According to the notes in https://phpseclib.com/docs/x509 the signCRL() method previously set the signatureAlgorithm by default (sha1WithRSAEncryption), without specific request we now seem to be using SIGNATURE_PSS by default.
```
Note that whereas in the 1.0 and 2.0 branches, the signature algorithm was set by using an additional parameter in the sign method (or signCSR, signCRL, etc) in this case it's set based on the key. So if you want to create an rsaEncryption X509 cert you'd need to do $publicKey = $publicKey->withHashing(RSA::SIGNATURE_PKCS1) since, by default, RSA keys use RSA::SIGNATURE_PSS.
```
This commit implements the suggested approach to revert the default hashing back to what it was, which at least generates CRL's and is properly handled in validateSignature().
Most likely this fixes https://forum.opnsense.org/index.php?topic=30164.msg145633#msg145633
cc @swhite2
Our current default of 9999 days will calculate to a date in 2050, we could either choose to cap on 20491231 here or set to lifetime, the latter seems to be more logical when the number of days is higher than a couple of years.
fix a small php 8 notice as well in the same scope.
noted here https://forum.opnsense.org/index.php?topic=30164.msg145665#msg145665
Currently this doesn't work (yet), likely needs https://reviews.freebsd.org/D35848 so vlanproto can be set after the interface creation phase (now it's only possible to set proto there).
If `ifconfig XXXX vlanproto 802.1ad` sets the property, we do need this code to make sure we set these on QinQ parent vlan tags. As a workaround we could pass proto in legacy_interface_create() as well to make this (only) work on boot, but looking at the upstream fix, this might be something easy to pull in the near future.
for https://github.com/opnsense/core/issues/5893
About _stf move it back to pattern in order to automate some of
this pattern stuff later. Something like 'carp' or 'plip' etc.
might move to core definition as well since these are basic interfaces
we do not want to expose.
list_devices() shouldn't change in the way it's generated
pre- or post-write so just us a pre-write invoke to get the
list of assignable devices.
Not completely true for weird WLAN case with the parent
assignment but sooner or later we will be able to get rid
of that as well.
o add basic workflow (start/stop/list)
o basic configd actions + implementation in capture.py script
o grid without actions to show current capture jobs
Removes them from get_interface_list() and shows their description
on the assignments page. It's already in the interface name but
we should adhere to consistency in the select box.
