Uploaded image for project: 'TrueNAS'
  1. TrueNAS
  2. NAS-114761

Incorrect wildcard certificate parsing during creation

    XMLWordPrintable

Details

    Description

      The "create ACME certificate" process incorrectly parses wildcard certificates and refuses to validate.

      Steps to reproduce:

      1. Create a new CSR under the "OpenVPN Server Certificate" profile. Select "*.mydomain.com" as your SAN, and leave CN blank
      2. Attempt to "Create ACME Certificate"
      3. Fill in name, agree to TOS, select authenticator, submit
      4. See error.
      FAILED
      [EINVAL] acme_create.dns_mapping: Wildcards must be at the start of domain name followed by a period 

      The full error trace is as follows:

      Error: Traceback (most recent call last):
        File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 367, in run
          await self.future
        File "/usr/local/lib/python3.9/site-packages/middlewared/job.py", line 403, in __run_body
          rv = await self.method(*([self] + args))
        File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 975, in nf
          return await f(*args, **kwargs)
        File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/crypto.py", line 1709, in do_create
          data = await self.middleware.run_in_thread(
        File "/usr/local/lib/python3.9/site-packages/middlewared/utils/run_in_thread.py", line 10, in run_in_thread
          return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
        File "/usr/local/lib/python3.9/concurrent/futures/thread.py", line 52, in run
          result = self.fn(*self.args, **self.kwargs)
        File "/usr/local/lib/python3.9/site-packages/middlewared/schema.py", line 979, in nf
          return f(*args, **kwargs)
        File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/crypto.py", line 1757, in __create_acme_certificate
          final_order = self.acme_issue_certificate(job, 25, data, csr_data)
        File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/crypto.py", line 1387, in acme_issue_certificate
          raise verrors
      middlewared.service_exception.ValidationErrors: [EINVAL] acme_create.dns_mapping: Wildcards must be at the start of domain name followed by a period
      

       

      Attachments

        Attachments

          JEditor

            Activity

              People

                waqar Waqar Ahmed
                ll12912 John C
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Time Tracking

                    Estimated:
                    Original Estimate - 0 minutes
                    0m
                    Remaining:
                    Remaining Estimate - 0 minutes
                    0m
                    Logged:
                    Time Spent - 1 hour
                    1h