Project

General

Profile

Actions

Bug #7509

closed

Inconsistent stored line endings in CAs

Added by Diego Louzán over 7 years ago. Updated over 7 years ago.

Status:
Needs Patch
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
-
Start date:
05/03/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Hello guys,

First of all, I'm not an expert in certs/security by any means, so please be gentle. Also, I'm using the official Netgate pfSense images on AWS, I'm not 100% sure this applies to pfSense OSS or I should contact Netgate directly.

I am experiencing a very strange issue with the Certificate Manager and line endings of stored CAs:

- I create a CA and two intermediate CAs based on the first using the web interface. Then a couple of certificates based on the intermediate CAs.
- If I download now the crt/key files for the CAs and Certs, I observe that they use LF line endings
- Now I can do an edit of one of the CAs (e.g. its name), apply, then download again the crt/key files. Now I see those being encoded with CRLF line endings.
- The certificates still show the LF line endings if I download them.
- Now it gets really weird: if in some OpenVPN configuration I use the Client Export to get a config file for my clients, the ovpn file ends up with a mix of CRLF and LF line endings, since the CAs now have CRLF endings and Certificates do have LF endings.

I suppose this happens because I can edit the CAs, but the generated Certificates cannot be edited in any way, just be downloaded the crt/key files. Some code in the path from the web form to storage messes up the line endings for CAs.

I have tested this in both 2.3.2 and latest stable 2.3.3 with the AWS Netgate official image.

Regards,
Diego

Actions

Also available in: Atom PDF