PHP crashing - OpenVPN services down
-
Netgate SG-5100 hardware with latest version:
2.4.5-RELEASE (amd64)
built on Tue Mar 24 15:25:53 EDT 2020
FreeBSD 11.3-STABLEPHP keeps crashing. Seems to have an issue in x509 CRL (Cert Revocation List).
Impacts all OpenVPN instances, which show status "[error] Unable to contact daemon 0 Service not running?"I'm going to roll back to last-known-good config before latest use of Cert. Manager to see if I can recover.
Contents of the Crash Report:
"------------------------------------
Crash report begins. Anonymous machine information:amd64
11.3-STABLE
FreeBSD 11.3-STABLE #233 2c992b2181a(factory-RELENG_2_4_5): Tue Mar 24 15:26:54 EDT 2020 root@buildbot1-nyi.netgate.com:/build/factory-crossbuild-245-amd64/obj/amd64/kkVaWThR/build/factory-crossbuild-245-amd64/sources/FreeBSD-src/sys/pfSenseCrash report details:
PHP Errors:
[12-May-2020 08:51:57 America/Toronto] PHP Fatal error: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('')
#1 /etc/inc/certs.inc(1000): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #253, false)
#2 /etc/inc/openvpn.inc(1252): crl_update(Array)
#3 /etc/inc/openvpn.inc(1418): openvpn_reconfigure('server', Array)
#4 /etc/inc/openvpn.inc(1641): openvpn_restart('server', Array)
#5 /etc/inc/openvpn.inc(1696): openvpn_resync('server', Array)
#6 /etc/rc.bootup(236): openvpn_resync_all()
#7 {main}
thrown in /usr/local/share/openssl_x509_crl/X509_CERT.php on line 56
[12-May-2020 08:52:06 America/Toronto] PHP Fatal error: Uncaught Error: Call to a member function findContext() on null in /usr/local/share/openssl_x509_crl/X509_CERT.php:56
Stack trace:
#0 /usr/local/share/openssl_x509_crl/X509_CRL.php(100): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_Subject('')
#1 /etc/inc/certs.inc(1000): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Resource id #348, false)
#2 /etc/inc/openvpn.inc(1252): crl_update(Array)
#3 /etc/inc/openvpn.inc(1418): openvpn_reconfigure('server', Array)
#4 /etc/inc/openvpn.inc(1641): openvpn_restart('server', Array)
#5 /etc/inc/openvpn.inc(1696): openvpn_resync('server', Array)
#6 /etc/rc.newwanip(250): openvpn_resync_all('wan')
#7 {main}
thrown in /usr/local/share/openssl_x509_crl/X509_CERT.php on line 56No FreeBSD crash data found.
---------------------------------" -
@davebu said in PHP crashing - OpenVPN services down:
Revoked
You actually revoked a certificate ?
Go here https://forum.netgate.com/search and feed it with findContext
It was an issue in previous releases....
-
No, did not revoke a cert. Actually I had not properly associated a CRL with the CA that is used by the OpenVPN Server(s). So crash was a reaction to bad config.
i.e. its a 'newbie' issue. -
Ok, perfect.
@davebu said in PHP crashing - OpenVPN services down:
i.e. its a 'newbie' issue.
I guess you nail that one also asap.
