certificates and CSR cannot always be verified by openssl

Question

certificates and CSR cannot always be verified by openssl

fmonniot opened this issue 4 years ago · 2 comments

Hello there,

I'm trying to use this library to issue certificates (using ECDSA P-256 algorithm). I though I got something working, but then the generated CSR and leaf certificates can not always be verified by openssl. I tried to find a common cause, but to me it seems the signature is randomly invalid (at least from openssl point of view).

I have put together a reproduction script (should only require npm i @peculiar/x509 @peculiar/webcrypto, typescript and openssl in the path) to be executable. It can be found in this gist: https://gist.github.com/fmonniot/e94ed40e3902415ccb9ca5a1d932297e.

Running this script multiple times yields different results: either the csr is valid, or the end cert is valid, or both, or neither :(

Is there a known format issue with openssl req -verify and x509 -verify commands?

And last but not least, Thank you for writing this library !

Answer 1 · 2021-05-26T17:23:10.000Z

I fixed and published the new version @peculiar/x509@1.3.1

@fmonniot Please try it

Answer 2 · 2021-05-26T17:30:17.000Z

The new version fixed it. Thanks for the prompt bug fix !