...] cherry.org
Download (untitled) / with headers
text/plain 107b
On Sun Oct 22 07:00:35 2017, LEADER wrote: Show quoted text
> Fixed in v0.28 (Verified on CentOS 6).
good to know. thanks!


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.