Attribute.new missing 'value='
paradisaeidae opened this issue · comments
---snipped---
I'm not sure what is the problem but the standard library for OpenSSL has not really changed in 2.7. We are running the CI on ruby 2.7 and this code path is working fine. Something must be wrong with your setup.
That said, you don't have to use the Acme::Client::CertificateRequest
class. It's an helper method but you could just create a CSR yourself if that easier for you.
Thanks, yes, agreed. It was moi!
Tracked it down to the use of openssl gem 2.2.0.
It appears there is a change to the way:
csr = Acme::Client::CertificateRequest.new(subject: { common_name: domainName }, :private_key=> OpenSSL::PKey::RSA.new(csrPrivPem))
... expects the private key.
Using 2.1.2 this handles p_key as a key object.
Using 2.2.0 Acme::Client::CertificateRequest.new(...) complains no implicit conversion of pkey.
This sent me down the wrong rabbit hole.
There is an issue with finalizing an order using openssl gem 2.2.0 and 'acme-client', '=> 2.0.5'
Reproducible.
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
gem 'faraday', '= 1.0.0'; gem 'openssl', '= 2.2.0' ; gem 'acme-client', '= 2.0.6' # Go BANG
acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in value=' acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in
initialize'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in new' acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in
add_extension'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:93:in block in generate' acme-client-2.0.6/lib/acme/client/certificate_request.rb:81:in
tap'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:81:in generate' acme-client-2.0.6/lib/acme/client/certificate_request.rb:40:in
csr'
forwardable-1.3.1/lib/forwardable.rb:229:in to_der' acme-client-2.0.6/lib/acme/client.rb:124:in
finalize'
acme-client-2.0.6/lib/acme/client/resources/order.rb:23:in `finalize'
There appears to be a change in openssl 2.2.0 which causes this.
A full test case requires a valid order.
I'm using: gem 'faraday', '= 0.9.1'; gem 'openssl', '= 2.1.2' ; gem 'acme-client', '= 2.0.5' to avoid the issue.
I've not delved deeper to work out if openssl 2.2.0 needs adjustment.
Thanks again!