https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162018-01-12T13:32:42ZpfSense bugtrackerpfSense - Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selectedhttps://redmine.pfsense.org/issues/8275?journal_id=355562018-01-12T13:32:42ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Certificate SAN (Subject Alternative Name) generated incorrectly for IP addresses</i> to <i>Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selected</i></li><li><strong>Assignee</strong> set to <i>Jim Pingle</i></li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>Very Low</i></li><li><strong>Affected Version</strong> set to <i>All</i></li></ul><p>The user specifies the SAN type when making entries in the SAN list. If you choose "IP Address" it makes proper entries.</p>
<p>The only case for a bug here is that input validation doesn't reject an IP address made using the "FQDN or Hostname" selection.</p>
<p>You can work around your issue by properly selecting "IP Address" for the Type field in the Alternative Names list when creating a certificate.</p> pfSense - Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selectedhttps://redmine.pfsense.org/issues/8275?journal_id=355572018-01-12T13:56:40ZJim Pingle
<ul><li><strong>Target version</strong> set to <i>2.4.3</i></li><li><strong>Affected Architecture</strong> <i>All</i> added</li><li><strong>Affected Architecture</strong> deleted (<del><i></i></del>)</li></ul> pfSense - Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selectedhttps://redmine.pfsense.org/issues/8275?journal_id=355592018-01-12T14:03:34ZMahmoud Al-Qudsi
<ul></ul><p>I'm sorry, I completely missed that there's a dropdown that can be used to specify the record type.</p> pfSense - Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selectedhttps://redmine.pfsense.org/issues/8275?journal_id=355602018-01-12T14:10:08ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is s..." href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3">19a1cf348b07dbaf8fe4d81b8cfc8292b61fd8c3</a>.</p> pfSense - Bug #8275: Input validation for Certificate SAN (Subject Alternative Name) allows IP addresses to be entered when FQDN/Hostname is selectedhttps://redmine.pfsense.org/issues/8275?journal_id=358452018-02-15T13:49:23ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>Input validation works properly now, an IP address is rejected when FQDN is selected.</p>