SG-3100 notification after update 21.02

Summer

Hi,
this morning after login I've got this bad news:

Certificate Manager
The following CA/Certificate entries are expiring: 
....
ALL!

It's not possible:

until: Sat, 18 Mar 1916 14:33:20 +0100

what's can be done to restore them?

YannTKO

@summer Hi,
There is a regression
https://redmine.pfsense.org/issues/11504

Yann

Gertjan

And it proses a solution :
@yanntko said in SG-3100 notification after update 21.02:

https://redmine.pfsense.org/issues/11504

Summer

I've followed this guide:
[https://docs.netgate.com/pfsense/en/latest/development/system-patches.html](link url)

added a patch with:

description: fix data cert su arm32
url: https://github.com/pfsense/pfsense/commit/bdaa35dcf31def521ba8c60c0aa9c41bf5005311.patch

path strip count: 2
base directory: /
ignore whitespace: yes

but result in this:

/usr/bin/patch --directory=/ -t -p2 -i /var/patches/6040bbebd1153.patch --check --forward --ignore-whitespace

Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From bdaa35dcf31def521ba8c60c0aa9c41bf5005311 Mon Sep 17 00:00:00 2001
|From: jim-p 
|Date: Tue, 23 Feb 2021 16:24:49 -0500
|Subject: [PATCH] Try parsing four digit years in cert timestamps. Fixes #11504
|
|---
| src/etc/inc/certs.inc | 4 ++++
| 1 file changed, 4 insertions(+)
|
|diff --git a/src/etc/inc/certs.inc b/src/etc/inc/certs.inc
|index 050d1860026..42ebf8f74e5 100644
|--- a/src/etc/inc/certs.inc
|+++ b/src/etc/inc/certs.inc
--------------------------
Patching file etc/inc/certs.inc using Plan A...
Hunk #1 failed at 707.
1 out of 1 hunks failed while patching etc/inc/certs.inc
done

Patch can NOT be applied cleanly (detail)

Now what can I do?

Gertjan

@summer said in SG-3100 notification after update 21.02:

https://github.com/pfsense/pfsense/commit/bdaa35dcf31def521ba8c60c0aa9c41bf5005311.patch

Look at the patch :

	/* If that failed, try using a four digit year */

	if ($date === false) {

		$date = DateTime::createFromFormat('YmdHis', rtrim($validTS, 'Z'), new DateTimeZone('Z'));
	}

if you know how to Ctrl-C Ctrl-V you could copy these 4 lines yourself.
Be careful when testing (nothing will blow up) as there are patches over patches needed - I saw the word regression somewhere.

Summer

Thank you @gertjan for the reply, I've already tried to copy and paste those row in the file on the pfsense box, but to apply the edits something like "compilation" should be triggered after the file save?

If only file save is needed, I don't see any difference on the certification manager.

Gertjan

@summer said in SG-3100 notification after update 21.02:

edits something like "compilation"

It's PHP.
It's an interpreted language. Not compiled.
It's the "Basic" of the last decade.

It looks easy, because it is.