Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x509: unhandled critical extension #431

Closed
jaredallard opened this issue Jun 14, 2024 · 2 comments
Closed

x509: unhandled critical extension #431

jaredallard opened this issue Jun 14, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@jaredallard
Copy link

jaredallard commented Jun 14, 2024

What happened: Attempted to sign (and attach the fullchain), which resulted in the following error:

failed to verify certificate chain: x509: unhandled critical extension

What you expected to happen: Either sign/notarization or attach-fullchain to succeed

How to reproduce it (as minimally and precisely as possible):

  1. Create a Developer ID Installer certificate from https://developer.apple.com/account/resources/certificates/add
  2. Import into Keychain, export by selecting top-level certificate and private key
  3. Run go run github.com/anchore/quill/cmd/quill@latest p12 describe <p12> with success
  4. Run go run github.com/anchore/quill/cmd/quill@latest p12 attach-chain <p12> with failure

Anything else we need to know?: It's totally possible I'm doing something wrong here...

Environment:

  • Output of version command: v0.4.1 (go version go1.22.4 darwin/arm64)
  • OS (e.g: cat /etc/os-release or similar): uname -a: Darwin pikachu.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000 arm64
@jaredallard jaredallard added the bug Something isn't working label Jun 14, 2024
@jaredallard
Copy link
Author

Initial thoughts are that this could be due to extension 1.2.840.113635.100.6.1.14 being marked as critical?

@jaredallard
Copy link
Author

Ah, okay, the issue here was a I used a Developer ID Installer certificate instead of a Developer ID Application. The docs I followed from goreleaser were wrong. Apologies for the noise!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
Archived in project
Development

No branches or pull requests

1 participant