Attribute.new missing 'value='

Question

Attribute.new missing 'value='

paradisaeidae opened this issue 4 years ago · comments

---snipped---

Charles Barbier · Answer 1 · Tue Jun 09 2020 23:39:53 GMT+0800 (China Standard Time)

I'm not sure what is the problem but the standard library for OpenSSL has not really changed in 2.7. We are running the CI on ruby 2.7 and this code path is working fine. Something must be wrong with your setup.

That said, you don't have to use the Acme::Client::CertificateRequest class. It's an helper method but you could just create a CSR yourself if that easier for you.

MarkT · Answer 2 · Wed Jun 10 2020 06:53:10 GMT+0800 (China Standard Time)

Thanks, yes, agreed. It was moi!
Tracked it down to the use of openssl gem 2.2.0.
It appears there is a change to the way:
csr = Acme::Client::CertificateRequest.new(subject: { common_name: domainName }, :private_key=> OpenSSL::PKey::RSA.new(csrPrivPem))
... expects the private key.
Using 2.1.2 this handles p_key as a key object.
Using 2.2.0 Acme::Client::CertificateRequest.new(...) complains no implicit conversion of pkey.
This sent me down the wrong rabbit hole.

There is an issue with finalizing an order using openssl gem 2.2.0 and 'acme-client', '=> 2.0.5'
Reproducible.
ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
gem 'faraday', '= 1.0.0'; gem 'openssl', '= 2.2.0' ; gem 'acme-client', '= 2.0.6' # Go BANG

acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in value=' acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in initialize'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in new' acme-client-2.0.6/lib/acme/client/certificate_request.rb:110:in add_extension'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:93:in block in generate' acme-client-2.0.6/lib/acme/client/certificate_request.rb:81:in tap'
acme-client-2.0.6/lib/acme/client/certificate_request.rb:81:in generate' acme-client-2.0.6/lib/acme/client/certificate_request.rb:40:in csr'
forwardable-1.3.1/lib/forwardable.rb:229:in to_der' acme-client-2.0.6/lib/acme/client.rb:124:in finalize'
acme-client-2.0.6/lib/acme/client/resources/order.rb:23:in `finalize'

There appears to be a change in openssl 2.2.0 which causes this.
A full test case requires a valid order.
I'm using: gem 'faraday', '= 0.9.1'; gem 'openssl', '= 2.1.2' ; gem 'acme-client', '= 2.0.5' to avoid the issue.
I've not delved deeper to work out if openssl 2.2.0 needs adjustment.
Thanks again!