BUG? - Unable to generate CSR
-
2.1-BETA1 (amd64)
built on Thu Feb 14 04:54:28 EST 2013
FreeBSD 8.3-RELEASE-p5All fields filled out with the key length at 2048 and no option for digest algorithm.
The following input errors were detected:
Please select a valid Key Length.
Please select a valid Digest Algorithm.Thoughts?
Thanks
B
-
I probably skipped something when adding the digest algorithm bits the other day. Can you open up a ticket on http://redmine.pfsense.org and reference this forum thread.
Thanks.
-
I'm seeing this too. For anyone else who's stumbled over this, it's Bug 2820 in redmine:
http://redmine.pfsense.org/issues/2820
Bruce.
-
I never was able to reproduce the input error, but I just pushed a commit to add the digest algorithm field to the CSR page.
If that still doesn't work I may need a better idea of the exact inputs used to reproduce the error.
-
I just updated the bug with results from testing today's snapshot…the code change got rid of the Digest Algorithm error, but the error about the key length remains.
On a related note, if we're trying to get people to not use SHA1, wouldn't it make sense to pick a stronger message digest algorithm by default?
Thanks,
Bruce.
-
Are there values in the Key Length drop-down? What browser are you using?
So far I wasn't able to reproduce the failure here, even before my last change. I was always able to make a CSR.
As for the default, I thought about pre-selecting SHA256, I just didn't get around to actually doing it yet.
-
ok, found it and fixed it. For some reason I could only reproduce it on my alix, not a full install.
https://github.com/pfsense/pfsense/commit/741d748d72c81f84fdeebe327c6d7ab61f843a84
I also made the digest alg. default to sha256 while I was in there.
https://github.com/pfsense/pfsense/commit/28a20fdbf4621c0f5b854615dcc31f5234812f00
-
Works now on tonight's snapshot…thanks!
Bruce.
