Project

General

Profile

Bug #9118

stunnel does not ensure a newline exists between certificate components

Added by Jim Pingle 7 months ago. Updated 6 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
stunnel
Target version:
-
Start date:
11/14/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:
All

Description

stunnel wants the private key, certificate, etc all inside a single file. However, it does not ensure that a newline exists between each component. If a user imports a private key without a newline at the end, it can lead to a badly formatted stunnel certificate, for example:

-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY----------BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----

History

#1 Updated by Jim Pingle 7 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Fixed in stunnel pkg version 5.47

#2 Updated by Steve Wheeler 6 months ago

  • Status changed from Feedback to Resolved

Tested:

[2.4.4-RELEASE][admin@xtm5.stevew.lan]/root: pkg info -x stunnel
pfSense-pkg-stunnel-5.47_1
stunnel-5.47,1

Imported a cert using a private key with the trailing line feed character (0x0a) removed. Added it to STunnel. The .pem file was created successfully.

Also available in: Atom PDF