OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • 22.7.6 Upgrade HAProxy CRL Problem
« previous next »
  • Print
Pages: [1]

Author Topic: 22.7.6 Upgrade HAProxy CRL Problem  (Read 3070 times)

gazd25

  • Newbie
  • *
  • Posts: 38
  • Karma: 3
    • View Profile
22.7.6 Upgrade HAProxy CRL Problem
« on: October 14, 2022, 10:39:30 am »
Hi All,

I've just updated my OPNSense from 22.7.5>6 this morning and I'm now seeing an error around HAProxy being unable to start due to a CRL problem because I use client certificate authentication.

All certs are being issued by a local CA on the OPNSense firewall

I've already tried removing and recreating the CRL then re-adding to the HAProxy frontend, none of which has made any difference. for now to get HAProxy to start correctly I've had to remove the CRL from the public facing frontend, but this is less than ideal.

If I try and re-add it I see the pictured error when doing a test syntax from the HAProxy GUI, so it's definitely related to the CRL somehow, but I cant figure out whats actually wrong.

Coupled to this, the crash reporter is now also regularly reporting the below error, even though HAProxy is functional albeit with no CRL for any revoked certs:

[14-Oct-2022 08:29:49 Europe/London] PHP Fatal error:  Uncaught Error: Call to undefined function crl_update() in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php:74
Stack trace:
#0 {main}
  thrown in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php on line 74
[14-Oct-2022 08:30:30 Europe/London] PHP Fatal error:  Uncaught Error: Call to undefined function crl_update() in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php:74
Stack trace:
#0 {main}
  thrown in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php on line 74
[14-Oct-2022 08:30:58 Europe/London] PHP Fatal error:  Uncaught Error: Call to undefined function crl_update() in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php:74
Stack trace:
#0 {main}
  thrown in /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php on line 74

I know there was some changes to CRL handling, but I thought this was only supposed to impact OpenVPN which seems to be working fine.

Any help in resolving would be very much appreciated guys.

Many thanks

Gareth
« Last Edit: October 14, 2022, 10:49:55 am by gazd25 »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: 22.7.6 Upgrade HAProxy CRL Problem
« Reply #1 on: October 14, 2022, 12:04:27 pm »
https://github.com/opnsense/plugins/commit/2c99d4a6870

# opnsense-patch -c plugins 2c99d4a6870

Problems concerning empty CRLs as described in the 22.7.6 release notes apply for HAProxy as well.


Cheers,
Franco
Logged

gazd25

  • Newbie
  • *
  • Posts: 38
  • Karma: 3
    • View Profile
Re: 22.7.6 Upgrade HAProxy CRL Problem
« Reply #2 on: October 14, 2022, 01:19:10 pm »
Thank you Franco, you are a superstar, I'll get this patch applied  ;D
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.7 Legacy Series »
  • 22.7.6 Upgrade HAProxy CRL Problem
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2