Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
crypto/x509: missing support for EC parameter encoding #16660
LetsEncrypt's "Boulder" server, the backend for processing CSRs, apparently uses
If a CSR submitted to LetsEncrypt service references a PrivKey that has ec parameters explicitly encoded, e.g.,
, perfectly valid under Openssl, the Boulder server process fails with a server error
This is claimed as a result of GoLang's X509 pkg lacking support
Despite their befuddling insistence that
it'll be useful for GoLang's X509 pkg to implement feature parity with Openssl in supporting the explicit parameter encoding
More detail's provided in the original bug post there
Certbot “Exiting abnormally” if CSR uses PrivKey with ec parameters encoded (=param_enc explicit)
I can provide additional info here as requested
I don't believe that we want to support this. Arbitrary EC curves were an old, excessive generality and Go doesn't have generic EC code in any case. Sometimes the explicit parameters happen to match a well-known curve and we could recognise those, but then it's just a waste of bytes and the generating code should have used a named curve instead.