Project

General

Profile

Bug #8298

Error accessing General tab under System from GUI

Added by Fahad Chaudhri over 5 years ago. Updated about 3 years ago.

Status:
Closed: Duplicate
Priority:
Nice to have
Assignee:
Suraj Ravichandran
Category:
Middleware
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hello,

I can't access the General tab under System settings from GUI. I get an error when I click on it.

Background and other info:

It was a fresh install of version 9.3-Stable. After I installed freenas, I started getting these types of error messages when I would use the GUI. My current setup is connected to my active directory.

To get freenas on HTTPS, I imported a self signed certificate that I created using openssl on windows. After importing the certificate, I started getting "Unable to load /api/v1.0/system/certificateauthority/ status: 500" under "CAs" tab and "Unable to load /api/v1.0/system/certificate/ status: 500" under "Certificate" tab.


Error and traceback are below.

-------
Request Method: GET
Request URL: http://199.199.0.11/admin/system/settings/edit/1/?inline=true&dojo.preventCache=1425193837928
Software Version: FreeNAS-9.3-STABLE-201502271818
Exception Type: Error
Exception Value:

[('PEM routines', 'PEM_read_bio', 'no start line')]

Exception Location: /usr/local/lib/python2.7/site-packages/OpenSSL/_util.py in exception_from_error_queue, line 22
Server time: Sun, 1 Mar 2015 02:10:38 -0500

Traceback:
Environment:

Software Version: FreeNAS-9.3-STABLE-201502271818
Request Method: GET
Request URL: http://199.199.0.11/admin/system/settings/edit/1/?inline=true&dojo.preventCache=1425193837928

Traceback:
File "/usr/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
105. response = middleware_method(request, callback, callback_args, callback_kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/middleware.py" in process_view
157. return login_required(view_func)(request, *view_args, **view_kwargs)
File "/usr/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in wrapped_view
22. return view_func(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/options.py" in wrapper
210. return self._admin.admin_view(view)(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
99. response = view_func(request, *args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
52. response = view_func(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/site.py" in inner
142. return view(request, *args, **kwargs)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/options.py" in edit
683. content_type='text/html')
File "/usr/local/lib/python2.7/site-packages/django/shortcuts/
_init__.py" in render
53. return HttpResponse(loader.render_to_string(*args, **kwargs),
File "/usr/local/lib/python2.7/site-packages/django/template/loader.py" in render_to_string
169. return t.render(context_instance)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
140. return self._render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
134. return self.nodelist.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
840. bit = self.render_node(node, context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render_node
854. return node.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
123. return compiled_parent._render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in _render
134. return self.nodelist.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
840. bit = self.render_node(node, context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render_node
854. return node.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/loader_tags.py" in render
62. result = block.nodelist.render(context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render
840. bit = self.render_node(node, context)
File "/usr/local/lib/python2.7/site-packages/django/template/base.py" in render_node
854. return node.render(context)
File "/usr/local/www/freenasUI/../freenasUI/freeadmin/templatetags/freeadmin.py" in render
123. help_text,
File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py" in str
425. return self.as_widget()
File "/usr/local/lib/python2.7/site-packages/django/forms/forms.py" in as_widget
475. return widget.render(name, self.value(), attrs=attrs)
File "/usr/local/lib/python2.7/site-packages/django/forms/widgets.py" in render
504. options = self.render_options(choices, [value])
File "/usr/local/lib/python2.7/site-packages/django/forms/widgets.py" in render_options
528. for option_value, option_label in chain(self.choices, choices):
File "/usr/local/lib/python2.7/site-packages/django/forms/models.py" in iter
1048. for obj in self.queryset.all():
File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py" in iter
96. self._fetch_all()
File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py" in _fetch_all
857. self._result_cache = list(self.iterator())
File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py" in iterator
230. obj = model(*row_data)
File "/usr/local/www/freenasUI/../freenasUI/system/models.py" in init
724. self.
_load_thingy()
File "/usr/local/www/freenasUI/../freenasUI/system/models.py" in _load_thingy
710. self.
_load_certificate()
File "/usr/local/www/freenasUI/../freenasUI/system/models.py" in _load_certificate
700. self.
_certificate = self.get_certificate()
File "/usr/local/www/freenasUI/../freenasUI/system/models.py" in get_certificate
652. self.cert_certificate
File "/usr/local/lib/python2.7/site-packages/OpenSSL/crypto.py" in load_certificate
1219. _raise_current_error()
File "/usr/local/lib/python2.7/site-packages/OpenSSL/_util.py" in exception_from_error_queue
22. raise exceptionType(errors)

Exception Type: Error at /admin/system/settings/edit/1/
Exception Value: [('PEM routines', 'PEM_read_bio', 'no start line')]

cert-tab-error.JPG (29.4 KB) cert-tab-error.JPG Fahad Chaudhri, 02/28/2015 11:25 PM
general-tab-error.JPG (258 KB) general-tab-error.JPG Fahad Chaudhri, 02/28/2015 11:25 PM
2281
2282

Associated revisions

Revision 4cffba98 (diff)
Added by Suraj Ravichandran over 5 years ago

Make Certificate Admin Datagrid View more Robust. An invalid certficate/CA no longer breaks the cert/CA admin view, and upon detection of a malformed certificate it displays an error message (as close and descriptive as possible) on one of the columns in the datagrid and raises an Alert (which only goes away upon deletion) Get Rid of CA edit action (it can lead to corrupting things). Ticket: #8298 Ticket: #6971 Ticket: #9769 Merge-FN93: Yes Merge-TN93: Yes

Revision cbbd9cf2 (diff)
Added by Suraj Ravichandran over 5 years ago

Make Certificate Admin Datagrid View more Robust. An invalid certficate/CA no longer breaks the cert/CA admin view, and upon detection of a malformed certificate it displays an error message (as close and descriptive as possible) on one of the columns in the datagrid and raises an Alert (which only goes away upon deletion) Get Rid of CA edit action (it can lead to corrupting things). Ticket: #8298 Ticket: #6971 Ticket: #9769 Merge-FN93: Yes Merge-TN93: Yes (cherry picked from commit 4cffba9897f804054f9d64d0732b48b0e476cb88)

Revision de908c4a (diff)
Added by Suraj Ravichandran over 5 years ago

Make Certificate Admin Datagrid View more Robust. An invalid certficate/CA no longer breaks the cert/CA admin view, and upon detection of a malformed certificate it displays an error message (as close and descriptive as possible) on one of the columns in the datagrid and raises an Alert (which only goes away upon deletion) Get Rid of CA edit action (it can lead to corrupting things). Ticket: #8298 Ticket: #6971 Ticket: #9769 Merge-FN93: Yes Merge-TN93: Yes (cherry picked from commit 4cffba9897f804054f9d64d0732b48b0e476cb88)

History

#1 Updated by Jordan Hubbard over 5 years ago

  • Category set to 118
  • Assignee set to Suraj Ravichandran
  • Target version set to Unspecified

Hmm.. Well, we definitely shouldn't trace back in the presence of a certificate without the right information in it. Sounds like the Cert you created under windows is missing something (a legit CA?) and you might try using FreeNAS's own cert manager to create one instead, but this bug can track the more defensive coding on our part since we'll be presented with all manner of certs.

#2 Updated by Fahad Chaudhri over 5 years ago

Jordan Hubbard wrote:

Hmm.. Well, we definitely shouldn't trace back in the presence of a certificate without the right information in it. Sounds like the Cert you created under windows is missing something (a legit CA?) and you might try using FreeNAS's own cert manager to create one instead, but this bug can track the more defensive coding on our part since we'll be presented with all manner of certs.

What should I do? Should I remove the certificates? If yes, where are the certificates located? I tried creating a certificate using FreeNAS. However, I can't see the new certificate or CA. I keep getting "Unable to load /api/v1.0/system/certificateauthority/ status: 500" under "CAs" tab and "Unable to load /api/v1.0/system/certificate/ status: 500" under "Certificate" tab.

A little note on the side, I am not very experienced with Linux systems. So, please bare with me if I say or ask something dumb.

#3 Updated by Jordan Hubbard over 5 years ago

First thing you should do is roll back to an update with a working UI (System->Boot menu) then create the CA/Cert using that UI.

#4 Updated by Fahad Chaudhri over 5 years ago

Jordan Hubbard wrote:

First thing you should do is roll back to an update with a working UI (System->Boot menu) then create the CA/Cert using that UI.

Jordan, thanks for getting back.

I think I got it working. I cam across another issue related to mine. I ran the two commands from there. Bug #6971 ( https://bugs.freenas.org/issues/6971 )*Comment # 12*

"This is HIGHLY unadvised but since you ask,

To delete all certificates from the freenas database:

1. Make sure you webgui mode is set to "HTTP" only (if it is not then seta and apply this before proceeding any further with these instructions.
3. Backup your freenas databse file via the webgui.
2. SSH into the freenas system (as root) and execute the commands below:
sqlite3 /data/freenas-v1.db "DELETE FROM system_certificate;"
reboot or you could also just issue a django restart -- service django restart (but this would not delete the certificates from your boot partition."

Once I deleted the certificates and issued a django restart, I was able to access the UI properly. I then created an interal CA on FreeNAS and then created an internal certificate using the internal CA. This time it worked fine. I didn't get any error. I have a working CA, a working Certificate and able to access the UI via HTTPS.

In the comment on the other bug, the person wrote "THIS is highly unadvised". Should I have not done it? Does it create security issues in other places because the command deleted certificates?

If my system isn't safe after running that command, then I can restore back to Initial install.

#5 Updated by Jordan Hubbard over 5 years ago

Your system is safe - if you managed to get through that surgical procedure properly and now have a CA/Cert properly registered and it's being used, you've undone the initial windows cert damage and registered a good one. All that sqlite command did was nuke the certs, and since that was the only one, you are fine.

#6 Updated by Fahad Chaudhri over 5 years ago

Jordan Hubbard wrote:

Your system is safe - if you managed to get through that surgical procedure properly and now have a CA/Cert properly registered and it's being used, you've undone the initial windows cert damage and registered a good one. All that sqlite command did was nuke the certs, and since that was the only one, you are fine.

Jordan, thanks a lot for you help. I guess you can close this case.

#7 Updated by Jordan Hubbard over 5 years ago

Thanks, but I'm leaving it open to see if some defensive programming opportunities present themselves here. However bogus a cert, you don't want the UI to trace back in the presence of it (it should simply say "Invalid cert" at the minimum.

#8 Updated by Suraj Ravichandran over 5 years ago

  • Status changed from Unscreened to Screened

#9 Updated by Suraj Ravichandran over 5 years ago

  • Status changed from Screened to Closed: Duplicate
  • Seen in changed from to 9.3-RELEASE

This is now fixed, it will be available in the next SU (see duplicated to check for when it changes from "Ready for Release" to "Resolved")

#11 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Target version changed from Unspecified to N/A

Also available in: Atom PDF