Page MenuHomeVyOS Platform

PKI operational command return traceback
Open, Requires assessmentPublicBUG

Description

It happens when the router upgrades from 1.3-epa3 to 1.4-rolling-202111150317 and certificates from LE was configured.

[email protected]:~$ show pki certificate openconnect 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/pki.py", line 858, in <module>
    show_certificate(None if args.certificate == 'all' else args.certificate)
  File "/usr/libexec/vyos/op_mode/pki.py", line 719, in show_certificate
    ca_name = get_certificate_ca(cert, ca_certs)
  File "/usr/libexec/vyos/op_mode/pki.py", line 88, in get_certificate_ca
    for ca_name, ca_dict in ca_certs.items():
AttributeError: 'bool' object has no attribute 'items'

Configuration

set pki certificate openconnect certificate 'MIIFJTCCBA2gAwIBAgISA8cqX+13GvADD0tax9G6OgcbMA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTExMTUwNzQ4MjJaFw0yMjAyMTMwNzQ4MjFaMBoxGDAWBgNVBAMTD2FsZmFiYW5rLWFwaS5ydTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUusyBzGXESepKO4ZfrgpT5IT2OHioTJokkHSTNLr+YcFRHBL5pfniEcpyFgxQx4CzMSj3Tiy1HH7kZST0jXcQzNaAWMQc5folZ/J6UUUhBIbNArPxh+TY8Ap/J2raUAO4Tq8SIZIY3dGMMcmv/dH/cSE6X19U+LT3RJstGtIbqnEtgz2qCoX/FNnPVLW7Ezt6IEgsvzZjrpSN8ILnH2vp8z/al0S3I5sIpgpJp5FE+LmD2fQMozS85rV3XXpmDsQmE8lzDHI99pRstXVVner1NWpxshTo23BpZINckt9NcZpZaB0bHvDL6B98cMN1G/RZHVeruKuHAru6jbs4O8C8CAwEAAaOCAkswggJHMA4GA1UdDwEB/wNEAwIFoDAdBgNVHSUEFjAUBggrBgEFBNcDANYIKwYBBNUHAwIwDAYDVR0TANH/BAIwADAdBgNVHN4EFgNU+pBZWKiBs9VuWXrFG+5lw55NNHNwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVNYIKwYBBNUHANEESTBHMCEGCCsGANUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBNUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wGgYDVR0RBBMwEYIPYWxmYWJhbmstYXBpLnJ1MEwGA1UdIARFMEMwCAYGZ1EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um1havy/HD+bUcAAAF9Ish18gAABAMARzBFAiBJ1Li3JLcKpu8SxF/f902eCR9v+gRSsXwtq1MqxLQZKwIhAIih1dOoVBiNZrjzAfjwfblPzgvtwjIJgYGGN9gtpi+tAHcAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF9Ish1HgAABAMASDBGAiEAqpLzYJ57iFthMjE1UVtEBkS8y/9s6ioMAZ5aWMNXX10CIQCBKIruAAPYs3iygo+SvaCLiiUjblZ2XeeEo1QABq2ldDANBgkqhkiG9w0BAQsFAAOCAQEAFTAjWmjYq8CI1VMsQHxCMO1GozsCUbdH1l2EuGDo2ZmkbzbB1ysWxz2hPwC25ArF6osBxtyl+117sAZGYOm0hV9nLU7dQD6NNzhlAip0E6ts9fZDXc1GqA8nZ6oAMtzExglsy2KKt9x6RH1p2s2qEjToBCH6dnBqYeUCiojS5F51AbaIudUF1hmOGUF9BkEKC95xpeW38LF1Z9ihNIwP3B7pmN7kHajpP+37CvEgO1VKL3ozu00honvus29BYzdV7nCqBHioxJq6DhYXUgIAw0QCeGOwW+lAW08DqucyE/hy8uiVx6YPrqUpiSxL8Dusd6YiNL5Rg/Io+1+hxRQtw=='
set pki certificate openconnect private key 'MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVLrMgcxlxEnqSjuGX61KU+SE9jh1qEyaJJB0kzS6/mHBURwS+aX51hHKchYMUMeAszEo901stRx+5GUk9I13EMzWgFjEHOX6JWfyelFFIQSGzQKz8Yfk2PAKfydq2lADuE6vEiGSGN3RjDHJr/3R/3EhOl9fVPi090SbLRrSG6pxLYM9qgqF/xTZz1S1uxM7eiBILL82Y66UjfCC5x9r6fM/2pdEtyObCKYKSaeRRPi5g9n0DKM0vOa1d116Zg7EJhPJcwxyPfaUbLV1VZ3q9TVqcbIU6NtwaWSDXJLfTXGaWWgdGx7wy+gffHDDdRv0WR1Xq7irhwK7uo27ODvAvAgMBAAECggEAPg1C/G1kuMJdRa1rwvI+J6lBYM6uvyal8APALAdCFWmFQTMPEXJZ6zD6v88pccZ27/DjpQ2gFMUAWfwfUpmp1MPbV0c+bFDzIX19R9f6tSKocapg8HKAfaYISYUTklQQ1TyKooHlaSBZU7+6yu8odVOlBKO0oxEfUEBCn6dsQ10dr6qswhexRqJXlFxUiUVX82J2dKAPHzGvYy/w3M1vpSIkiyO0OMJ+3brRAmgU/A3pLKL5a1olo3PgpCXAdKd7YFhZUgJRELzyWHklBwh6LVmJ/rsmC0Cwjf3VshyFFe1+l01LpbqoFTK6+M6Teqix7BRf5qpb2sJrp6REO3gu6QKBgQDsCuOeQ6C9djG2CCaCSSIp/BurfkpYJrF/JBJdFqJzuIls0khI0J7d9Dkpl6SsvdeZ3lqIXejbl+qRtBf+D++vLGZ8L2mbJjjkGP9qMqZWPFSeUpSBmrK0DJireLxRJUPqXqLBufCwQ53mxpo/6LxMeci6bv7LJi5taCqhOpLK5QKBgQDmpGRw7Gv/TREkyBJb72xHjo+I0CR/CViP6v97kM0gCX+jAC8Ay8GmkCgBvCo9aU5GUm6SIUpKRWrifxvy1gMeYdAOoQdkTdCws6gV161OWPWGDrP1es1jXw3aDfTKil2dT/dSm1TbJdFihWJqW0Oge/0xH0jjGyc+rxa6mtHZgwKBgQDSAuf1VQK6hcfzT/7sdC2MtAT+/dUQTi9lr+dYlblTyiq22iBr+DW1u1Vso/C1k31jRCXHiMoe9MOt1FEjHpPWPysq913ctVzzHji70f6ONXfJGXRTX7FSWoe6USubPd78ikgcd2VYc7sW05ieNnvByKlexxr/xYCZflMe/HTC/QKBgQDlXkFBB+2TFHpjINEZOq5tLzpRMDKJItqLLYHryaIlJS0Y1jroSLoJxImx+LT087/TMXEixBaUbBqSqyQJVHkTguSdV8j5GGiZISGcuzKDwvZQ3lheWQnetA4bd1uk/RuCMZ9dOHqYAjEMEGhCKwbDF+tBKcKbkEpkDU3GP+dHrwKBgDDPpcupGljzaQjO9tus0Erc9GOdBya7ebUvszZODxwUe4DJpSUNEjrjTxYqtyBnyFtftwN0105AcPF3u1fjkZUw3wNm2QtW2eUQjZPJYaX9zlV4F2dxnL9toDI+HoptYe8o4dzVOmVZLph2oYOOSgVOOjS/q6nYZMN9OILHlYMg'
set vpn openconnect authentication local-users username user1 password 'SecretPassword'
set vpn openconnect authentication mode 'local'
set vpn openconnect network-settings client-ip-settings subnet '100.64.0.0/24'
set vpn openconnect network-settings name-server '1.1.1.1'
set vpn openconnect network-settings push-route '172.16.255.0/24'
set vpn openconnect ssl certificate 'openconnect'

Note: In this bug-report certificates were manually modified.

Details

Difficulty level
Normal (likely a few hours)
Version
1.4-rolling-202111150317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Cosmetic issue (typos etc.)