Page MenuHomeVyOS Platform
Create Task
Maniphest T3961

Generate PKI expect 2 character country code
Open, LowPublicBUG
Actions

Description

To reproduce:

vyos@r1-roll# run generate pki ca install caSSTP
Enter private key type: [rsa, dsa, ec] (Default: rsa) 
Enter private key bits: (Default: 2048) 
Enter country code: (Default: GB) USA
Enter state: (Default: Some-State) MIA
Enter locality: (Default: Some-City) Miami
Enter organization name: (Default: VyOS) 
Enter common name: (Default: vyos.io) 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 825, in <module>
    generate_ca_certificate(args.ca, install=args.install, file=args.file)
  File "/usr/libexec/vyos/op_mode/pki.py", line 360, in generate_ca_certificate
    cert_req = generate_certificate_request(private_key, key_type, return_request=True, ask_san=False)
  File "/usr/libexec/vyos/op_mode/pki.py", line 330, in generate_certificate_request
    cert_req = create_certificate_request(subject, private_key, subject_alt_names)
  File "/usr/lib/python3/dist-packages/vyos/pki.py", line 120, in create_certificate_request
    x509.NameAttribute(NameOID.COUNTRY_NAME, subject['country']),
  File "/usr/lib/python3/dist-packages/cryptography/x509/name.py", line 94, in __init__
    raise ValueError(
ValueError: Country name must be a 2 character country code
[edit]
vyos@r1-roll#

Details

Difficulty level
Normal (likely a few hours)
Version
VyOS 1.4-rolling-202110310317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)