PHP Fatal error: Uncaught TypeError: openssl_pkey_get_details(): Argument #1 ($key) must be of type OpenSSLAsymmetricKey, bool given in /root/scripts/pfsense_zbx.php:1237
ID3000G opened this issue · 14 comments
I have this Crash reporter error :
[30-Jan-2024 16:45:55 Europe/Paris] PHP Fatal error: Uncaught TypeError: openssl_pkey_get_details(): Argument #1 ($key) must be of type OpenSSLAsymmetricKey, bool given in /root/scripts/pfsense_zbx.php:1237
Stack trace:
#0 /root/scripts/pfsense_zbx.php(1237): openssl_pkey_get_details(false)
#1 /root/scripts/pfsense_zbx.php(1260): pfz_get_cert_pkey_info('9')
#2 /root/scripts/pfsense_zbx.php(1652): pfz_get_ref_cert_algo_bits('9')
#3 {main}
thrown in /root/scripts/pfsense_zbx.php on line 1237
PFSense 2.7.1
First, did you check if you have the latest pfsense_zbx.php?
Yes i have dowloaded it before open issue and redownloaded today. Still the same error
ls -alh /root/scripts/pfsense_zbx.php : -rw-r--r-- 1 root wheel 47K Feb 1 14:26 /root/scripts/pfsense_zbx.php
I have the same error with pfsense .2.7.0.
It actually started suddenly after I removed some expired certificates from pfsense. Was working ok previously and I didn't change the script.
I think I got it fixed, deleting all the cached certificate info files in /root/.ssl/
I cannot currently remove any other certificate to see if start erroring again but probably something to do with cached files of removed certificates.
Ok, I spoke too soon... looks like cache generation take its time and when I checked before not all the certinfo_xx.json file were generated...
I have some of them which contains the string "false" instead of the actual certificate info and the error happens just for those.
I am not how those are generated so why the "false" string.
Hi @denisgrilliGMSL,
is your issue related to a single certificate or the whole cert checking is broken?
From what I could gather, my situation is the following:
I have 105 certificates in pfsense but the script generates 113 certinfo_xxx.json files.
Certinfo_0.json to Certinfo_104.json are fine, they contains the correct certificate information.
Certinfo_105.json to Certinfo_112.json contains the string "false".
The pfsense_zbx.php script cycle through them correctly until gets to Certinfo_105.json while of course start erroring and generate a crash report for each of the certinfo files from 105 to 112.
It looks like if there is some leftover (remember I removed some certificates today) somewhere which make the pfsense_zbx.php script think there are still 113 certificates despite 8 have been removed.
It could be an issue with pfsense and the way it removes certificates... Where pfsense_zbx.php gets its list of certificates?
And certinfo_105.json to certinfo_112.json are present on disk?
Yes, they are present on disk and contains the string "false".
Estou com o mesmo problema
Tried to delete the certfileXX.json with false content as @denisgrilliGMSL tried. No success. The pfSense recreates the files with the same content: false.
I think there are 2 ways to solve the problem:
- Tell pfSense to not recreate revoked certificates. My deployment has no squid or such, so, I dont have a clue on how to do this.
- Insert a if on the line 1237 (just wondering, not a real analisys) that skips if the certificate has false content.
After reading this comments in netgate's forum and tried the following in an attempt to fix the problem through pfSense config.
cd /root/.ssl
grep "^false" | awk -F\: '{ print $1 }' | xargs rm -Rf # Delete all certificates with false in file content
rm -Rf /tmp/config.cache # Deletes the pfSense config cache
/etc/rc.reload_all start # Reloads config files, then rebuid cache configuration.
reboot
It made the problem to take longer (some minutes longer) to show. But didn't solve.
I'm also experiencing this same issue with version 2.7.2 with the latest version of pfsense_zbx.php