currectly triggers BadSignatureAlgorithmProblem at JWS parse time#492
Merged
Conversation
aarongable
reviewed
May 1, 2025
aarongable
previously approved these changes
May 5, 2025
Co-authored-by: Aaron Gable <aaron@aarongable.com>
aarongable
approved these changes
May 6, 2025
Contributor
aarongable
left a comment
aarongable
left a comment
There was a problem hiding this comment.
LGTM; waiting on second review+approval.
mcpherrinm
approved these changes
May 7, 2025
kwatson
added a commit
to kwatson/letsencrypt-pebble
that referenced
this pull request
Jun 9, 2025
* 'main' of https://github.com/letsencrypt/pebble: (35 commits) add overriding of ARI response (letsencrypt#501) wfe: fix a race in `orderForDisplay` (letsencrypt#500) Bump golang.org/x/ dependencies (letsencrypt#499) currectly triggers BadSignatureAlgorithmProblem at JWS parse time (letsencrypt#492) use newer validation subdomain for dns-account-01 (fix CI eggsampler/acme error) (letsencrypt#498) Orders don't have a "deactivated" status. (letsencrypt#301) Update golangci-lint (letsencrypt#488) build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (letsencrypt#487) Truncate ARI timestamps to millisecond resolution (letsencrypt#485) return logical and compliant ARI windows for expiring certs (letsencrypt#484) Update dependencies (letsencrypt#481) docs: rm mention of subproblems being unimpl'd (letsencrypt#479) Fix(NOISSUE): Fix docker compose file example in README.md (letsencrypt#475) Add support for ACME Profiles (letsencrypt#473) Simplify KU, EKU, and SKID fields of issued certs (letsencrypt#472) Update golangci-lint to 1.60.2 (letsencrypt#474) Update /x/net for compatibility with go1.23 (letsencrypt#470) Reject extra command line args and fix README invocation (letsencrypt#467) Document exposing API and management ports when not using docker-compose.yaml (letsencrypt#465) Implement latest draft-ietf-acme-ari spec (letsencrypt#461) ...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pebble didn't have badSignatureAlgorithm error, while RFC8555 section 6.2 mandates it.
jws parse time check for bad algorithm is needed because same as jose.parsesigned refuese to parse without algolist(which is good thing) so error already thrown at that time and we need to catch this type of error there.
see related boulder PR
letsencrypt/boulder#8091