Error while upgrading to 23.01
-
Got this error when upgrading to 23.01, to resolve I had to stop the OpenVPN service and delete the interface, without with there was not external connectivity.
this was working in the previous release. all the certs were built / generated using the pfsense cert manager.
I have moved over to WireGuard for the most part, so this is not a deal beaker for me, but didn't find any reports of this in redmine either.
[16-May-2023 08:35:39 America/Toronto] PHP Fatal error: Uncaught TypeError: preg_match(): Argument #2 ($subject) must be of type string, array given in /usr/local/share/openssl_x509_crl/ASN1_OCTETSTRING.php:25 Stack trace: #0 /usr/local/share/openssl_x509_crl/ASN1_OCTETSTRING.php(25): preg_match('|^[0-9A-Fa-f]{2...', Array) #1 /usr/local/share/openssl_x509_crl/X509_CERT.php(89): Ukrbublik\openssl_x509_crl\ASN1_OCTETSTRING->__construct(Array) #2 /usr/local/share/openssl_x509_crl/X509_CRL.php(161): Ukrbublik\openssl_x509_crl\X509_CERT::getExtVal_SubjectKeyIdentifier(Object(Ukrbublik\openssl_x509_crl\ASN1_SEQUENCE)) #3 /etc/inc/certs.inc(1086): Ukrbublik\openssl_x509_crl\X509_CRL::create(Array, Object(OpenSSLAsymmetricKey), '0\x82\x04m0\x82\x03U\xA0\x03\x02\x01\x02\x02\x01...') #4 /etc/inc/openvpn.inc(1389): crl_update(Array) #5 /etc/inc/openvpn.inc(1658): openvpn_reconfigure('server', Array) #6 /etc/inc/openvpn.inc(1865): openvpn_restart('server', Array) #7 /etc/inc/openvpn.inc(1907): openvpn_resync('server', Array) #8 /etc/rc.newwanip(261): openvpn_resync_all('wan', 'inet') #9 {main} thrown in /usr/local/share/openssl_x509_crl/ASN1_OCTETSTRING.php on line ``
-
seems to have something with CRLs, I do have one defined with a couple of certificates in it.
-
That is close to https://redmine.pfsense.org/issues/14022
You can install the System Patches package and then create an entry for the following diff to apply the fix:
--- a/src/usr/local/share/openssl_x509_crl/ASN1_OCTETSTRING.php.orig 2023-02-23 13:30:25.173127000 +0000 +++ b/src/usr/local/share/openssl_x509_crl/ASN1_OCTETSTRING.php 2023-02-23 13:30:30.254299000 +0000 @@ -22,7 +22,7 @@ public function __construct($str = "", $twodots = false) { if($str === false) { $this->content = array(); - } else if(preg_match("|^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2})+$|s", $str) /* || $twodots*/) { + } else if(preg_match("|^[0-9A-Fa-f]{2}(:[0-9A-Fa-f]{2})+$|s", (string) $str) /* || $twodots*/) { $octets = explode(':', $str); foreach($octets as &$v) { $v = chr(hexdec($v));
-
@jimp Thanks, that seemed to get rid the error. However since I am moved on from OpenVPN to WG, this was bit of a forcing function for me.