Certificate DN elements show in incorrect order in webGUI
-
I'm sorry if that's duplicate, I couldn't find a way to search only in a specific group.
I'd like to know if there is a reason for tha behavior below or if I could present a fix for that:
When presenting the list of CAs or the list of certificate, the main column is "Distinct Name", that is obtained from an array in the decoded certificate by function cert_get_subject in /etc/inc/certs.inc. For some reason, the elements of DN are sorted alphabetically by key, that means, the country (C) is always first, state (ST) usually the last with other elements in between. That order has no sense at all, so I see no help at all in two commands there. Although a distinct name is understood by many application, no matter the order of the elements, there are some where that matters a lot. IPsec, for example, will not allow conection if the ID used is a DN in a order different from the actual certificate. So, copying the DN from the Certificates GUI and pasting in IPsec phase 1 settings will give you a headache with no purpose.
More, as said, the new alphabetic order means not but non-sense. To get worst, creating the string, the function join the elements backwards (starting with ST, ending with C). The actual order in the certificates created by pfSense webGUI makes much more sense (starts with CN - more specific, ends with C - less specific). In my point of view, it helps nothing the reordering and is less helpful also, as we can't use it in other applications (we actually must open the certificates details and copy the DN record that is exactly the name above, but, this time, in the correct order.
If that's an issue, the correction is very easy, deleting two lines (the sorting) and adjusting other two (the one that is assembling the elements in the reverse order.