Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Unable to edit OpenVPN revocation list
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unable to edit OpenVPN revocation list (Read 1845 times)
Radek
Newbie
Posts: 19
Karma: 0
Unable to edit OpenVPN revocation list
«
on:
November 18, 2022, 10:29:13 am »
Der OPNSense community,
We use dedicated machine without network connectivity to create and revoke OpenVPN certificates. Up to version 22.1 our workflow was always to generate crl.pem on the off-line mahine and manually upload it to the OPNSense gateway.
With 22.7 when going to System => Trust => Revocation and clicking on edit of existing CRL, there is no option to update its content. See attached picture. The workaround seems to be to import new CRL, and than modify the OpenVPN to use that new CRL and than delete the old one.
It was much easier, when we could just edit the existing one. Any hints?
Thanks,
Radek
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: Unable to edit OpenVPN revocation list
«
Reply #1 on:
November 21, 2022, 10:38:09 am »
> there is no option to update its content.
I'm not sure what you mean: there is a selection for a certificate, a status code and a save button. What more do you need?
Cheers,
Franco
Logged
Radek
Newbie
Posts: 19
Karma: 0
Re: Unable to edit OpenVPN revocation list
«
Reply #2 on:
November 23, 2022, 02:58:54 pm »
Dear Franco,
Thank you for follow up and sorry for taking a while to respond. I needed to setup old version of OPNSense (21.7.1) to be able to tell you, how exactly the missing field was called in the older version.
It was called "CRL Data" and you get to it by simply clicking edit on imported CRL certificate. Please see attached screenshot. It is the field which content was erased using red brush.
I hope it is clear what we are missing now. Please let me know, if we can help in any way to clarify our issue. It would be really great, to have this functionality back.
Thanks,
Radek
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: Unable to edit OpenVPN revocation list
«
Reply #3 on:
November 23, 2022, 03:41:52 pm »
Hi Radek,
CRL Data is for imported CRLs. For internal CRLs, you cannot later provide binary blobs but you can edit the certificates included...
Cheers,
Franco
Logged
Radek
Newbie
Posts: 19
Karma: 0
Re: Unable to edit OpenVPN revocation list
«
Reply #4 on:
November 23, 2022, 03:46:27 pm »
Hi Franco,
I am trying to edit imported CRL, but could it be that due to some bug which was introduced in version 22.7 the GUI think that this is internal CRL?
What I am trying to say, same steps works perfectly in 21.7 but do not work in 22.7.
Thanks,
Radek
Logged
Fright
Hero Member
Posts: 1775
Karma: 163
Re: Unable to edit OpenVPN revocation list
«
Reply #5 on:
November 23, 2022, 04:52:01 pm »
looks like missed parentheses at
https://github.com/opnsense/core/blob/7333aa9c40e5c9d74e47b80b85a59014283369d2/src/etc/inc/certs.inc#L666
so all crls treated as internal
will check
Logged
Radek
Newbie
Posts: 19
Karma: 0
Re: Unable to edit OpenVPN revocation list
«
Reply #6 on:
November 23, 2022, 05:03:33 pm »
Hi Fright,
This could easily be - thank you so so much for looking into it!!! Let me know, if you want me to test on 22.7.5 which does not contain
https://github.com/opnsense/core/commit/c3040290ecdff9d4faa92bd3af933427cdd3f756
which is adding the line you mentioned.
Thanks,
Radek
Logged
Fright
Hero Member
Posts: 1775
Karma: 163
Re: Unable to edit OpenVPN revocation list
«
Reply #7 on:
November 23, 2022, 07:26:08 pm »
Hi Radek,
Looks like @AdSchellevis never rests, so you can try to check with
Code:
[Select]
opnsense-patch 5cd36a1
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: Unable to edit OpenVPN revocation list
«
Reply #8 on:
November 24, 2022, 07:52:13 am »
Nice catch, thanks. This patch will be added to 22.7.9 of course.
Cheers,
Franco
Logged
Radek
Newbie
Posts: 19
Karma: 0
Re: Unable to edit OpenVPN revocation list
«
Reply #9 on:
November 24, 2022, 11:18:16 am »
Dear Fright, Franco and AdSchellevis,
You made my day. I just tested
Code:
[Select]
opnsense-patch 5cd36a1
and it WORKS AGAIN!!!
THANK YOU,
Radek
Logged
franco
Administrator
Hero Member
Posts: 17474
Karma: 1587
Re: Unable to edit OpenVPN revocation list
«
Reply #10 on:
November 24, 2022, 11:43:27 am »
Well, sorry about that. We will be more careful with such PHP 8 warning fixes in the future.
Suffice to say, the semantics around ?? are a bit strange, but parenthesis make it easier to read as well.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Unable to edit OpenVPN revocation list