Project

General

Profile

Actions
Copy link

Bug #9118

closed

stunnel does not ensure a newline exists between certificate components

Added by Jim Pingle over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
stunnel
Target version:
-
Start date:
11/14/2018
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
All

Description

stunnel wants the private key, certificate, etc all inside a single file. However, it does not ensure that a newline exists between each component. If a user imports a private key without a newline at the end, it can lead to a badly formatted stunnel certificate, for example:

-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY----------BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
Actions
Copy link
 #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Fixed in stunnel pkg version 5.47

Actions
Copy link
 #2

Updated by Steve Wheeler over 5 years ago

  • Status changed from Feedback to Resolved

Tested:

[2.4.4-RELEASE][admin@xtm5.stevew.lan]/root: pkg info -x stunnel
pfSense-pkg-stunnel-5.47_1
stunnel-5.47,1

Imported a cert using a private key with the trailing line feed character (0x0a) removed. Added it to STunnel. The .pem file was created successfully.

Actions
Copy link

Also available in: Atom PDF