Project

General

Profile

Actions

Feature #15059

closed

openvpn server ed25519 certificate

Added by Fold right about 1 year ago. Updated about 1 year ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default

Description

OpenVPN server web-page will not list in the drop-down for Server certificates, a properly imported certificate, if the signing algorithm is Ed25519 .
The certificate is signed by an external CA, which is also properly imported in PfSense.
Looking at certs.inc, cert_check_pkey_compatibility function does some filtering which excludes Ed25519, however the Ed25519 Server Certificate was imported when the test pfsense system was at 2.7.0 and with that version, the OpenVPN server configuration web-page did list the Ed25519 certificates in the Server Certificate drop-down,
I was able to start the OpenVPN server again, by manually modifying /conf/config.xml and setting the OpenVPN server cert ref to the Ed25519 cert hash (no surprise - the GUI will not recognize the value).


Related issues

Is duplicate of Feature #14762: Support X25519 and X448 public key algorithms in certificatesNew

Actions
Actions #1

Updated by Jim Pingle about 1 year ago

  • Tracker changed from Bug to Feature
  • Status changed from New to Duplicate
  • Affected Version deleted (2.7.1)
  • Affected Architecture deleted (amd64)

Duplicate of #14762

Actions #2

Updated by Jim Pingle about 1 year ago

  • Is duplicate of Feature #14762: Support X25519 and X448 public key algorithms in certificates added
Actions

Also available in: Atom PDF