Package: python3-acme
Version: 1.12.0-2
Severity: important
Tags: patch upstream
X-Debbugs-Cc: [email protected]
Dear Maintainer,
x
The python3-acme library included in Debian stable sets an invalid CSR version
3 when creating CSRs. The issue has been solved upstream in version 1.29.0 and
2.1.0 [1], so Debian testing/unstable are no longer affected. Ubuntu versions
22.04 LTS and earlier are also affected.
The cryptography library implemented validation of the CSR version in
38.0.0 [2], so ACMEv2 server implementations based on this cryptography
version no longer work with older versions of certbot (which ofc uses
python3-acme).
The PR from the certbot repo[1] gives the (trivial) fix. Several other
affected clients also link to the PR. I have verified that applying the patch
solves the issue.
[1] https://github.com/certbot/certbot/pull/9334
[2] https://github.com/pyca/cryptography/issues/7231
-- System Information:
Debian Release: 11.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.0-56-generic (SMP w/8 CPU threads)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages python3-acme depends on:
ii ca-certificates 20210119
ii python3 3.9.2-3
ii python3-cryptography 3.3.2-1
ii python3-josepy 1.2.0-2
ii python3-openssl 20.0.1-1
ii python3-pkg-resources 52.0.0-4
ii python3-requests 2.25.1+dfsg-2
ii python3-requests-toolbelt 0.9.1-1
ii python3-rfc3339 1.1-2
ii python3-six 1.16.0-2
ii python3-tz 2021.1-1
python3-acme recommends no packages.
Versions of packages python3-acme suggests:
pn python-acme-doc <none>
-- no debconf information
