Deleting an external CA wipes certificates in use
This is beyond uncool. When I accidentally deleted an external (intermediate) CA cert from the CAs tab, it wiped the certificate used for WebGUI -- no questions asked, no "in use" check done, nothing.
When deleting a CA, do not delete all certificates from this CA, only remove the CA reference from certificates that used this CA, as the relationship can be rebuilt if needed. Also, prevent in-use CAs from being deleted and print a list of places a CA is used, similar to the output on certificates. Fixes #6947
#4 Updated by Kill Bill about 4 years ago
Looks pretty good. CA in use detection works (tested with OpenVPN server, IPsec and LDAP), plus can no longer be deleted. Tried deleting one of the CAs that not "in use", certificates remained there.
One thing you seem to have missed is checking for "CA in use" case for the WebGUI.
#5 Updated by Jim Pingle about 4 years ago
That would require some more work to detect if it's the GUI cert's issuer, and the GUI cert could be self-signed, since there is not a separate field to pick the CA for the GUI cert. There were a couple similar cases like that which could use some more thought but felt out of scope here for the moment.
#7 Updated by Jim Pingle about 4 years ago
The cert case is much simpler since there is a field for that directly. All the code has to check for is that the cert's reference ID is used directly. The other fields that are checked for CA are where it can be chosen specifically (OpenVPN server/client, LDAP auth server peer CA entry, IPsec P1 peer CA entry) where all it has to do is check the CA reference ID in the same way.
The trickier cases are when the CA is assumed or calculated based on the selected certificate. I could see intermediates falling into the same trap. The necessary logic gets rather complicated fast in that area, so in the interest of fixing the more dangerous issue I hit the low-hanging fruit for the time being. :-)