Bug #123255 for Crypt-LE: enhancement to support "old" openssl versions

Thu Oct 12 09:54:27 2017 su.00018 [...] cherry.org - Ticket created

Subject:

enhancement to support "old" openssl versions

running on centos 6.x ... dist openssl version says 1.0.1, but those package versions are somewhat deceptive; they contain backported patches for security issues ... so, even though my openssl is ok, i ran into this letsencrypt issue the other night: https://community.letsencrypt.org/t/openssl-bug-information/19591 long story short, their now-stricter asn parser rejects csrs where the x509 version is unset, which happens with some "old" versions of openssl. the current version of crypt::le doesn't handle this, so i had to hack mine to get cert renewal working again. it's a pretty simple fix (although you may want to implement it in a more robust way than i did), i just added the following line to LE.pm, to explicitly set the version, right after line 1432: return _free(k => $pk, r => $req) unless Net::SSLeay::X509_REQ_set_version($req, 0); # version 1 i thought you might want to include something like that in a future release. let me know if you have any questions, etc. and thanks for writing the module in the first place!

Thu Oct 12 16:27:08 2017 LEADER [...] cpan.org - Taken

Thu Oct 12 16:30:04 2017 LEADER [...] cpan.org - Correspondence added

Thank you for the report. This is a good suggestion indeed, I will have a look and likely make the changes in the next release.

Thu Oct 12 16:30:04 2017 The RT System itself - Status changed from 'new' to 'open'

Sun Oct 22 07:00:35 2017 LEADER [...] cpan.org - Correspondence added

Fixed in v0.28 (Verified on CentOS 6).

Sun Oct 22 07:00:36 2017 LEADER [...] cpan.org - Status changed from 'open' to 'resolved'

Sun Oct 22 07:59:36 2017 su.00018 [...] cherry.org - Correspondence added

From:

su.00018 [...] cherry.org

On Sun Oct 22 07:00:35 2017, LEADER wrote: Show quoted text

> Fixed in v0.28 (Verified on CentOS 6).

good to know. thanks!