WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

Bug: RUTX11 Fail to upload certificate

0 votes
330 views 2 comments
by anonymous

While uploading a pem format certificate I got a "Request entity to large" error.

This "Request entity to large" error is because a 500 error is being redirected and masking the real bug. The 500 error was:

Failed to execute call dispatcher target for entry '/admin/system/admin/certificates/import'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/certificate.lua:101: field 'day' missing in date table
stack traceback:
	[C]: in function 'time'
	/usr/lib/lua/luci/model/certificate.lua:101: in function 'import_certificate'
	/usr/lib/lua/luci/controller/administration.lua:273: in function 
	(tail call): ?

The issue is in wrong parsing of output from the 'openssl' command, or, to be more precise, in parsing of certificate expiry date in openssl output.

If we run the command manually, as in certificate.lua:

$ /usr/bin/openssl x509 -in certificate.crt -dates -noout

We get the following:

notBefore=May  7 00:00:00 2020 GMT
notAfter=Jul  6 12:00:00 2022 GMT

Notice the 2 white spaces between Jul and 6. The pattern used in /usr/lib/lua/luci/model/certificate.lua:101 expects only 1 space.

"(%a+) (%d+) (%d+):(%d+):(%d+) (%d+) GMT"

I suspect if my expiry was 'Jul 16' this bug would not appear. Openssl probably left aligns the day, hence single digit dates are padded with an extra white space.

I should mention the firmware is RUTX_R_00.02.04.3.

1 Answer

0 votes
by anonymous

Hello,

We were unable to replicate the issue. Here are the results that we got:

root@Teltonika-RUTX11:~# openssl x509 -in /tmp/certificate.ca -dates -noout
notBefore=Jan 15 07:50:38 2020 GMT
notAfter=Jan 12 07:50:38 2030 GMT

root@Teltonika-RUTX11:~# openssl x509 -in /tmp/certificate.pem -dates -noout
notBefore=Sep 16 11:17:58 2020 GMT
notAfter=Sep 16 11:17:58 2022 GMT

Please tell us in more detail how you generated those certificates, so that we could be able to replicate it.

Regards,
Justin

by anonymous

Chose a date with only 1 digit e.g. the 6th instead of the 16th.

by anonymous
Hello,

Thank you for clarifying the issue, I managed to replicate it.

This will be fixed in the upcoming update, which will be released in a week.

Regards,
Justin