Project

General

Profile

Bug #10284

Exporting p12 for CSR causes a crash report

Added by Manuel Piovan 8 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Category:
Certificates
Target version:
Start date:
02/24/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.5.x
Affected Architecture:

Description

what i have done:
System / Certificate Manager / Certificates
select "Sign a certificate Signing request"
leave key data empty
save and try to export P12
result in an empty P12 file and a crash report
PHP Errors:
PHP Warning: openssl_pkcs12_export(): cannot get private key from parameter 3 in /usr/local/www/system_certmanager.php on line 209
https://forum.netgate.com/topic/150765/export-p12-pfsense-crash-report

Associated revisions

Revision 2e4372e3 (diff)
Added by Viktor Gurov 8 months ago

Hide PKCS#12 export if private key is empty. Issue #10284

History

#1 Updated by Jim Pingle 8 months ago

  • Project changed from pfSense Packages to pfSense
  • Subject changed from exporting p12 causes a crash report to Exporting p12 for CSR causes a crash report
  • Category set to Certificates
  • Target version set to 2.5.0

Looks like P12 export should be disabled either just for CSRs or perhaps for any entry which lacks a key (Which we allow now in certain cases like for PKCS#11). I can't remember if it's valid to reference a PKCS#11 style entry in PKCS#12 archives. Need to look that up.

#2 Updated by Viktor Gurov 8 months ago

Unfortunately openssl_pkcs12_export() do not allow to create PKCS#12 without private key,
Therefore, we need to hide PKCS#12 export buttons if private key is empty:
https://github.com/pfsense/pfsense/pull/4204

#3 Updated by Jim Pingle 8 months ago

  • Status changed from New to Pull Request Review

#4 Updated by Renato Botelho 8 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#5 Updated by Viktor Gurov 8 months ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200227.1722
works as expected - hides PKCS#12 export icons/buttons if private key does not exist

Also available in: Atom PDF