Project

General

Profile

Actions

Bug #15062

open

cert_get_all_services doesn't check for unbound cert usage

Added by Josh Stompro about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.1
Affected Architecture:
All

Description

cert_get_all_services in utils.inc doesn't look to see if unbound is using the referenced cert.
https://github.com/pfsense/pfsense/blob/RELENG_2_7_1/src/etc/inc/certs.inc#L1822

This causes a problem because then using cert_restart_services() with the results won't restart unbound.

I see a forum thread from 2020 that might be someone running into this problem.
https://forum.netgate.com/topic/151740/how-to-restart-unbound-on-renew-of-certificate

I'm working on automating cert deployment from an external cert repo, and having one call to restart all related services built in would be nice. It is just missing unbound.

Here is a pfsense shell snipit that shows that the cert refs match, but unbound doesn't show up.

Netgate pfSense Plus shell: print("\ncert ref: ");
print_r($config['cert'][0]['refid']);
print("\nunbound cert ref: ");
print_r($config['unbound']['sslcertref']);
$sslref=$config['cert'][0]['refid'];
cert_get_all_services($sslref);
$services = cert_get_all_services($sslref);
print("\n\nServices with ref\n");
print_r($services);
print("\nRef is in use?: ");
print_r(cert_in_use($sslref));
print("\nUnbound ref is in use check: ");
print_r(is_unbound_cert($sslref));
print("\n\n");
Netgate pfSense Plus shell: exec

cert ref: 656e15639b149
unbound cert ref: 656e15639b149

Services with ref
Array
(
[services] => Array
(
[0] => Array
(
[name] => captiveportal
[extras] => Array
(
[zone] => cpzone
)

)
)
[packages] => Array
(
)
[webgui] => 1
)

Ref is in use?: 1
Unbound ref is in use check: 1

No data to display

Actions

Also available in: Atom PDF