Project

General

Profile

Bug #34477

Fix recursion issue in Import Certificate

Added by Larry Rosenman about 1 year ago. Updated about 1 year ago.

Status:
Done
Priority:
No priority
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Severity:
Med High
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Error: Traceback (most recent call last):
  .....
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1018, in call
    return await self._call(name, serviceobj, methodobj, params, pipes=pipes)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 953, in _call
    return await methodobj(*args)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/plugins/crypto.py", line 215, in cert_extend
    {'get': True}
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1018, in call
    return await self._call(name, serviceobj, methodobj, params, pipes=pipes)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 953, in _call
    return await methodobj(*args)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/schema.py", line 646, in nf
    return await f(*args, **kwargs)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/service.py", line 257, in query
    'datastore.query', self._config.datastore, [], datastore_options
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 110, in __next__
    return self.gen.send(None)
  File "/usr/local/lib/python3.6/site-packages/middlewared/main.py", line 1018, in call
    return await self._call(name, serviceobj, methodobj, params, pipes=pipes)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 85, in debug_wrapper
    return CoroWrapper(gen, None)
  File "/usr/local/lib/python3.6/asyncio/coroutines.py", line 95, in __init__
    self._source_traceback = events.extract_stack(sys._getframe(1))
  File "/usr/local/lib/python3.6/asyncio/events.py", line 93, in extract_stack
    lookup_lines=False)
  File "/usr/local/lib/python3.6/traceback.py", line 352, in extract
    filename, lineno, name, lookup_line=False, locals=f_locals))
RecursionError: maximum recursion depth exceeded while calling a Python object

OS Version:
FreeNAS-11.2-MASTER-201806020450

Processor:
Intel(R) Xeon(R) CPU E5645 @ 2.40GHz (24 cores)

Also happens on yesterday's

Associated revisions

Revision 1f6f781b (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) A query method has been added to CertificateAuthority service to stop the recursive loop
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision b516503d (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) A query method has been added to CertificateAuthority service to stop the recursive loop
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision e3deb2c7 (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) A query method has been added to CertificateAuthority service to stop the recursive loop
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision 41ff9ea0 (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) A query method has been added to CertificateAuthority service to stop the recursive loop
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision 5db3e97c (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) A query method has been added to CertificateAuthority service to stop the recursive loop
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision 19c6646b (diff)
Added by Waqar Ahmed about 1 year ago

Ticket: #34477
Following changes have been made:
1) Datastore service is queried for retrieving contents of CA service instead of CA default query method to stop the recursive loop which starts from certificate's extend method
2) Methods in crypto services have been made private
3) Serials weren't unique among a cert chain. This commit fixes that

Revision 827b9de9
Added by Waqar Ahmed about 1 year ago

Merge pull request #1335 from freenas/ticket-34477

Ticket: #34477

History

#1 Updated by Dru Lavigne about 1 year ago

  • Category changed from GUI (new) to Middleware
  • Assignee changed from Release Council to William Grzybowski
  • Private changed from No to Yes
  • Seen in changed from 11.2-RC2 to Master - FreeNAS Nightlies

#2 Updated by William Grzybowski about 1 year ago

  • Assignee changed from William Grzybowski to Waqar Ahmed
  • Target version changed from Backlog to 11.2-RC2
  • Severity changed from High to Med High
  • Needs Merging changed from Yes to No

#3 Updated by Waqar Ahmed about 1 year ago

  • Status changed from Unscreened to Blocked
  • Reason for Blocked set to Waiting for feedback

Hello Larry. I have analysed the error you have received and would like to know the steps you took which gave you this error. I am trying to reproduce the issue on my machine. If there is some other information which you think might be relevant, please share that as well. Thank you. Cheers

#4 Updated by Larry Rosenman about 1 year ago

I just filled in the import Certificate form, and/or the create CA form, and hit enter.

NOTE: This system was updated from about 45-60 days ago to this release.

If you'd like access that can be arranged via private email.

#5 Updated by Waqar Ahmed about 1 year ago

Okay so I went to System --> CA --> Import CA. I filled in the contents of the identifier, certificate and privatekey and clicked save. It moved along as it should have. Then I moved to System --> Certificates --> Import Certificate and repeated the procedure. It also went along as it should have with no errors. Could you kindly tell me if these are the steps you took which caused this issue and if I missed anything, please let me know. Cheers

#7 Updated by Waqar Ahmed about 1 year ago

Thank you for the screenshots Larry. Unfortunately I wasn't able to reproduce the issue as outlined in the screenshots. Can we schedule a team viewer session and I can access your freenas machine and see what could be potentially going wrong ?

#8 Updated by Larry Rosenman about 1 year ago

you bet. What TZ are you in?

#9 Updated by Waqar Ahmed about 1 year ago

GMT+5. What times are you available and your timezone too please. Cheers

#10 Updated by Larry Rosenman about 1 year ago

UTC-5, and we can schedule anytime (I work from home).

I can also punch a hole for you for both SSH and web and give you access if that's easier. Just send mail email.

#11 Updated by Waqar Ahmed about 1 year ago

Larry I think team viewer would be a better choice because it is more transparent and I will most probably require root access as well and on team viewer, I would be more comfortable. Can we schedule a session right away if you're available ? My email is

#12 Updated by Waqar Ahmed about 1 year ago

  • Status changed from Blocked to In Progress
  • Reason for Blocked deleted (Waiting for feedback)

#13 Updated by Waqar Ahmed about 1 year ago

  • Status changed from In Progress to Ready for Testing

#14 Updated by Dru Lavigne about 1 year ago

  • File deleted (ImportTrace.txt)

#15 Updated by Dru Lavigne about 1 year ago

  • Subject changed from FreeNAS Nightly: Import Certificate: Recursion issue to Fix recursion issue in Import Certificate
  • Target version changed from 11.2-RC2 to 11.2-BETA1
  • Private changed from Yes to No
  • Needs Doc changed from Yes to No

#16 Avatar?id=55038&size=24x24 Updated by Zackary Welch about 1 year ago

  • Needs QA changed from Yes to No

I cannot reproduce this at all. I have no problems with import/internal certificates and certificate chains. I talked with Waqar and this appears fixed.

#17 Updated by Dru Lavigne about 1 year ago

  • Status changed from Ready for Testing to Done

Also available in: Atom PDF