Project

General

Profile

Bug #7854

OpenVPN Remote Access Server Setup Wizard - Regex too strict

Added by Ryan Skinner over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Very Low
Assignee:
Jim Pingle
Category:
OpenVPN
Target version:
2.4.0
Start date:
09/11/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

In the OpenVPN Remote Access Server Setup Wizard, when trying to input a valid email, "The following input errors were detected:
Please limit Certificate field names to only the following characters: A-Z, a-z, space, underscore, and dash."

Upon removal of any input in E-mail field: "Please enter all information for the new Certificate Authority."

Cannot Add new CA on this screen.

Associated revisions

Revision 00d5594c (diff)
Added by Jim Pingle over 2 years ago

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

Revision 5311adaa (diff)
Added by Jim Pingle over 2 years ago

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

(cherry picked from commit 00d5594c737d475abab8e0361bb3ff7f93b98ac8)

History

#1 Updated by Kill Bill over 2 years ago

Must be something else than email, that message is for country/state/city/organization.

https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/wizards/openvpn_wizard.inc#L312

#2 Updated by Jim Pingle over 2 years ago

  • Category set to OpenVPN
  • Status changed from New to Confirmed
  • Assignee set to Jim Pingle
  • Target version set to 2.4.1
  • Affected Version set to All

In light of #7540 all of that validation probably does need to be revisited soonish. There are relatively few restrictions now, the wizard will need to catch up.

#3 Updated by Jim Pingle over 2 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle over 2 years ago

  • Target version changed from 2.4.1 to 2.4.0

After inspecting the code, this was a bit easier than I expected it to be, so I pushed a fix.

#5 Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

The wizard now allows the user to use any characters they want in certificate fields and escapes them properly before creating the CA/Certs, just like the certificate manager does directly.

Also available in: Atom PDF