On Fri, Apr 08, 2016 at 10:14:15AM +0200, Enrico Zini wrote: > The error is reproducible while running a checkout of debsso locally on > a ./manage.py runserver. See README for dependencies, and > django-oauth-toolkit and django-cors-headers are now at least in Debian > testing. > > I ran it locally and this is the openssl error: > > /usr/bin/openssl spkac -in /tmp/tmp4IATDN/spkac -verify failed with error 1 > stderr: > Error loading SPKAC 140607590233752:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157: 140607590233752:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1187: 140607590233752:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:374:Type=NETSCAPE_SPKI Summary of some discussion on #debian-devel (thanks kaeso): - http://echelog.com/logs/browse/chromium/1457996400 (searching spkac in the page) has people talking about it - http://blog.chromium.org/2016/02/chrome-49-beta-css-custom-properties.html "Keygen and application/x-x509-user-cert" - https://bugs.chromium.org/p/chromium/issues/detail?id=514767 So, chrome just went and removed support for it. It now just silently fails. It can be reenabled somehow, but then the key is not pushed into the browser keystore, but only downloaded. No viable alternative suggested to what they just removed. Which is fine, I guess, for someone living in an ecosystem where «authentication via "log in with your Google or Facebook account"» is all your users would ever need. I guess I should stop writing here, as at the moment I can think of a lot of things to write, but nothing constructive among them. Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
Attachment:
signature.asc
Description: PGP signature