SG-3100 notification after update 21.02
-
Hi,
this morning after login I've got this bad news:Certificate Manager The following CA/Certificate entries are expiring: .... ALL!
It's not possible:
until: Sat, 18 Mar 1916 14:33:20 +0100
what's can be done to restore them?
-
@summer Hi,
There is a regression
https://redmine.pfsense.org/issues/11504Yann
-
And it proses a solution :
@yanntko said in SG-3100 notification after update 21.02:https://redmine.pfsense.org/issues/11504
-
I've followed this guide:
[https://docs.netgate.com/pfsense/en/latest/development/system-patches.html](link url)added a patch with:
description: fix data cert su arm32 url: https://github.com/pfsense/pfsense/commit/bdaa35dcf31def521ba8c60c0aa9c41bf5005311.patch path strip count: 2 base directory: / ignore whitespace: yes
but result in this:
/usr/bin/patch --directory=/ -t -p2 -i /var/patches/6040bbebd1153.patch --check --forward --ignore-whitespace Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |From bdaa35dcf31def521ba8c60c0aa9c41bf5005311 Mon Sep 17 00:00:00 2001 |From: jim-p |Date: Tue, 23 Feb 2021 16:24:49 -0500 |Subject: [PATCH] Try parsing four digit years in cert timestamps. Fixes #11504 | |--- | src/etc/inc/certs.inc | 4 ++++ | 1 file changed, 4 insertions(+) | |diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc |index 050d1860026..42ebf8f74e5 100644 |--- a/src/etc/inc/certs.inc |+++ b/src/etc/inc/certs.inc -------------------------- Patching file etc/inc/certs.inc using Plan A... Hunk #1 failed at 707. 1 out of 1 hunks failed while patching etc/inc/certs.inc done
Patch can NOT be applied cleanly (detail)
Now what can I do?
-
@summer said in SG-3100 notification after update 21.02:
https://github.com/pfsense/pfsense/commit/bdaa35dcf31def521ba8c60c0aa9c41bf5005311.patch
Look at the patch :
/* If that failed, try using a four digit year */ if ($date === false) { $date = DateTime::createFromFormat('YmdHis', rtrim($validTS, 'Z'), new DateTimeZone('Z')); }
if you know how to Ctrl-C Ctrl-V you could copy these 4 lines yourself.
Be careful when testing (nothing will blow up) as there are patches over patches needed - I saw the word regression somewhere. -
Thank you @gertjan for the reply, I've already tried to copy and paste those row in the file on the pfsense box, but to apply the edits something like "compilation" should be triggered after the file save?
If only file save is needed, I don't see any difference on the certification manager.
-
@summer said in SG-3100 notification after update 21.02:
edits something like "compilation"
It's PHP.
It's an interpreted language. Not compiled.
It's the "Basic" of the last decade.It looks easy, because it is.