-
Notifications
You must be signed in to change notification settings - Fork 648
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
security/acme-client: SFTP/SSH automation results in fatal PHP error #4363
Comments
Thank you for creating an issue. For more information about the policies for this repository, The easiest option to gain traction is to close this ticket and open a new one using one of our templates. |
We have found out where the error is coming from: In the automation “sftp upload” there is the field “Port”. You have to enter the port used for the SFTP automation in the ACME client, even if this does not differ from port 22, then it works. This is clearly a bug |
Would you please test the following patch?
|
We installed the patch, but the same error occurs. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Describe the bug
We are using the automatisation feature "upload certificate via SFTP" to an windows server with openssl.
The "Test connection" is working fine with every Identy Type (ed25519, RSA and ECDSA) but the real automatisation results in a fatal php error firmware crash.
To Reproduce
Steps to reproduce the behavior:
Relevant log files
System Information:
User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0
FreeBSD 14.1-RELEASE-p6 stable/24.7-n267939-fd5bc7f34e1 SMP amd64
OPNsense 24.7.9_1 b41ccdc9f
Plugins os-acme-client-4.6 os-dmidecode-1.1_1 os-haproxy-4.3_1 os-iperf-1.0_2 os-smart-2.3 os-theme-cicada-1.38 os-theme-rebellion-1.9.1 os-theme-tukan-1.28 os-theme-vicuna-1.48 os-vnstat-1.3_1
Time Thu, 21 Nov 2024 22:21:26 +0100
OpenSSL 3.0.15
Python 3.11.10
PHP 8.2.25
PHP Errors:
[21-Nov-2024 22:21:16 Europe/Berlin] PHP Fatal error: Uncaught TypeError: OPNsense\AcmeClient\SSHKeys::getKnownHostKey(): Argument #2 ($port) must be of type int, string given, called in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php on line 134 and defined in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php:355
Stack trace:
#0 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php(134): OPNsense\AcmeClient\SSHKeys->getKnownHostKey('192.168.200.17', '')
#1 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/SftpClient.php(78): OPNsense\AcmeClient\SSHKeys->trustHost('192.168.200.17', false, '')
#2 /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php(325): OPNsense\AcmeClient\SftpClient->connect('192.168.200.17', 'Administrator', '', '')
#3 /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php(268): connectWithServer(Array, NULL)
#4 /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php(231): uploadCertificatesToHost(Array)
#5 /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/Utils.php(277): commandUpload(Array)
#6 /usr/local/opnsense/scripts/OPNsense/AcmeClient/upload_sftp.php(562): OPNsense\AcmeClient\Utils::runCLIMain('help', 'getOptionsById', Array, 0, 255)
#7 {main}
thrown in /usr/local/opnsense/mvc/app/library/OPNsense/AcmeClient/SSHKeys.php on line 355
Environment
OPNsense 24.7.9_1-amd64
FreeBSD 14.1-RELEASE-p6
OpenSSL 3.0.15
The text was updated successfully, but these errors were encountered: