security/acme-client: bugfix release

[fraenki]

New features

• Show acme status for each certificate in GUI

Bugfixes

• Avoid API exception by skipping HAProxy integration if validation method is not configured
• Don't log an error if no restart action was specified
• Rename field "CA Account" to "LE Account" to avoid confusion

Example: certificate status in GUI

[fichtner]

Attempting to enable HAProxy integration in LE main settings without a validation method using HAProxy:

Exception: Error at /usr/local/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php:331 - Trying to get property of non-object (errno=8) in /usr/local/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php:84
Stack trace:
#0 /usr/local/opnsense/mvc/app/controllers/OPNsense/AcmeClient/Api/SettingsController.php(331): OPNsense\Base\ApiControllerBase->APIErrorHandler(8, 'Trying to get p...', '/usr/local/opns...', 331, Array)
#1 [internal function]: OPNsense\AcmeClient\Api\SettingsController->fetchHAProxyIntegrationAction()
#2 [internal function]: Phalcon\Dispatcher->callActionMethod(Object(OPNsense\AcmeClient\Api\SettingsController), 'fetchHAProxyInt...', Array)
#3 [internal function]: Phalcon\Dispatcher->_dispatch()
#4 [internal function]: Phalcon\Dispatcher->dispatch()
#5 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle()
#6 {main}

PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 176
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 123

[fraenki]

@fichtner 6013add should fix the API exception.

[fraenki]

PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 176
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 243
PHP Warning:  cert_action_validator(): Node no longer exists in /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php on line 123

I have no idea why and how this can occur.

[fichtner]

@fraenki looks like a new warning in PHP 7.0 we cannot easily mute (except for removing it from PHP, but that is not an option because it will bite us later).

I have been unable to find any recent info on how to fix this. The iterator lifetime is over before the iteration completed. It could also be a reference count issue in PHP itself: data is removed before it is fully released. We will have to see, maybe double-check / reassess with PHP 7.1.

[fraenki]

@fichtner Feel free to merge this PR if the next OPNsense release is close. Otherwise I'll just keep on submitting fixes. :)

[fichtner]

Will take till next week. Leaving it open and thanks for your work! :)

[fraenki]

Houston, we have a new feature ;)

[fichtner]

Merged,thank you!

[fichtner]

Backport commit: 2df9225