Project

General

Profile

Actions

Bug #10284

closed

Exporting p12 for CSR causes a crash report

Added by Manuel Piovan over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
Certificates
Target version:
Start date:
02/24/2020
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.x
Affected Architecture:

Description

what i have done:
System / Certificate Manager / Certificates
select "Sign a certificate Signing request"
leave key data empty
save and try to export P12
result in an empty P12 file and a crash report
PHP Errors:
PHP Warning: openssl_pkcs12_export(): cannot get private key from parameter 3 in /usr/local/www/system_certmanager.php on line 209
https://forum.netgate.com/topic/150765/export-p12-pfsense-crash-report

Actions #1

Updated by Jim Pingle over 1 year ago

  • Project changed from pfSense Packages to pfSense
  • Subject changed from exporting p12 causes a crash report to Exporting p12 for CSR causes a crash report
  • Category set to Certificates
  • Target version set to 2.5.0

Looks like P12 export should be disabled either just for CSRs or perhaps for any entry which lacks a key (Which we allow now in certain cases like for PKCS#11). I can't remember if it's valid to reference a PKCS#11 style entry in PKCS#12 archives. Need to look that up.

Actions #2

Updated by Viktor Gurov over 1 year ago

Unfortunately openssl_pkcs12_export() do not allow to create PKCS#12 without private key,
Therefore, we need to hide PKCS#12 export buttons if private key is empty:
https://github.com/pfsense/pfsense/pull/4204

Actions #3

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Pull Request Review
Actions #4

Updated by Renato Botelho over 1 year ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

Actions #5

Updated by Viktor Gurov over 1 year ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200227.1722
works as expected - hides PKCS#12 export icons/buttons if private key does not exist

Actions

Also available in: Atom PDF