https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162010-09-23T11:38:24ZpfSense bugtrackerpfSense - Bug #905: OpenVPN certificate manager uses incorrect key lengthhttps://redmine.pfsense.org/issues/905?journal_id=32672010-09-23T11:38:24ZJim Pingle
<ul></ul><p>This can also be verified by using standard OpenSSL commands:</p>
<pre>$ openssl rsa -noout -text -in CA4096.key
Private-Key: (1024 bit)
[...]</pre>
<pre>$ openssl x509 -noout -text -in CA4096.crt
[...]
RSA Public Key: (1024 bit)
Modulus (1024 bit):</pre>
<p>We do appear to be passing the correct parameters to openssl_csr_new() and openssl_csr_sign(), and casting with (int) as recommended in the PHP docs (<a class="external" href="http://php.net/manual/en/function.openssl-csr-new.php">http://php.net/manual/en/function.openssl-csr-new.php</a>), but what we get back is always 1024. It will need some more experimentation to narrow down.</p> pfSense - Bug #905: OpenVPN certificate manager uses incorrect key lengthhttps://redmine.pfsense.org/issues/905?journal_id=32682010-09-23T11:47:49ZJim Pingle
<ul></ul><p>Looks like the key length wasn't also being passed to openssl_pkey_new. I'll be committing a fix shortly.</p> pfSense - Bug #905: OpenVPN certificate manager uses incorrect key lengthhttps://redmine.pfsense.org/issues/905?journal_id=32692010-09-23T11:50:07ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Pass args to openssl_pkey_new() so it gets the key length too. Fixes #905" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/838e27bf24f54735795387800ce2d43662f3cc81">838e27bf24f54735795387800ce2d43662f3cc81</a>.</p> pfSense - Bug #905: OpenVPN certificate manager uses incorrect key lengthhttps://redmine.pfsense.org/issues/905?journal_id=33102010-10-01T16:16:56ZAndreas Bochem
<ul></ul><p>Confirm certs are now created with the correct key length as chosen in the gui.<br />Tested on Snapshot from Fri Oct 1 07:58:19 UTC 2010, amd64, full install.</p> pfSense - Bug #905: OpenVPN certificate manager uses incorrect key lengthhttps://redmine.pfsense.org/issues/905?journal_id=33122010-10-01T16:24:40ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>