Project

General

Profile

Bug #7854

OpenVPN Remote Access Server Setup Wizard - Regex too strict

Added by Ryan Skinner 10 months ago. Updated 10 months ago.

Status:
Resolved
Priority:
Very Low
Assignee:
Category:
OpenVPN
Target version:
Start date:
09/11/2017
Due date:
% Done:

100%

Affected Version:
All
Affected Architecture:

Description

In the OpenVPN Remote Access Server Setup Wizard, when trying to input a valid email, "The following input errors were detected:
Please limit Certificate field names to only the following characters: A-Z, a-z, space, underscore, and dash."

Upon removal of any input in E-mail field: "Please enter all information for the new Certificate Authority."

Cannot Add new CA on this screen.

Associated revisions

Revision 00d5594c
Added by Jim Pingle 10 months ago

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

Revision 5311adaa
Added by Jim Pingle 10 months ago

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

(cherry picked from commit 00d5594c737d475abab8e0361bb3ff7f93b98ac8)

History

#1 Updated by Kill Bill 10 months ago

Must be something else than email, that message is for country/state/city/organization.

https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/wizards/openvpn_wizard.inc#L312

#2 Updated by Jim Pingle 10 months ago

  • Category set to OpenVPN
  • Status changed from New to Confirmed
  • Assignee set to Jim Pingle
  • Target version set to 2.4.1
  • Affected Version set to All

In light of #7540 all of that validation probably does need to be revisited soonish. There are relatively few restrictions now, the wizard will need to catch up.

#3 Updated by Jim Pingle 10 months ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle 10 months ago

  • Target version changed from 2.4.1 to 2.4.0

After inspecting the code, this was a bit easier than I expected it to be, so I pushed a fix.

#5 Updated by Jim Pingle 10 months ago

  • Status changed from Feedback to Resolved

The wizard now allows the user to use any characters they want in certificate fields and escapes them properly before creating the CA/Certs, just like the certificate manager does directly.

Also available in: Atom PDF