Page MenuHomeVyOS Platform
Create Task
Maniphest T2661

SSTP wrong certificates check
Closed, ResolvedPublicBUG
Actions

Description

In python SSTP CLI handler we check certificate existence, but handler does not check this directory or file.
I propose to change os.path.exists() to os.path.isfile()
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/vpn_sstp.py#L326-L336

if not os.path.isfile(sstp['ssl_ca']):
    file = sstp['ssl_ca']
    raise ConfigError(f'SSL CA certificate file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_cert']):
    file = sstp['ssl_cert']
    raise ConfigError(f'SSL public key file "{file}" does not exist')

if not os.path.isfile(sstp['ssl_key']):
    file = sstp['ssl_key']
    raise ConfigError(f'SSL private key file "{file}" does not exist')

Related forum topic https://forum.vyos.io/t/sstp-with-win-10-clients/5560/8

Details

Difficulty level
Unknown (require assessment)
Version
1.3-rolling-202006270117
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Improvement (missing useful functionality)

Related Objects

Event Timeline

Unknown Object (User) created this task.Jun 29 2020, 1:06 PM
Unknown Object (User) updated the task description. (Show Details)Jun 29 2020, 1:12 PM
pasik added a subscriber: pasik.Jun 29 2020, 4:11 PM
Viacheslav added a subscriber: Viacheslav.Jun 24 2021, 8:38 PM

@Dmitry Is it an actual task? Code was rewritten.

dmbaturin added a project: test.Jul 29 2021, 12:48 PM
Unknown Object (User) added a comment.Aug 3 2021, 6:41 AM

@Viacheslav I believe it is still actual for 1.3 https://github.com/vyos/vyos-1x/blob/equuleus/src/conf_mode/vpn_sstp.py#L60-L78
I saw we changed the PKI model only for 1.4. Implement PKI model for 1.3-epa1 a risky

erkin set Issue type to Improvement (missing useful functionality).Aug 29 2021, 2:00 PM
erkin removed a subscriber: Active contributors.
Unknown Object (User) added a comment.Sep 2 2021, 2:08 PM

PR https://github.com/vyos/vyos-1x/pull/989

Unknown Object (User) changed the task status from Open to Needs testing.Sep 2 2021, 3:50 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa1).Nov 1 2021, 10:09 PM
Unknown Object (User) changed the task status from Needs testing to In progress.Nov 24 2021, 6:17 PM
Unknown Object (User) claimed this task.
Unknown Object (User) changed the task status from In progress to Needs testing.EditedNov 24 2021, 6:33 PM

Now certificate files existing should be checked via validator name="file-exists" which was fixed T3695
PR https://github.com/vyos/vyos-1x/pull/1082

Unknown Object (User) closed this task as Resolved.Nov 29 2021, 12:29 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.Aug 30 2022, 2:17 PM