Page MenuHomeVyOS Platform
Create Task
Maniphest T6400

pki: unable to generate fingerprint for ACME issued certificates
Closed, ResolvedPublicBUG
Actions

Description

Reproduce

set pki ca STAGING-PEM certificate 'MIIFWzCCA0OgAwIBAgIQTfQrldHumzpMLrM7jRBd1jANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQZWFyIFgxMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowWTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSgwJgYDVQQDEx8oU1RBR0lORykgQXJ0aWZpY2lhbCBBcHJpY290IFIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6TR8+74b46mOE1FUwBrvxzEYLck3iasmKrcQkb+gy/z9Jy7QNIAl0B9pVKp4YU76JwxF5DOZZhi7vK7SbCkK6FbHlyU5BiDYIxbbfvOL/jVGqdsSjNaJQTg3C3XrJja/HA4WCFEMVoT2wDZm8ABC1N+IQe7Q6FEqc8NwmTSnmmRQm4TQvr06DP+zgFK/MNubxWWDSbSKKTH5im5j2fZfg+j/tM1bGaczFWw8/lSnukyn5J2L+NJYnclzkXoh9nMFnyPmVbfyDPOc4Y25aTzVoeBKXa/cZ5MM+WddjdLbiWvm19f1sYn1aRaAIrkppv7kkn83vcth8XCG39qC2ZvaQIDAQABo4IBEDCCAQwwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTecnpI3zHDplDfn4Uj31c3S10uZTAfBgNVHSMEGDAWgBS182Xy/rAKkh/7PH3zRKCsYyXDFDA2BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAKGGmh0dHA6Ly9zdGcteDEuaS5sZW5jci5vcmcvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zdGcteDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCNDLam9yN0EFxxn/3p+ruWO6n/9goCAM5PT6cC6fkjMs4uas6UGXJjr5j7PoTQf3C1vuxiIGRJC6qxV7yc6U0X+w0Mj85sHI5DnQVWN5+D1er7mp13JJA0xbAbHa3Rlczny2Q82XKui8WHuWra0gb2KLpfboYj1Ghgkhr3gau83pC/WQ8HfkwcvSwhIYqTqxoZUq8HIf3M82qS9aKOZE0CEmSyR1zZqQxJUT7emOUapkUN9poJ9zGc+FgRZvdro0XByphWXDaqMYph0DxW/10ig5j4xmmNDjCRmqIKsKoWA52wBTKKXK1na2ty/lW5dhtAxkz5rVZFd4sgS4J0O+zm6d5GRkWsNJ4knotGXl8vtS3X40KXeb3A5+/3p0qaD215Xq8oSNORfB2oI1kQuyEAJ5xvPTdfwRlyRG3lFYodrRg6poUBD/8fNTXMtzydpRgyzUQZh/18F6B/iW6cbiRN9r2Hkh05Om+q0/6w0DdZe+8YrNpfhSObr/1eVZbKGMIYqKmyZbBNu5ysENIK5MPc14mUeKmFjpN840VR5zunoU52lqpLDua/qIM8idk86xGWxx2ml43DO/Ya/tVZVok0mO0TUjzJIfPqyvr455IsIut4RlCR9Iq0EDTve2/ZwCuGhSjpTUFGSiQrR2JK2Evp+o6AETUkBCO1aw0PpQBPDQ=='
set pki certificate vyos acme domain-name 'vyos.my.domain.com'
set pki certificate vyos acme email '[email protected]'
set pki certificate vyos acme url 'https://acme-staging-v02.api.letsencrypt.org/directory'
vyos@vyos# run show pki certificate
Certificates:
Name    Type    Subject CN             Issuer CN                            Issued               Expiry               Revoked    Private Key    CA Present
------  ------  ---------------------  -----------------------------------  -------------------  -------------------  ---------  -------------  -------------------------
vyos    Server  CN=vyos.my.domain.com  CN=(STAGING) Counterfeit Cashew R10  2024-05-25 18:16:06  2024-08-23 18:16:05  No         Yes            No

This results in:

vyos@vyos:~$ show pki certificate vyos fingerprint sha512
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 1081, in <module>
    show_certificate_fingerprint(args.certificate, args.fingerprint)
  File "/usr/libexec/vyos/op_mode/pki.py", line 934, in show_certificate_fingerprint
    print(get_certificate_fingerprint(cert, hash))
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/pki.py", line 76, in get_certificate_fingerprint
    fp = cert.fingerprint(hash_algorithm)
         ^^^^^^^^^^^^^^^^
AttributeError: 'bool' object has no attribute 'fingerprint'

Details

Difficulty level
Easy (less than an hour)
Version
1.4.0-epa3
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

c-po created this task.May 25 2024, 7:52 PM
c-po changed the task status from Open to In progress.
c-po claimed this task.
c-po triaged this task as Normal priority.
c-po added a comment.May 25 2024, 7:56 PM

https://github.com/vyos/vyos-1x/pull/3518

c-po moved this task from Need Triage to Finished on the VyOS 1.5 Circinus board.May 25 2024, 7:56 PM
c-po closed this task as Resolved.May 26 2024, 12:50 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta (1.4.0-GA) board.