Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.4.4 not working, how to rollback?

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    7 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WantToRollbackToWorkingRelease
      last edited by

      I have recently upgraded from WORKING 2.4.3 to 2.4.4. I see no reason to describe problem since it already discussed here. As I looking here on forums 2.4.4 have too many problems. Why 2.4.4 is not yet revoked? I have to rollback to WORKING 2.4.3. Where I can download it?

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        @wanttorollbacktoworkingrelease said in 2.4.4 not working, how to rollback?:

        Where I can download it?

        You can't. Update to 2.4.4p1 and then make a decent post with all the information possible so you can get help. Or continue having your hissy fit and then cry into your pillow.

        1 Reply Last reply Reply Quote 1
        • W
          WantToRollbackToWorkingRelease
          last edited by WantToRollbackToWorkingRelease

          Sorry for mistake, of course there is the latest (2.4.4p1) version.

          One of (and most important) is that CRL is now dead. Any operation with CRL fails with PHP error:

          Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56

          If CRL is assigned to OpenVPN server then webConfigurator no starting at boot (also firewall and as I think most other services). It worked fine in 2.4.3.

          General problem is that latest published version is obviously buggy, and there is no way to rollback.

          @grimson said in 2.4.4 not working, how to rollback?:

          @wanttorollbacktoworkingrelease said in 2.4.4 not working, how to rollback?:
          You can't.

          Of course I know that. And it's VERY VERY BAD!!! There must be a some time (at least one month) to keep previous versions.

          So my latest question is when it will be fixed?

          chpalmerC 1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer @WantToRollbackToWorkingRelease
            last edited by

            @wanttorollbacktoworkingrelease said in 2.4.4 not working, how to rollback?:

            CRL

            Forgive me WTRBTWR but you seem like a troll.. I say that because every one of my installs I have updated are working flawlessly. Your claims seem wild and unproven to me..

            I probably do not have your working config so I can not say your not having problems.. But its many more of my installs against the one your complaining about. So you can imagine that your issue may be something that no one else has run into yet..

            My first recommendation is to take it back a notch. Then explain your config and how its not working. You get more flys with honey or so they say.

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • W
              WantToRollbackToWorkingRelease
              last edited by

              No, I just was in panic.

              I've checked on clean config (test VM), it works. With one exception - in production CA is an imported intermediate CA. Maybe this is a source of issue? I will try to test it later.

              But you should not disavow that problem exists and it is not just mine - https://forum.netgate.com/topic/137578/upgrade-from-2-4-3-to-2-4-4-failed-no-wan-and-no-webui - absolutely identical. I've fixed it by removing <crlref> from config. But this is not a solution because CRL not work at all.

              1 Reply Last reply Reply Quote 0
              • W
                WantToRollbackToWorkingRelease
                last edited by WantToRollbackToWorkingRelease

                That problem exists if CA imported as a chain (two or more certificates).
                Root CA(s) must be imported.

                PS. Error was:

                Crash report begins.  Anonymous machine information:

amd64
11.2-RELEASE-p4
FreeBSD 11.2-RELEASE-p4 #2 b00c407ba5d(RELENG_2_4_4): Mon Nov 26 11:41:48 EST 2018     root@buildbot2.nyi.netgate.com:/build/ce-crossbuild-244/obj/amd64/ZfGpH5cd/build/ce-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[08-Dec-2018 22:24:41 Europe/Moscow] PHP Fatal error:  Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('')
#1 /etc/inc/certs.inc(1000): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #34, false)
#2 /etc/inc/certs.inc(1018): crl_update(Array)
#3 /usr/local/www/system_crlmanager.php(145): cert_revoke(Array, Array, '4')
#4 {main}
  thrown in /usr/local/share/openssl_x509_crl/X509_CERT.php on line 56



No FreeBSD crash data found.

                Now CRL works except OpenVPN itself

                Dec 8 21:07:23	openvpn	60087	178.130.41.24:59704 VERIFY WARNING: depth=0, unable to get certificate CRL: C=EDITED, ST=EDITED, L=EDITED, O=EDITED, emailAddress=EDITED, CN=EDITED
Dec 8 21:07:23	openvpn	60087	178.130.41.24:59704 VERIFY WARNING: depth=1, unable to get certificate CRL: C=EDITED, ST=EDITED, O=EDITED, OU=EDITED, CN=EDITED, emailAddress=EDITED
Dec 8 21:07:23	openvpn	60087	178.130.41.24:59704 VERIFY WARNING: depth=2, unable to get certificate CRL: C=EDITED, ST=EDITED, L=EDITED, O=EDITED, OU=EDITED, CN=EDITED, emailAddress=EDITED
                1 Reply Last reply Reply Quote 0
                • chpalmerC
                  chpalmer
                  last edited by

                  Nope.. I don't discount that there is an error.. But since we are not affected there is no way for me to know anything is wrong..

                  Do you see your issue reported here anywhere? https://redmine.pfsense.org/projects/pfsense/roadmap

                  Triggering snowflakes one by one..
                  Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.