4247 questions

5243 answers

8093 comments

5243 members

0 votes
66 views 2 comments
by

While uploading a pem format certificate I got a "Request entity to large" error.

This "Request entity to large" error is because a 500 error is being redirected and masking the real bug. The 500 error was:

Failed to execute call dispatcher target for entry '/admin/system/admin/certificates/import'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/certificate.lua:101: field 'day' missing in date table
stack traceback:
	[C]: in function 'time'
	/usr/lib/lua/luci/model/certificate.lua:101: in function 'import_certificate'
	/usr/lib/lua/luci/controller/administration.lua:273: in function 
	(tail call): ?

The issue is in wrong parsing of output from the 'openssl' command, or, to be more precise, in parsing of certificate expiry date in openssl output.

If we run the command manually, as in certificate.lua:

$ /usr/bin/openssl x509 -in certificate.crt -dates -noout

We get the following:

notBefore=May  7 00:00:00 2020 GMT
notAfter=Jul  6 12:00:00 2022 GMT

Notice the 2 white spaces between Jul and 6. The pattern used in /usr/lib/lua/luci/model/certificate.lua:101 expects only 1 space.

"(%a+) (%d+) (%d+):(%d+):(%d+) (%d+) GMT"

I suspect if my expiry was 'Jul 16' this bug would not appear. Openssl probably left aligns the day, hence single digit dates are padded with an extra white space.

I should mention the firmware is RUTX_R_00.02.04.3.

1 Answer

0 votes
by

Hello,

We were unable to replicate the issue. Here are the results that we got:

root@Teltonika-RUTX11:~# openssl x509 -in /tmp/certificate.ca -dates -noout
notBefore=Jan 15 07:50:38 2020 GMT
notAfter=Jan 12 07:50:38 2030 GMT
root@Teltonika-RUTX11:~# openssl x509 -in /tmp/certificate.pem -dates -noout
notBefore=Sep 16 11:17:58 2020 GMT
notAfter=Sep 16 11:17:58 2022 GMT

Please tell us in more detail how you generated those certificates, so that we could be able to replicate it.

Regards,
Justin

by

Chose a date with only 1 digit e.g. the 6th instead of the 16th.

by
Hello,

Thank you for clarifying the issue, I managed to replicate it.

This will be fixed in the upcoming update, which will be released in a week.

Regards,
Justin