Bug #7509
closed
Inconsistent stored line endings in CAs
0%
Description
Hello guys,
First of all, I'm not an expert in certs/security by any means, so please be gentle. Also, I'm using the official Netgate pfSense images on AWS, I'm not 100% sure this applies to pfSense OSS or I should contact Netgate directly.
I am experiencing a very strange issue with the Certificate Manager and line endings of stored CAs:
- I create a CA and two intermediate CAs based on the first using the web interface. Then a couple of certificates based on the intermediate CAs.
- If I download now the crt/key files for the CAs and Certs, I observe that they use LF line endings
- Now I can do an edit of one of the CAs (e.g. its name), apply, then download again the crt/key files. Now I see those being encoded with CRLF line endings.
- The certificates still show the LF line endings if I download them.
- Now it gets really weird: if in some OpenVPN configuration I use the Client Export to get a config file for my clients, the ovpn file ends up with a mix of CRLF and LF line endings, since the CAs now have CRLF endings and Certificates do have LF endings.
I suppose this happens because I can edit the CAs, but the generated Certificates cannot be edited in any way, just be downloaded the crt/key files. Some code in the path from the web form to storage messes up the line endings for CAs.
I have tested this in both 2.3.2 and latest stable 2.3.3 with the AWS Netgate official image.
Regards,
Diego
Updated by 
Updated by 
Updated by Kill Bill 
Updated by