Project

General

Profile

Bug #62478

Do not raise SSL invalid alert when SSL is not in use

Added by Colm Connolly 8 months ago. Updated 6 months ago.

Status:
Done
Priority:
No priority
Assignee:
Waqar Ahmed
Category:
Middleware
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hey,

I'm getting an alert email about unsupported certs. This despite the CA and certificates parts of the GUI not showing the presence of any certs/CA on the system.

At one point I had an externally created CA loaded into the 11.1-U6 (from which I upgrade to 11.2-RC2) but these are now showing in the GUI. (11.2-RC2 also sent the email and no certs showed in the GUI there either.

System / General / Protocol is set to HTTP only.

Since I suspect you'll need more info, please let me know what you need, I'm happy to provide it.

Alert email body:

Gone alerts:
  • FreeNAS does not support certificates with keys shorter than 1024 bits. HTTPS will not be enabled until a certificate having at least 1024 bit keylength is provided

Alerts:


Related issues

Related to FreeNAS - Bug #62892: Disallow import or creation of certificates with key lengths less than 1024Done

Associated revisions

Revision f506e575 (diff)
Added by Waqar Ahmed 8 months ago

Bug fix for alert file

This commit fixes a bug when protocol for system was set to HTTP and nginx did not remove a ssl invalid alert file which was created when the protocol was either http or httphttps.
Ticket: #62478

Revision 681407bb (diff)
Added by Waqar Ahmed 8 months ago

Bug fix for alert file (#2216)

This commit fixes a bug when protocol for system was set to HTTP and nginx did not remove a ssl invalid alert file which was created when the protocol was either https or httphttps.
Ticket: #62478

History

#1 Updated by Dru Lavigne 8 months ago

  • Category changed from Services to Middleware
  • Assignee changed from Release Council to William Grzybowski

#2 Updated by William Grzybowski 8 months ago

  • Assignee changed from William Grzybowski to Waqar Ahmed
  • Target version changed from Backlog to 11.2-U2

Colm, do these certificates show in the legacy UI?

#3 Updated by Colm Connolly 8 months ago

William Grzybowski wrote:

Colm, do these certificates show in the legacy UI?

Not sure. I'll check tonight (EST) and let you know.

#4 Updated by Waqar Ahmed 8 months ago

Thank you Colm, that would be great, meanwhile we will be looking at our end. Plus when possible, please share a debug as well ( system -> advanced -> save debug )

#5 Updated by Waqar Ahmed 8 months ago

  • Status changed from Unscreened to In Progress

#6 Updated by Colm Connolly 8 months ago

Waqar Ahmed wrote:

Thank you Colm, that would be great, meanwhile we will be looking at our end. Plus when possible, please share a debug as well ( system -> advanced -> save debug )

From the new or old UI? Or does it matter?

#7 Updated by Waqar Ahmed 8 months ago

It doesn't. Which ever you are more comfortable with

#8 Updated by Colm Connolly 8 months ago

Waqar Ahmed wrote:

It doesn't. Which ever you are more comfortable with

I just checked. Neither CA or cert show in the old GUI. The debug is 1.5MB so I can't attach it here. Is there some where else I can up load? Also, it goes back to last June. Are you sure you want it?

#9 Updated by Bug Clerk 8 months ago

  • Status changed from In Progress to Ready for Testing

#11 Updated by Dru Lavigne 8 months ago

  • Subject changed from Alert emails about unsupported SSL certs despite no certs showing in GUI to Do not raise SSL invalid alert when SSL is not in use
  • Needs Doc changed from Yes to No
  • Needs Merging changed from Yes to No

#14 Updated by Dru Lavigne 6 months ago

  • Related to Bug #62892: Disallow import or creation of certificates with key lengths less than 1024 added

#16 Updated by Dru Lavigne 6 months ago

  • Status changed from Passed Testing to Done
  • Needs QA changed from Yes to No

Also available in: Atom PDF