Project

General

Profile

Actions
Copy link

Bug #12528

closed

Fatal error: Uncaught Exception when adding certificates to CRL

Added by Chriss E over 2 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

Hello.

We have a CA certificate and i have created a CRL for it. When trying to add certificates to this CRL we get an exception.

Please let me know if you need any more information.

Crash report begins. Anonymous machine information:

amd64
12.2-STABLE
FreeBSD 12.2-STABLE plus-RELENG_21_05_1-n202579-3b8ea9b365a pfSense

Crash report details:

PHP Errors:
[18-Nov-2021 09:20:51 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #33, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:21:03 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:21:50 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:22:31 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:23:37 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:24:20 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:26:00 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:27:40 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25

No FreeBSD crash data found.

Actions
Copy link
 #1

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Rejected

I can't replicate this as stated and there isn't enough information to guess what might be happening in your environment. It looks like the CRL library is having trouble with the serial number on one or more certificate entries, but I have no trouble creating a CRL here with large randomized serial numbers, even on 32-bit ARM.

This site is not for support or diagnostic discussion. Please post on the Netgate Forum and include as much detail as possible about the platform, CA, and certificate entries involved, including if the CA/certs were created on pfSense software or somewhere else. You can redact identifying information but please show details such as the serial number of the certificate(s) you cannot add to the CRL.

See Reporting Issues with pfSense Software for more information.

Actions
Copy link

Also available in: Atom PDF