Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 32
fleet/server/fleet
History
Nico 9d8d07b850
Fix: certificate field too long error due to osquery not encoding non-ascii characters (#40095) 
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #37306 

I think we should actually solve this at the osquery level, but this is
just an alternative solution.

# Checklist for submitter

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.

## Testing

- [x] Added/updated automated tests

- [x] QA'd all new/changed functionality manually

#### Setup

On a macOS VM:

1. Generated a certificate with Cyrillic characters in CN and O fields:

```bash
openssl req -x509 -newkey rsa:2048 -keyout newkey.pem -out newcert.pem -days 365 -nodes -utf8 -subj "/CN=АБВГДЕЖЗИКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯа/O=АБВГДЕЖЗИКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯа"
```

2. Installed the certificate:

```bash
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain newcert.pem
```

#### Before

Refetched vitals and observed certificate field too long error logs:

```
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=subject_org host_id=32 original_length=304 max_length=255 truncated_value=\xC3\x90\xC2\xA2\xC3\x90\xC2\xB5\xC3\x91\xC2\x81\xC3\x91\xC2\x82\xC3\x90\xC2\xBE\xC3\x90\xC2\xB2\xC3\x90\xC2\xB0\xC3\x91\xC2\x8F\xC3\x90\xC2\x9E\xC3\x91\xC2\x80\xC3\x90\xC2\xB3\xC3\x90\xC2\xB0\xC3\x90\xC2\xBD\xC3\x90\xC2\xB8\xC3\x90\xC2\xB7\xC3\x90\xC2\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=subject_common_name host_id=32 original_length=304 max_length=255 truncated_value=\xC3\x90\xC2\xA2\xC3\x90\xC2\xB5\xC3\x91\xC2\x81\xC3\x91\xC2\x82\xC3\x90\xC2\xBE\xC3\x90\xC2\xB2\xC3\x90\xC2\xB0\xC3\x91\xC2\x8F\xC3\x90\xC2\x9E\xC3\x91\xC2\x80\xC3\x90\xC2\xB3\xC3\x90\xC2\xB0\xC3\x90\xC2\xBD\xC3\x90\xC2\xB8\xC3\x90\xC2\xB7\xC3\x90\xC2\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=issuer_org host_id=32 original_length=304 max_length=255 truncated_value=\xC3\x90\xC2\xA2\xC3\x90\xC2\xB5\xC3\x91\xC2\x81\xC3\x91\xC2\x82\xC3\x90\xC2\xBE\xC3\x90\xC2\xB2\xC3\x90\xC2\xB0\xC3\x91\xC2\x8F\xC3\x90\xC2\x9E\xC3\x91\xC2\x80\xC3\x90\xC2\xB3\xC3\x90\xC2\xB0\xC3\x90\xC2\xBD\xC3\x90\xC2\xB8\xC3\x90\xC2\xB7\xC3\x90\xC2\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=issuer_common_name host_id=32 original_length=304 max_length=255 truncated_value=\xC3\x90\xC2\xA2\xC3\x90\xC2\xB5\xC3\x91\xC2\x81\xC3\x91\xC2\x82\xC3\x90\xC2\xBE\xC3\x90\xC2\xB2\xC3\x90\xC2\xB0\xC3\x91\xC2\x8F\xC3\x90\xC2\x9E\xC3\x91\xC2\x80\xC3\x90\xC2\xB3\xC3\x90\xC2\xB0\xC3\x90\xC2\xBD\xC3\x90\xC2\xB8\xC3\x90\xC2\xB7\xC3\x90\xC2\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=subject_org host_id=32 original_length=256 max_length=255 truncated_value=\xD0\x90\xD0\x91\xD0\x92\xD0\x93\xD0\x94\xD0\x95\xD0\x96\xD0\x97\xD0\x98\xD0\x9A\xD0\x9B\xD0\x9C\xD0\x9D\xD0\x9E\xD0\x9F\xD0\xA0\xD0\xA1\xD0\xA2\xD0\xA3\xD0\xA4\xD0\xA5\xD0\xA6\xD0\xA7\xD0\xA8\xD0\xA9\xD0\xAA\xD0\xAB\xD0\xAC\xD0\xAD\xD0\xAE\xD0\xAF\xD0\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=subject_common_name host_id=32 original_length=256 max_length=255 truncated_value=\xD0\x90\xD0\x91\xD0\x92\xD0\x93\xD0\x94\xD0\x95\xD0\x96\xD0\x97\xD0\x98\xD0\x9A\xD0\x9B\xD0\x9C\xD0\x9D\xD0\x9E\xD0\x9F\xD0\xA0\xD0\xA1\xD0\xA2\xD0\xA3\xD0\xA4\xD0\xA5\xD0\xA6\xD0\xA7\xD0\xA8\xD0\xA9\xD0\xAA\xD0\xAB\xD0\xAC\xD0\xAD\xD0\xAE\xD0\xAF\xD0\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=issuer_org host_id=32 original_length=256 max_length=255 truncated_value=\xD0\x90\xD0\x91\xD0\x92\xD0\x93\xD0\x94\xD0\x95\xD0\x96\xD0\x97\xD0\x98\xD0\x9A\xD0\x9B\xD0\x9C\xD0\x9D\xD0\x9E\xD0\x9F\xD0\xA0\xD0\xA1\xD0\xA2\xD0\xA3\xD0\xA4\xD0\xA5\xD0\xA6\xD0\xA7\xD0\xA8\xD0\xA9\xD0\xAA\xD0\xAB\xD0\xAC\xD0\xAD\xD0\xAE\xD0\xAF\xD0\xB
ts=2026-02-18T21:50:47Z level=error msg="truncating certificate field" err="certificate field too long" field=issuer_common_name host_id=32 original_length=256 max_length=255 truncated_value=\xD0\x90\xD0\x91\xD0\x92\xD0\x93\xD0\x94\xD0\x95\xD0\x96\xD0\x97\xD0\x98\xD0\x9A\xD0\x9B\xD0\x9C\xD0\x9D\xD0\x9E\xD0\x9F\xD0\xA0\xD0\xA1\xD0\xA2\xD0\xA3\xD0\xA4\xD0\xA5\xD0\xA6\xD0\xA7\xD0\xA8\xD0\xA9\xD0\xAA\xD0\xAB\xD0\xAC\xD0\xAD\xD0\xAE\xD0\xAF\xD0\xB
```



https://github.com/user-attachments/assets/31b80643-34fb-42ee-b3a1-19d54fe1d516

#### After



https://github.com/user-attachments/assets/d49c1643-0920-4607-a2f1-fa6bb658c16b
2026-02-19 13:05:04 -03:00
..
policytest Updating golangci-lint to 1.61.0 (#22973) 2024-10-18 12:38:26 -05:00
activities.go Remove automation for audit-logs.md (#39937) 2026-02-18 09:16:57 -05:00
agent_options.go API + auth + UI changes for team labels (#37208) 2025-12-29 21:28:45 -06:00
agent_options_generated.go Update osquery schema and flags to 5.21.0 (#38248) 2026-01-14 09:29:45 -03:00
agent_options_test.go API + auth + UI changes for team labels (#37208) 2025-12-29 21:28:45 -06:00
aggregated_stats.go Performance stats for live queries (#15440) 2023-12-13 14:46:59 -06:00
android.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
android_test.go Android software configuration: track status, verification (#36966) 2025-12-16 11:31:43 -05:00
app.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
app_test.go Obfuscate calendar key (#38687) 2026-01-26 16:59:13 -07:00
apple_mdm.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
apple_mdm_test.go Experimental fleet server config for custom updates & disk encryption settings (#34598) 2025-10-22 13:51:10 -04:00
authz.go Add new Technician role (#39564) 2026-02-11 15:00:10 -03:00
calendar.go Update calendar event text to match recent changes to "My device" page (#32334) 2025-08-29 14:52:44 -05:00
calendar_events.go Handle null HostID on calendar webhook endpoint (#30130) 2025-06-23 13:10:10 -04:00
calendar_events_test.go Fixed issue where callback was clearing event body tag. (#20997) 2024-08-05 13:44:30 -03:00
campaigns.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
capabilities.go Turn off end-user auth capability for macos (#37151) 2025-12-12 11:07:32 -03:00
capabilities_test.go fix panic if concurrent requests write capabilities (#13278) 2023-08-10 19:49:07 -03:00
carves.go report errors that can occur during file carving (#8972) 2022-12-09 13:21:30 -03:00
certificate_authorities.go Clean up Windows profile preprocess parameter passing in advance of adding additional profile variables (#35809) 2025-11-17 09:44:24 -06:00
certificate_authorities_test.go Add support for $FLEET_VAR_HOST_HARDWARE_SERIAL in Windows profiles, $FLEET_VAR_HOST_PLATFORM in Windows/Apple profiles (#35812) 2025-11-24 10:18:47 -06:00
certificate_templates.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
certificate_templates_test.go Add Android cert immediate statuses (#36978) 2025-12-13 13:58:35 -06:00
conditional_access_idp.go Okta IdP Apple profile endpoint + fixes (#35526) 2025-11-14 13:49:08 -06:00
conditional_access_microsoft.go Microsoft Compliance Partner backend changes (#29540) 2025-06-11 14:22:46 -03:00
cron_schedules.go Trigger vuln processing when it runs on a separate server (#39612) 2026-02-17 09:18:03 -06:00
datastore.go Vulnerabilities cron optimization (#39820) 2026-02-18 13:59:15 -06:00
db.go Refactor common_mysql (#37245) 2026-01-07 16:26:44 -06:00
device.go Updated Fleet Desktop to use alternative browser host setting from server (#38260) 2026-01-14 12:59:23 -04:00
digicert.go Hydrant CA Feature Branch (#31807) 2025-09-04 12:39:41 -04:00
emails.go [Bug fix] Unclear error message: Update users email via API (#36579) 2025-12-02 10:52:31 -06:00
emails_test.go Custom email device-mapping: implement the CLI (fleetd + fleetctl) changes (#15763) 2023-12-21 11:22:59 -06:00
errors.go Improved OpenTelemetry error handling (#38757) 2026-01-26 17:07:32 -06:00
errors_test.go Adding telemetry for specific Fleet Desktop errors (#23349) 2024-10-31 14:24:42 -05:00
est_ca.go EST certificate proxy backend and configs (#34689) 2025-11-04 16:27:15 -05:00
fleet_vars.go Prevent IT admins from deleting a secret variable in use (#32161) 2025-08-22 11:22:37 -03:00
fleet_vars_test.go Prevent IT admins from deleting a secret variable in use (#32161) 2025-08-22 11:22:37 -03:00
fleetctl.go
geoip.go 🧹 friday cleanup party: substitute deprecated import of go-kit (#19774) 2024-06-17 10:27:31 -03:00
global_schedule.go Remove unneeded interfaces (#1779) 2021-08-24 18:49:56 -03:00
host_certificate_template.go Renew android certificates backend (#37959) 2026-01-08 13:02:33 -07:00
host_certificates.go Fix: certificate field too long error due to osquery not encoding non-ascii characters (#40095) 2026-02-19 13:05:04 -03:00
host_certificates_test.go Fix: certificate field too long error due to osquery not encoding non-ascii characters (#40095) 2026-02-19 13:05:04 -03:00
hostresponse.go Add options to populate users and labels on list hosts endpoint (#25621) 2025-01-22 11:17:26 -05:00
hosts.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
hosts_test.go Update server-proto version to 9, implement THROTTLED w/ 24h cooldown (#38920) 2026-01-29 15:31:28 -05:00
in_house_apps.go Cloudfront signing for in-house apps (#37650) 2026-01-05 16:30:31 -05:00
installer.go add a new tool to upload installers to blob storage (#6661) 2022-07-14 16:11:52 -03:00
integrations.go Obfuscate calendar key (#38687) 2026-01-26 16:59:13 -07:00
invites.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
jobs.go Allow "not_before" timestamp for worker jobs, schedule more quickly (#11512) 2023-05-03 16:25:36 -04:00
labels.go Label validation not catching invalid platform (#39964) 2026-02-17 14:04:07 -04:00
labels_test.go Improved label(s) validation when running queries (#23834) 2024-11-21 16:13:30 -06:00
linux_mdm.go Add Linux encryption states to APIs (#23806) 2024-11-19 13:11:59 -07:00
live_query_store.go Improve performance when recording schedule query results (#38524) 2026-01-27 10:33:47 -06:00
logging.go
maintained_apps.go Detect UpgradeCodes when adding Windows FMA software, and persist them when the user adds that software; Fix recently introduced issue with list host software (#35876) 2025-11-26 17:00:03 -08:00
mdm.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
mdm_test.go Changes needed before gokit/log to slog transition. (#39527) 2026-02-11 10:08:33 -06:00
meta.go Add count to host upcoming activities API response (#16511) 2024-02-06 10:02:38 -06:00
microsoft_mdm.go Windows MDM app level impl (#38842) 2026-01-28 09:46:53 -05:00
microsoft_mdm_test.go handle non atomic windows profiles when sending and receiving (#38332) 2026-01-19 11:16:28 -05:00
network_interfaces.go
nudge.go Retime Nudge to 20:00 UTC (#23373) 2024-10-30 09:08:43 -05:00
operating_systems.go Added util func around semver to allow for custom preprocessing. Upgraded semver lib (#25437) 2025-01-23 10:21:15 -06:00
operating_systems_test.go Strip RSR suffixes prior to handing off OS version from Nudge check to Semver comparison (#22830) 2024-10-10 12:15:53 -05:00
orbit.go Add sticky MDM enrollment Redis key (#33935) 2025-10-09 11:22:44 -03:00
orbit_test.go Add arm64 support for fleetd extensions and fixes on test scripts (#31084) 2025-07-21 15:47:59 -03:00
osquery.go Add sticky MDM enrollment Redis key (#33935) 2025-10-09 11:22:44 -03:00
packs.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
packs_test.go Fix incorrect integer conversion (#10188) 2023-02-28 18:01:25 -08:00
policies.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
policies_test.go Add validation for policy specs (#13294) 2023-08-21 10:22:07 -06:00
queries.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
queries_test.go 15381 host query report api (#15441) 2023-12-11 15:33:31 -07:00
query_results.go
redis_pool.go Use a redis cluster-friendly store for rate limit (#2577) 2021-10-19 16:24:13 -04:00
request.go up distributed write request size (#40010) 2026-02-18 09:39:29 -05:00
scheduled_queries.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
scim.go Add support for IdP department to SCIM and add FLEET_VAR_HOST_END_USER_IDP_DEPARTMENT fleet variable (#30375) 2025-06-29 15:23:03 -03:00
scripts.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
scripts_test.go Allow use of bash as a script interpreter (#25449) 2025-02-04 12:42:40 -05:00
secret_variables.go Add backend APIs for adding, deleting and listing secret variables (#31936) 2025-08-14 19:33:47 -03:00
secret_variables_test.go Add backend APIs for adding, deleting and listing secret variables (#31936) 2025-08-14 19:33:47 -03:00
secrets.go Add secrets software script support (#24912) 2024-12-20 17:17:18 -05:00
service.go Activity bounded context: Complete read operations (#38555) 2026-02-09 15:29:12 -06:00
sessions.go Replace home-made SAML implementation with https://github.com/crewjam/saml (#28486) 2025-07-07 15:13:46 -03:00
sessions_test.go Change role of existing users only if SSO attributes are present in the SAMLResponse (#11966) 2023-05-30 17:49:59 -03:00
setup_experience.go Bugfix: use custom software title icon and display name in setup experience UI (#39223) 2026-02-03 14:56:16 -05:00
setup_experience_test.go Setup experience state machine (#22845) 2024-10-18 12:01:53 -04:00
software.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
software_browser_test.go Add support for VSCode fork extensions in software inventory (#33595) 2025-10-07 14:05:22 -07:00
software_installer.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
software_installer_test.go Add support for zip files as Windows FMAs (#36841) 2025-12-15 11:03:43 -06:00
software_test.go Compute, ingest, persist, and serve .app bundle executable hashes and paths (#38118) 2026-01-14 09:18:35 -08:00
software_title_icons.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
statistics.go Conditional access usage statistics (#39798) 2026-02-18 11:31:30 -05:00
targets.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
targets_test.go Optimize requests on packs page (#3327) 2021-12-13 21:50:24 -08:00
teams.go Add new Technician role (#39564) 2026-02-11 15:00:10 -03:00
teams_test.go Add "No Team" integration configurations for Jira and Zendesk (#32387) 2025-09-02 18:02:34 -05:00
traits.go Add support for downloading a list of hosts in CSV format (#4596) 2022-03-15 15:14:42 -04:00
translator.go Remove unneeded interfaces (#1779) 2021-08-24 18:49:56 -03:00
user_roles.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
users.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
users_test.go Cap salt length before concatenating with plaintext for password updates (#17068) 2024-02-28 11:16:02 -08:00
utils.go Hydrant CA Feature Branch (#31807) 2025-09-04 12:39:41 -04:00
utils_test.go Added util func around semver to allow for custom preprocessing. Upgraded semver lib (#25437) 2025-01-23 10:21:15 -06:00
vpp.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
vulnerabilities.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
windows_mdm.go Add renameto tags to prepare for deprecating team and query API params (#39847) 2026-02-17 10:00:59 -06:00
windows_mdm_test.go Allow <Atomic> windows profiles (#38272) 2026-01-14 14:44:47 -05:00
windows_updates.go Feature 7076: Ingest installed windows updates (#7138) 2022-08-26 14:55:03 -04:00
windows_updates_tests.go Feature 7076: Ingest installed windows updates (#7138) 2022-08-26 14:55:03 -04:00