Certificate Revocation fails

[seed]

While i was having an issue with OpenVPN i found a new Problem.
My OpenVPN could not connect. I Configured a CRL in the openvpn settings. The CRL is empty. No client could connect.

While searching for the problem I generated a certificate just for revocation. While trying to revoke the certificate i got this error:

OPNsense 22.7.3_2-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022

2022-09-03T00:45:35   Error   opnsense   #5 {main}   
2022-09-03T00:45:35   Error   opnsense   #4 /usr/local/www/system_crlmanager.php(172): cert_revoke(Array, Array, '-1')   
2022-09-03T00:45:35   Error   opnsense   #3 /usr/local/etc/inc/certs.inc(733): crl_update(Array)   
2022-09-03T00:45:35   Error   opnsense   #2 /usr/local/etc/inc/certs.inc(686): phpseclib3\File\X509->validateSignature(false)   
2022-09-03T00:45:35   Error   opnsense   #1 /usr/local/share/phpseclib/File/X509.php(1286): phpseclib3\File\X509->validateSignatureCountable(false, 0)   
2022-09-03T00:45:35   Error   opnsense   #0 /usr/local/share/phpseclib/File/X509.php(1412): phpseclib3\File\X509->validateSignatureHelper('rsaEncryption', '-----BEGIN PUBL...', 'id-RSASSA-PSS', '\x82\xD5\x8D}D\xBB\x87Wh\xE7)\xD2\xB2`X...', '0\x81\x970\v\x06\t*\x86H\x86\xF7\r\x01\x01...')   
2022-09-03T00:45:35   Error   opnsense   Stack trace:   
2022-09-03T00:45:35   Error   opnsense   Cert revocation error: CRL signature invalid phpseclib3\Exception\UnsupportedAlgorithmException: Signature algorithm unsupported in /usr/local/share/phpseclib/File/X509.php:1455

[Fright]

Hi
some regression with phpseclib3 migration (phpseclib3 internal validation function doing strange things with "public key algorithm" vs. "signature algorithm" when validating signatures)
if the matter is urgent I can suggest a temporary workaround for the OPN internal CA's CRLs. but it will not match the final solution (when it appears)

or you can just disable crl check temporary