You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fake reproducer: Configure empty JSON in the payload part of the JWK for /acme/acme/challenge/... HTTP call.
Real reproducer: Try to generate device certificate using device attestation on MacOS 15 Beta with INTEL processor with profile configuration attribute HardwareBound=false (link).
Your Environment
OS - MacOS 15 Beta
step-ca Version - v0.26.2
INTEL processor
HardwareBound=false
Expected Behavior
The server should return a client error -> status 400.
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered:
Hi @basovnik, thank you for opening the issue. I have opened a PR with a fix: #1913. Could you give it a try?
The behavior for this error slightly changed to not immediately return the error, but for it to be stored with the challenge object. That way the client should be able to tell that the challenge isn't solved, and should not be retried, as the CA is not going to accept the retry with the same (empty, or wrong) attestation object in the request.
Steps to Reproduce
/acme/acme/challenge/...
HTTP call.HardwareBound=false
(link).Your Environment
step-ca
Version - v0.26.2Expected Behavior
The server should return a client error -> status
400
.Actual Behavior
The server returns internal error -> status
500
.Unexpected error:
error validating challenge: error unmarshalling CBOR: EOF
Log message:
Additional Context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: