Project

General

Profile

Actions

Bug #14124

closed

Some blank SAN fields are not ignored when creating a certificate

Added by Mario Jauvin almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
Certificates
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.05
Release Notes:
Default
Affected Version:
2.6.0
Affected Architecture:
amd64

Description

If I add a alternate name

and click save, I get this error:

I am using pfsense 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE


Files

clipboard-202303181704-s0o6q.png (10 KB) clipboard-202303181704-s0o6q.png Mario Jauvin, 03/18/2023 04:04 PM
clipboard-202303181705-cigpe.png (22.9 KB) clipboard-202303181705-cigpe.png Mario Jauvin, 03/18/2023 04:05 PM
clipboard-202303182228-dwpnp.png (22.2 KB) clipboard-202303182228-dwpnp.png Result after adding one 1 SAN entry Mario Jauvin, 03/18/2023 09:28 PM
clipboard-202303311957-pkspm.png (77.1 KB) clipboard-202303311957-pkspm.png Danilo Zrenjanin, 03/31/2023 12:57 PM
Actions #1

Updated by Kris Phillips almost 2 years ago

This doesn't appear to be a bug. You have a FQDN or Hostname entry added as an Alternative Name, but nothing defined in the field. If you select Delete next to the button for the unpopulated field, does it not let you save?

Actions #2

Updated by Mario Jauvin almost 2 years ago

Kris, this is an interesting comment and you are quite true. If I delete the second blank entry in my screen shot the save occurs with the IP address in the SAN list. Here is where I think the bug is. When I fill the type to IP Address and value to 10.0.0.2 and click the green +add button two entries will be created as in the screen shot below:
Result after adding one 1 SAN entry
Whenever I have done similar operations (cannot recall if pfsense or some other networking device web admin) it will always add the row you asked but leave a blank row for adding an extra row that will not be looked at or added if one clicks apply or save. In this case the behaviour is different and it is not clear at all that the second row must be deleted if not required.
In my opinion, the second row should not be added or the message should say that any blank rows should be removed or something to that nature. The first option of not adding the row is preferable I think.
Thanks nonetheless for your response as I am no longer stuck.

Actions #3

Updated by Mario Jauvin almost 2 years ago

I just realized that if I just enter the type of IP address and value of 10.0.0.2 and not click add, just save then 1 SAN entry will be added. This is a bit confusing because the presence of the value field determines whether the SAN entry will be saved or not and this is confusing, at least it confused me. Maybe better documentation on the page would be helpful.

Actions #4

Updated by Jim Pingle over 1 year ago

  • Subject changed from Unable to add IP address to SAN on new certificate to Blank SAN fields are not ignored when creating a certificate
  • Assignee set to Jim Pingle
  • Priority changed from High to Low
  • Target version set to 2.7.0
  • Plus Target Version set to 23.05

The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and it works identically to the same type of form throughout the GUI.

That said, the form could ignore blank entries so users don't get hung up here.

Actions #5

Updated by Mario Jauvin over 1 year ago

Jim Pingle wrote in #note-4:

The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and it works identically to the same type of form throughout the GUI.

That said, the form could ignore blank entries so users don't get hung up here.

Sorry I was not clear. I wasn’t aware that by simply filling the value field when I click save a SAN entry would be created. I thought that in order to create a SAN entry I had to click add, fill in the fields, and when I click saved, it would save one entry.

What made me think this is the fact that the type field is filled in with a default value of FQDN or hostname and that does not cause an entry to be created only if you fill in the value field. You can leave the behavior as is but you should have a message on the page to clarify. 1 message about the behavior on save and another message about only clicking add if you need more than 1 SAN entry. Hope this is clearer.

Actions #6

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #7

Updated by Danilo Zrenjanin over 1 year ago

The patch clarifies the function of add button. I am marking this ticket resolved.

Actions #8

Updated by Jim Pingle over 1 year ago

  • Subject changed from Blank SAN fields are not ignored when creating a certificate to Some blank SAN fields are not ignored when creating a certificate

Updating subject for release notes.

Actions

Also available in: Atom PDF