Page MenuHomeVyOS Platform
Create Task
Maniphest T4782

Allow multiple CA certificates (on e.g. EAPoL)
Confirmed, LowPublicENHANCEMENT
Actions

Description

EAPoL certificates used to specify a certificate file which could include multiple entries (in the file itself, not in the config).

With the move to PKI, this is no longer possible.

Similar issue was noted with OpenVPN and fixed in T4485 see also this forum post: https://forum.vyos.io/t/using-multi-certificate-certificate-file-with-pki-and-openvpn/9043

It might be worth thinking whether there are any other areas this may affect. Given there are at least these two, there could be more.

Details

Difficulty level
Unknown (require assessment)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

jzatarski created this task.Oct 29 2022, 12:44 AM
jzatarski created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Oct 29 2022, 8:01 AM
sdev changed the task status from Open to Confirmed.Oct 29 2022, 5:53 PM
sdev claimed this task.
sdev changed the subtype of this task from "Task" to "Enhancement".
sdev moved this task from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
sdev added a subscriber: sdev.

Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.

jzatarski added a comment.Feb 14 2023, 12:21 AM

Is there any kind of ETA on this? It hasn't moved in a few months, and it is preventing me from being able to upgrade. I understand this probably isn't a huge priority, but an ETA would be nice.

syncer triaged this task as Low priority.Feb 14 2023, 8:25 AM