| Summary: | IPSEC .p12 certificate files exported by GUI are corrupt after update to 158/5867 | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Cok Waaijer <cok> |
| Component: | --- | Assignee: | Stefan Schantl <stefan.schantl> |
| Status: | CLOSED FIXED | QA Contact: | |
| Severity: | Major Usability | ||
| Priority: | - Unknown - | CC: | arne.fitzenreiter, develop, mjozo8, peter.mueller, tomvend |
| Version: | 2 | ||
| Hardware: | x86_64 | ||
| OS: | Windows | ||
|
Description
Cok Waaijer
2021-08-06 10:16:40 UTC
@Stefan, would you have a look at this? @Arne, if a patch is available soon, could we get this as a hot fix in c159? Michael has provided a fix for this issue, which can be found here: https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commit;h=19f5da7f43630734d1b2998204648385cc34b728 Currently we are working on some more fixes for the vpnmain.cgi file which will be submitted as a whole patcheset to the mailing list. I have the same Problem since core 158 up to core 160 Manual copy the .p12 certificates out of /var/ip/certs works fine under Windows 7 and 10 Using the Windows Download Icon in the Web-GUI under IPFire->Service->IPSEC to Download the Client-Certificate.p12 and try to install it, results in the Error "can not recognise filetype". so i have changed the download routine in /srv/web/ipfire/cgi-bin/vpnmain.cgi line 1243 from: ... my @p12 = <FILE>; close(FILE); print "@p12"; ... to: ... while(<FILE>) print $_; # my @p12 = <FILE>; close(FILE); # print "@p12"; ... and it works i am not a perl crack and it looks like the same result but this one works and i dont know why ;) BOM ? (In reply to Stefan Schantl from comment #2) > Michael has provided a fix for this issue, which can be found here: > > https://git.ipfire.org/?p=people/ms/ipfire-2.x.git;a=commit; > h=19f5da7f43630734d1b2998204648385cc34b728 > > Currently we are working on some more fixes for the vpnmain.cgi file which > will be submitted as a whole patcheset to the mailing list. I have tried this hotfix but it won't help. I used to have 159 and migrate to 161 version and there is still a problem with the certificate. I cannot import it in Mikrotik client as I was able in previous versions. Resetting back to ASSIGNED, since nothing was ON_QA here... I just ran into this when trying to export from a Core 159 machine. I applied the fix from Michael to that machine and it seemed to resolve the issue, but I then went to do the same for the Core 162 machine, and it was already applied? I'm not certain if this bug has already been fixed? Hello @all, I've sent a patch to the mailing list to address and hopefully fix the pk12 export issue. https://patchwork.ipfire.org/project/ipfire/patch/20211230191536.2937-1-stefan.schantl@ipfire.org/ Please could anybody test and provide some feedback? Thanks in advance, -Stefan https://git.ipfire.org/?p=people/pmueller/ipfire-2.x.git;a=commit;h=f8384fbf8de3406174dd54a4f22d0900b7fbe6dd Not bumping to MODIFIED since this is my temporary development branch, but I'd expect Arne to pick it up from there soon. |