Certificate Manager - CRL Testing Needed

jimp

It should be the 'e', but it isn't working for me now either. Must be a change I forgot to check in. :-)

I'll have a deeper look on Monday.

jimp

Edit your config, do you have an "<crl>" tag? If so, remove it. Not sure how that might have gotten in there. I had one on one of my VMs also. Guess I need to add some code to check for that and fix/remove it.</crl>

jimp

I just checked in a bunch of fixes for CRL management. Guess I couldn't wait until Monday :-)

The case you were seeing should be fixed now.

Digital

When trying to import existing CRL, got error: "The following input errors were detected: * The field 'Certificate Revocation List data' is required.". Field CRL data, of course, was filled with data from valid CRL.

Tried that with the following snapshot:

2.0-BETA4 (i386)
built on Sun Nov 14 03:54:29 EST 2010

jimp

That should be working on the next snapshot, I just checked in a fix.

mxx

Hi Jimp,

In case you were asking me, yes I had a <crl>tag and I removed it after testing together with the certificate tags under the <system>tag (which didn't work btw as pfsense complained about syntax errors as soon as I removed the <crt>tags from <system>and tried to restore the edited config).

Thanks for the great work, I'm eager to try your new code but can't test it at the moment since I'm having this problem with newer snapshots (DIOCADDRULE device busy et.c).</system></crt></system></crl>

Digital

Ok, just tested it with newer build - CRL imported fine. Tried exporting CRL - 0-byte empty file was exported. The same result when trying to export pfSense-generated CRL.

2.0-BETA4 (i386)
built on Mon Nov 15 16:00:39 EST 2010

jimp

Does your pfSense-generated CRL have any revoked certificates?

The imported one should have exported OK, but a pfSense generated CRL must have at least one revoked certificate before it exports OK. I guess the code still needs a few safety checks for that kind of thing.

I'll have a look sometime today.

jimp

CRL importing was still broken - should be fixed in newer snapshots.

I also disabled the download button for empty CRLs.

Digital

jimp: Yes, I had revoked certificates in my imported CRL file.
I may confirm that CRL importing/exporting is working fine with the Sun Nov 21 02:37:38 EST 2010 build.

Thanks!