Page MenuHomeVyOS Platform

Allow multiple CA certificates (on e.g. EAPoL)
Confirmed, Requires assessmentPublicENHANCEMENT

Description

EAPoL certificates used to specify a certificate file which could include multiple entries (in the file itself, not in the config).

With the move to PKI, this is no longer possible.

Similar issue was noted with OpenVPN and fixed in T4485 see also this forum post: https://forum.vyos.io/t/using-multi-certificate-certificate-file-with-pki-and-openvpn/9043

It might be worth thinking whether there are any other areas this may affect. Given there are at least these two, there could be more.

Details

Difficulty level
Unknown (require assessment)
Version
1.4
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Config syntax change (migratable)
Issue type
Bug (incorrect behavior)

Event Timeline

sdev changed the task status from Open to Confirmed.Oct 29 2022, 5:53 PM
sdev claimed this task.
sdev changed the subtype of this task from "Task" to "Enhancement".
sdev moved this task from Need Triage to Backlog on the VyOS 1.4 Sagitta board.
sdev added a subscriber: sdev.

Good point, I'll try and look into this and see if it can be handled everywhere the new PKI nodes are used.