Bug #7854
OpenVPN Remote Access Server Setup Wizard - Regex too strict
100%
Description
In the OpenVPN Remote Access Server Setup Wizard, when trying to input a valid email, "The following input errors were detected:
Please limit Certificate field names to only the following characters: A-Z, a-z, space, underscore, and dash."
Upon removal of any input in E-mail field: "Please enter all information for the new Certificate Authority."
Cannot Add new CA on this screen.
Associated revisions
Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.
(cherry picked from commit 00d5594c737d475abab8e0361bb3ff7f93b98ac8)
History
#1
Updated by Kill Bill over 3 years ago
Must be something else than email, that message is for country/state/city/organization.
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/wizards/openvpn_wizard.inc#L312
#2
Updated by Jim Pingle over 3 years ago
- Category set to OpenVPN
- Status changed from New to Confirmed
- Assignee set to Jim Pingle
- Target version set to 2.4.1
- Affected Version set to All
In light of #7540 all of that validation probably does need to be revisited soonish. There are relatively few restrictions now, the wizard will need to catch up.
#3
Updated by Jim Pingle over 3 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset 00d5594c737d475abab8e0361bb3ff7f93b98ac8.
#4
Updated by Jim Pingle over 3 years ago
- Target version changed from 2.4.1 to 2.4.0
After inspecting the code, this was a bit easier than I expected it to be, so I pushed a fix.
#5
Updated by Jim Pingle over 3 years ago
- Status changed from Feedback to Resolved
The wizard now allows the user to use any characters they want in certificate fields and escapes them properly before creating the CA/Certs, just like the certificate manager does directly.
Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.