Add override for CSR request->response subject mismatch
Just a bit of bug checking and the code that I mentioned on the mailing list will be ready (I am waiting on my CA to issue another cert).
Thoughts: another way (the proper way) to check whether a CSR and CERT match without checking the subjects.
Compare the outputs of:
openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5
#2 Updated by Yehuda Katz about 8 years ago
What I meant to say there is this patch fixes the problem.
I am working on a patch that will actually completely work around the problem by checking the modulus of the request and the response.
Also, I am not sure what happened to diff that the patch does not show up properly. Anyone know?
#3 Updated by Yehuda Katz about 8 years ago
Better than a patch: I did a merge request on https://rcs.pfsense.org/projects/pfsense/repos/yakatz-sandbox/commits/e2e934e0c976bae835b58de7c2595666ad59d2a0
#9 Updated by Jim Pingle about 8 years ago
Yehuda - That option is only available to users with certain levels of access here. If you want to just add a note on the ticket with the % done you want, someone with access can change that for you. It's at 80% now.
On an unrelated note, when this is complete, ticket #1318 can also be closed since this will fix the problem.