Bug #12528
closedFatal error: Uncaught Exception when adding certificates to CRL
0%
Description
Hello.
We have a CA certificate and i have created a CRL for it. When trying to add certificates to this CRL we get an exception.
Please let me know if you need any more information.
Crash report begins. Anonymous machine information:
amd64
12.2-STABLE
FreeBSD 12.2-STABLE plus-RELENG_21_05_1-n202579-3b8ea9b365a pfSense
Crash report details:
PHP Errors:
[18-Nov-2021 09:20:51 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #33, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:21:03 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:21:50 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:22:31 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:23:37 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:24:20 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, '-1')
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:26:00 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
[18-Nov-2021 09:27:40 Europe/Stockholm] PHP Fatal error: Uncaught Exception: 0xCB9579AB2AC6D64287E5923816E6D660 is not INT in /usr/local/share/openssl_x509_crl/ASN1_INT.php:25
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(114): Ukrbublik\openssl_x509_crl\ASN1_INT->_construct('0xCB9579AB2AC6D...')
#1 /etc/inc/certs.inc(1058): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #13, '0\x82\x04G0\x82\x03/\xA0\x03\x02\x01\x02\x02\x01...')
#2 /etc/inc/certs.inc(1088): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(153): cert_revoke(Array, Array, 0)
#4 {main}
thrown in /usr/local/share/openssl_x509_crl/ASN1_INT.php on line 25
No FreeBSD crash data found.
Updated by Jim Pingle about 3 years ago
- Status changed from New to Rejected
I can't replicate this as stated and there isn't enough information to guess what might be happening in your environment. It looks like the CRL library is having trouble with the serial number on one or more certificate entries, but I have no trouble creating a CRL here with large randomized serial numbers, even on 32-bit ARM.
This site is not for support or diagnostic discussion. Please post on the Netgate Forum and include as much detail as possible about the platform, CA, and certificate entries involved, including if the CA/certs were created on pfSense software or somewhere else. You can redact identifying information but please show details such as the serial number of the certificate(s) you cannot add to the CRL.
See Reporting Issues with pfSense Software for more information.