-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSR with 'BEGIN NEW CERTIFICATE REQUEST' no longer accepted #6340
Labels
Comments
OpenSSL supports two old PEM headers:
|
fixed in #6356 |
martinpitt
added a commit
to martinpitt/bots
that referenced
this issue
Oct 19, 2021
FreeIPA 4.9.7 in Rawhide removed support for XML-RPC in PKI. This breaks compatibility with various client-side packages like certmonger [1] or python-cryptography [2], which makes ipa-getcert fail[3]. These issues won't be fixed in all our stable OSes anytime soon. Until then, move to the more conservative centos-8-stream variant, so that we can continue testing FreeIPA on all OSes. [1] https://pagure.io/certmonger/issue/223 [2] pyca/cryptography#6340 [3] https://bugzilla.redhat.com/show_bug.cgi?id=2015102
martinpitt
added a commit
to martinpitt/bots
that referenced
this issue
Oct 19, 2021
FreeIPA 4.9.7 in Rawhide removed support for XML-RPC in PKI. This breaks compatibility with various client-side packages like certmonger [1] or python-cryptography [2], which makes ipa-getcert fail[3]. These issues won't be fixed in all our stable OSes anytime soon. Until then, move to the more conservative centos-8-stream variant, so that we can continue testing FreeIPA on all OSes. [1] https://pagure.io/certmonger/issue/223 [2] pyca/cryptography#6340 [3] https://bugzilla.redhat.com/show_bug.cgi?id=2015102
martinpitt
added a commit
to cockpit-project/bots
that referenced
this issue
Oct 19, 2021
FreeIPA 4.9.7 in Rawhide removed support for XML-RPC in PKI. This breaks compatibility with various client-side packages like certmonger [1] or python-cryptography [2], which makes ipa-getcert fail[3]. These issues won't be fixed in all our stable OSes anytime soon. Until then, move to the more conservative centos-8-stream variant, so that we can continue testing FreeIPA on all OSes. [1] https://pagure.io/certmonger/issue/223 [2] pyca/cryptography#6340 [3] https://bugzilla.redhat.com/show_bug.cgi?id=2015102
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Since cryptography 35.0.0, CSRs with
BEGIN NEW CERTIFICATE REQUEST
instead ofBEGIN CERTIFICATE REQUEST
are no longer accepted.Example CSR:
The text was updated successfully, but these errors were encountered: