Sets invalid CSR version in focal and kinetic

Bug #2004073 reported by Mathias Ertl
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
python-acme (Ubuntu)
Confirmed
Undecided
Unassigned
Focal
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned
python-certbot (Ubuntu)
Confirmed
Undecided
Unassigned
Focal
New
Undecided
Unassigned
Jammy
New
Undecided
Unassigned

Bug Description

Dear Maintainer,

This is a follow up of the matching Debian bug[1].

The python3-acme library included in Ubuntu Focal and Kinetic sets an invalid CSR version 3 when creating CSRs. The issue has been solved upstream in version 1.29.0 and 2.1.0 [2], so Ubuntu Lunar is no longer affected.

The cryptography library implemented validation of the CSR version in 38.0.0 [3], so ACMEv2 server implementations based on this cryptography version no longer work with older versions of certbot (which ofc uses python3-acme).

The PR from the certbot repo[1] gives the (trivial) fix. Several other affected clients also link to the PR. I have verified that applying the patch solves the issue.

kr, Mathias Ertl

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025891
[2] https://github.com/certbot/certbot/pull/9334
[3] https://github.com/pyca/cryptography/issues/7231

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python-acme (Ubuntu):
status: New → Confirmed
Changed in python-certbot (Ubuntu):
status: New → Confirmed
Revision history for this message
Stefano Rivera (stefanor) wrote :

> The python3-acme library included in Ubuntu Focal and Kinetic sets an invalid CSR version 3 when creating CSRs. The issue has been solved upstream in version 1.29.0 and 2.1.0 [2], so Ubuntu Lunar is no longer affected.

I assume you mean focal and jammy. kinetic has 1.29.0-1 .

Revision history for this message
Alex Gaynor (alex-gaynor) wrote :
Revision history for this message
Stefano Rivera (stefanor) wrote :

Aha. Let me combine those.

Revision history for this message
Mathias Ertl (mathiasertl) wrote :

> I assume you mean focal and jammy. kinetic has 1.29.0-1 .

Yes, I of course meant jammy. Sorry for the mixup.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.