Last Modified: Jul 09, 2025
Affected Product(s):
F5OS F5OS-A, F5OS-C
Known Affected Versions:
F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2, F5OS-A 1.5.3, F5OS-A 1.7.0
Fixed In:
F5OS-C 1.8.0, F5OS-A 1.8.0
Opened: Apr 15, 2024 Severity: 3-Major
When TLS key/cert is set in confd, create-csr accepts invalid SAN values without generating a CSR or errors. Without a key/cert, confdcli correctly validates the CSR. 2: Run create-csr with various san values appliance-1(config)# system aaa tls create-csr name namesan san "" ----------------------------------------------------------------^ syntax error: "" has a bad length/size. <======== EXPECTED appliance-1(config)# system aaa tls create-csr name namesan san '' appliance-1(config)# <===== should give error appliance-1(config)# system aaa tls create-csr name namesan san "IP" appliance-1(config)# <======= should give error appliance-1(config)# system aaa tls create-csr name namesan san "DNS" appliance-1(config)# <==== should give error appliance-1(config)# system aaa tls create-csr name namesan san "f5best" appliance-1(config)# <==== should give error appliance-1(config)# system aaa tls create-csr name namesan san IP:1.1.1.1 response <====== EXPECTED
Confd accepting invalid SAN values
Invalid SAN values are accepted
None
Fixed in F5OS-A 1.8.0 and F5OS-C 1.8.0