Convert Windows line feeds in squid ca certificate #633
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Avoid FATAL error No valid signing SSL certificate configured load squid with a CA certificate imported from Windows
jim-p
requested changes
Apr 11, 2019
| @@ -1175,7 +1175,7 @@ function squid_resync_general() { | |||
| // Should never get here | |||
| $sslproxy_dhparams = ""; | |||
| } | |||
| file_put_contents($crt_pk, base64_decode($srv_cert['prv']) . base64_decode($srv_cert['crt'])); | |||
| file_put_contents($crt_pk, str_replace("\r\n", "\n", base64_decode($srv_cert['prv']) . base64_decode($srv_cert['crt']))); | |||
There was a problem hiding this comment.
We have a function for this, unixnewlines().
So you'd use unixnewlines( base64_decode($srv_cert['prv']) . base64_decode($srv_cert['crt']) ) here instead of str_replace().
There was a problem hiding this comment.
Perfect, I'll change it. But I'm getting the same error restarting squid without changing the certificate also, so, please, let this PR on hold until I can make more tests.
|
Ok. I'm not sure if it is because of Windows line feeds, but after de key there were no line feed, so writing both key and certificate on the file got us in only one line: Let me try the patch with a newline between key and certificate. |
|
We've seen that before with stunnel: 09b0301 |
instead of str_replace and assuring a new line between key and certificate
rbgarga
requested changes
Apr 24, 2019
jim-p
approved these changes
Apr 24, 2019
netgate-git-updates
pushed a commit
that referenced
this pull request
Apr 26, 2019
netgate-git-updates
pushed a commit
that referenced
this pull request
Sep 27, 2022
Release 2.4.9 Tue September 20 2022
Security fixes:
#629 #640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
Bug fixes:
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
#614 docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
Other changes:
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
#596 #625 Autotools: Sync CMake templates with CMake 3.22
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
#597 #599 Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
#512 #621 Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
#611 #621 MinGW|CMake: Apply MSVC .def file when linking
#622 #624 MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
#597 #627 CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
#626 #641 Stop exporting API symbols when building a static library
#644 Resolve use of deprecated "fgrep" by "grep -F"
#620 CMake: Make documentation on variables a bit more consistent
#636 CMake: Drop leading whitespace from a #cmakedefine line in
file expat_config.h.cmake
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
#592 #593 #610 Address Cppcheck warnings
#643 Address Clang 15 compiler warnings
#642 #644 Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#597 #598 CI: Windows: Start covering MSVC 2022
#619 CI: macOS: Migrate off deprecated macOS 10.15
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
#643 CI: Upgrade Clang from 14 to 15
#637 apply-clang-format.sh: Add support for BSD find
#633 coverage.sh: Exclude MinGW headers
#635 coverage.sh: Fix name collision for -funsigned-char
Special thanks to:
David Faure
Felix Wilhelm
Frank Bergmann
Rhodri James
Rosen Penev
Thijs Schreijer
Vincent Torri
and
Google Project Zero
Exp-run by: antoine
PR: 266524
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Avoid FATAL error No valid signing SSL certificate configured load squid with a CA certificate imported from Windows.
Issue described in this Netgate Forum thread.