Bug #2233
closedCertificate Manager CSR validator decreases key length on error
100%
Description
Observed on the 16 February 2012 snapshot, i386 nanobsd version, running on a Soekris net4801.
Go to System -> Cert Manager -> Certificates.
Set Method: Create a Certificate Signing Request.
Notice the default Key Length is 2048 bits.
Now create a CSR that is invalid. A quick 'n' easy way to do this is to immediately click "Save".
Now notice that the Key Length has decreased to 512 bits for no apparent reason.
I tried something similar to create an internal CA and I didn't see this bug; in other words, the Key Length correctly remained at 2048 bits even after my inputs were rejected.
Updated by Erik Fonnesbeck almost 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset b805ef90ef6d0093f0d97c0dddea32193efbe949.
Updated by Bruce Mah almost 13 years ago
Thanks for the quick fix! I'll be happy to test that in the next snapshot and report back.
Not being familiar with the bug-fixing workflow for this project, is there anything else that I as a user should be doing at this point?
Updated by Chris Buechler almost 13 years ago
Our general workflow is after a fix is committed, the ticket goes to Feedback, and once either the submitter or another committer, or someone we know has a high degree of clue verifies, it goes to Resolved.
You're on nanobsd so I don't think you'll be able to gitsync, but FYI you can sync from git between snapshots.
http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots
or just manually scp the changed file(s) over, test that, and confirm. Since we don't have a snapshot builder going regularly yet, it may be a few days before a new build is up.
Updated by Bruce Mah almost 13 years ago
I have tested this functionality on a 28 February snapshot and it is now behaving as expected (that is, the key length is correctly preserved when inputs to a CSR fail validation). Thanks for the fix!
Updated by Jim Pingle almost 13 years ago
- Status changed from Feedback to Resolved
You're welcome - thanks for the feedback :-)