Internal server error for invalid TLS Feature extension

[jsha]

Per https://community.letsencrypt.org/t/improving-revocation-will-lets-encrypt-support-ocsp-must-staple/4334/17, we generate an Internal Server Error for invalid TLS Feature extensions, when we should return an informative message.

[osirisinferi]

https://github.com/letsencrypt/boulder/blob/master/ca/certificate-authority.go#L320 suggests it would generate a proper error in this case..

I haven't got a clue why a invalid TLS Feature extension request results in a urn:acme:error:serverInternal :: The server experienced an internal error :: Error creating new cert.

[jsha]

We have code, in WFE I believe, that takes internal error types like CertificateIssuanceError and turns them into ProblemDetails. Unrecognized error types get turned into InternalServerError. We probably need to return a different error type here, or adjust that transformation to understand this error type.

[jsha]

This is fixed in staging. @osirisinferi, can you verify?

[osirisinferi]

@jsha Yes, it generated a nice error yesterday. Didn't report it, because the issue was already closed. 😛

[JasonSome]

@jsha So, now you can ship it to production and hopefully enable it on the config?

[jsha]

Yes, that is the plan.