Error generating basic cert after recent CRL change/PR

Question

ryanoasis opened this issue 5 years ago · comments

With the latest changes in master there is now an issue creating openssl certs because of changes in the openss.cnf file.

running: cd basic && make

errors:
Error Loading extension section client_extensions
...
Error Loading extension section server_extensions

I believe it is the 2 lines containing @crlDistributionPoints = URI:CRL@ under server_extensions and client_extensions sections.

This seems to have been introduced in #19

Luke Bakken · Answer 1 · Tue Jan 07 2020 08:55:24 GMT+0800 (China Standard Time)

Could you please let us know what version of OpenSSL you're using and on what operating system?

@ptusch - care to chime in?

I did not run the changes in #19 on many different systems.

Luke Bakken · Answer 2 · Tue Jan 07 2020 10:58:49 GMT+0800 (China Standard Time)

Thanks for the report @ryanoasis . I reverted #19 in bf4dbd4.

The change in #19 failed using this version of OpenSSL:

$ openssl version
OpenSSL 1.1.1d-freebsd  10 Sep 2019

@ptusch - please re-test your pull request and re-submit. Thanks.

Ryan L McIntyre · Answer 3 · Wed Jan 08 2020 01:00:51 GMT+0800 (China Standard Time)

Sure the initial issue was in our Docker container (Alpine Linux v3.10)

Had issues in:

Alpine Linux v3.10 - OpenSSL 1.1.1d 10 Sep 2019
and
macOS - LibreSSL 2.6.5