Bug #14124
closedSome blank SAN fields are not ignored when creating a certificate
100%
Description
If I add a alternate name
and click save, I get this error:
I am using pfsense 2.6.0-RELEASE (amd64)
built on Mon Jan 31 19:57:53 UTC 2022
FreeBSD 12.3-STABLE
Files
Updated by Kris Phillips almost 2 years ago
This doesn't appear to be a bug. You have a FQDN or Hostname entry added as an Alternative Name, but nothing defined in the field. If you select Delete next to the button for the unpopulated field, does it not let you save?
Updated by Mario Jauvin almost 2 years ago
Kris, this is an interesting comment and you are quite true. If I delete the second blank entry in my screen shot the save occurs with the IP address in the SAN list. Here is where I think the bug is. When I fill the type to IP Address and value to 10.0.0.2 and click the green +add button two entries will be created as in the screen shot below:
Whenever I have done similar operations (cannot recall if pfsense or some other networking device web admin) it will always add the row you asked but leave a blank row for adding an extra row that will not be looked at or added if one clicks apply or save. In this case the behaviour is different and it is not clear at all that the second row must be deleted if not required.
In my opinion, the second row should not be added or the message should say that any blank rows should be removed or something to that nature. The first option of not adding the row is preferable I think.
Thanks nonetheless for your response as I am no longer stuck.
Updated by Mario Jauvin almost 2 years ago
I just realized that if I just enter the type of IP address and value of 10.0.0.2 and not click add, just save then 1 SAN entry will be added. This is a bit confusing because the presence of the value field determines whether the SAN entry will be saved or not and this is confusing, at least it confused me. Maybe better documentation on the page would be helpful.
Updated by Jim Pingle over 1 year ago
- Subject changed from Unable to add IP address to SAN on new certificate to Blank SAN fields are not ignored when creating a certificate
- Assignee set to Jim Pingle
- Priority changed from High to Low
- Target version set to 2.7.0
- Plus Target Version set to 23.05
The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and it works identically to the same type of form throughout the GUI.
That said, the form could ignore blank entries so users don't get hung up here.
Updated by Mario Jauvin over 1 year ago
Jim Pingle wrote in #note-4:
The "Add" button adds a new row to the form, it doesn't save or take any other action. It's working as intended and it works identically to the same type of form throughout the GUI.
That said, the form could ignore blank entries so users don't get hung up here.
Sorry I was not clear. I wasn’t aware that by simply filling the value field when I click save a SAN entry would be created. I thought that in order to create a SAN entry I had to click add, fill in the fields, and when I click saved, it would save one entry.
What made me think this is the fact that the type field is filled in with a default value of FQDN or hostname and that does not cause an entry to be created only if you fill in the value field. You can leave the behavior as is but you should have a message on the page to clarify. 1 message about the behavior on save and another message about only clicking add if you need more than 1 SAN entry. Hope this is clearer.
Updated by Jim Pingle over 1 year ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset bfa5cfef8125d4ba07db5aa481fd854978b20c63.
Updated by Danilo Zrenjanin over 1 year ago
- File clipboard-202303311957-pkspm.png clipboard-202303311957-pkspm.png added
- Status changed from Feedback to Resolved
The patch clarifies the function of add button. I am marking this ticket resolved.
Updated by Jim Pingle over 1 year ago
- Subject changed from Blank SAN fields are not ignored when creating a certificate to Some blank SAN fields are not ignored when creating a certificate
Updating subject for release notes.