Hi Petr, I agree that this behaviour is not user friendly. The underlying problem is that the SCEP layer does not make a difference between user or server errors for some issues and so a 500 server error comes back if the backend crashes.
There are some open tickets for improvements (for this particular problem https://github.com/openxpki/openxpki/issues/745) but we did not have the time to work on this. best regards Oliver Am 12.04.20 um 15:44 schrieb Petr Gotthard: > Hello, > > > > I discovered a bit user unfriendly behavior: > > I made a SCEP request to enroll a certificate, but I encrypted it with a > wrong CA certificate. The openxpki returned “500 Internal Server Error” > saying “SCEP Response was empty” in the message body, which is a bit > misleading message. The correct error is was hidden in the openxpki.log, > which said “no recipient matches certificate”. > > > > Is this the right error to be returned in this case? > > > > > > Kind Regards, > > Petr > > > > P.S. This was the openxpki.log > > > > 2020/04/12 13:39:15 ERROR 139915524977088:error:21070073:PKCS7 > routines:PKCS7_dataDecode:no recipient matches > certificate:../crypto/pkcs7/pk7_doit.c:491: > > 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt > error:../crypto/pkcs7/pk7_smime.c:500:message_static_functions.c:221: > decryption failed > > LibSCEP.xs:1197: scep_unwrap failed > > [pid=13596|sid=hQ1P] > > 2020/04/12 13:39:15 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; > __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, > __ERRVAL__ => 139915524977088:error:21070073:PKCS7 > routines:PKCS7_dataDecode:no recipient matches > certificate:../crypto/pkcs7/pk7_doit.c:491: > > 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt > error:../crypto/pkcs7/pk7_smime.c:500: > > message_static_functions.c:221: decryption failed > > LibSCEP.xs:1197: scep_unwrap failed > > [pid=13596|sid=hQ1P] > > 2020/04/12 13:39:15 ERROR Error executing SCEP command 'PKIOperation': > I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => > OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => > 139915524977088:error:21070073:PKCS7 routines:PKCS7_dataDecode:no > recipient matches certificate:../crypto/pkcs7/pk7_doit.c:491: > > 139915524977088:error:21072077:PKCS7 routines:PKCS7_decrypt:decrypt > error:../crypto/pkcs7/pk7_smime.c:500:message_static_functions.c:221: > decryption failed > > LibSCEP.xs:1197: scep_unwrap failed > > [pid=13596|sid=hQ1P] > > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
