cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Fixes for https://bugs.cacert.org/view.php?id=1305:

Browse source 
CAcert Class1 root certificate needs to be reissued with
an updated CDP and a SHA-based signature.
See the message thread preserved in
https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/
for more information on the re-signed root certificates
installed and enabled by this commit.
This commit is contained in:
Wytze van der Raay 2019-04-10 09:37:24 +00:00
parent 62a2d72a07
commit 21ffacf9f2
6 changed files with 63 additions and 52 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
pages/index/3.php
View file

@ -18,35 +18,24 @@
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
<h3><?=_("Windows Installer") ?></h3>
<ul class="no_indent">
<li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li>
<li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li>
<li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li>
</ul>
<h3><?=_("Class 1 PKI Key")?></h3>
<ul class="no_indent">
<li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
<li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li>
<li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li>
<li><a href="certs/root_X0F.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
<li><a href="certs/root_X0F.der"><?=_("Root Certificate (DER Format)")?></a></li>
<li><a href="certs/root_X0F.txt"><?=_("Root Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li>
<li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li>
<li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li>
<li><?=_("SHA256 fingerprint:")?> 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li>
<li><?=_("SHA1 fingerprint:")?> DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li>
</ul>
<h3><?=_("Class 3 PKI Key")?></h3>
<ul class="no_indent">
<li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
<li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
<li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
<li><a href="certs/class3_X0E.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
<li><a href="certs/class3_X0E.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
<li><a href="certs/class3_X0E.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li>
<?php /*
class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project
https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
*/ ?>
<li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li>
<li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li>
<li><?=_("SHA256 fingerprint:")?> F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</li>
<li><?=_("SHA1 fingerprint:")?> A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0</li>
</ul>
<h3><?=_("GPG Key")?></h3>
@ -56,8 +45,16 @@
<li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li>
</ul>
<?php if ( false ) { ?>
/**
Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this.
https://bugs.cacert.org/view.php?id=1305#c5784
**/
<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4>
<pre>
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
@ -74,6 +71,8 @@ Mch2LMZhK4h/SBIft5ROzVU=
=R/pJ
-----END PGP SIGNATURE-----
</pre>
<?php } ?>
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

12
www/cap.html.php
View file

@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
loadem("index");
showheader(_("Identity Verification Form (CAP) form"));
Version: $Id: cap.html.php,v 1.3 2015/01/08 15:02:40 wytze Exp $
Version: $Id: cap.html.php,v 1.4 2019/04/10 09:37:24 wytze Exp $
*/
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">', "\n";
echo '<html>', "\n";
@ -38,18 +38,18 @@
echo '<div style="text-align: right;">', "\n";
echo '<big><big><span style="font-weight: bold;">'._("Identity Verification Form (CAP) form").'</span></big></big><br>', "\n";
echo '</div>', "\n";
echo '<div style="text-align: right;">'.'CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - <a href="http://www.cacert.org/"> http://www.cacert.org/</a><br></div>', "\n";
echo '<div style="text-align: right;">'.'Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia - <a href="http://www.cacert.org/"> http://www.cacert.org/</a><br></div>', "\n";
echo '<table border=1 cellspacing="0" cellpadding="0" bordercolor="lightblue" cellpadding="0" cellspacing="0" width="100%" style="color: white; background-color: rgb(112, 154, 186);" rules="groups">', "\n";
echo '<table border=1 cellspacing="0" cellpadding="0" bordercolor="lightblue" width="100%" style="color: white; background-color: rgb(112, 154, 186);" rules="groups">', "\n";
echo '<tbody>', "\n";
echo '<tr><td>', "\n";
echo '<tr>', "\n";
echo ' <td align="left"><font size=-7>'._("CAcert's Root Certificate sha1 fingerprints").'</font></td>', "\n";
echo ' <td align="right"><font size=-7>class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33</font></td>', "\n";
echo ' <td align="left"><font size=-7>'._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'</font></td>', "\n";
echo ' <td align="right"><font size=-7>class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</font></td>', "\n";
echo '</tr>', "\n";
echo '<tr>', "\n";
echo ' <td></td>', "\n";
echo ' <td align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>', "\n";
echo ' <td align="right"><font size=-7>class 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</font></td>', "\n";
echo '<tr>', "\n";
echo '</font>', "\n";
echo '</td>', "\n";

14
www/cap.php
View file

@ -48,14 +48,18 @@
$this->SetFont('Arial','I',8);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','I',8);
$this->Cell(0,0,'CAcert Inc. - PO Box 66 - Oatley NSW 2223 - Australia - http://www.CAcert.org',0,0,'C');
$this->Cell(0,0,'CAcert Inc. - Hangar 10 Airfield Avenue - Murwillumbah NSW 2484 - Australia - http://www.CAcert.org',0,0,'C');
$this->Ln(3);
$this->SetFont('Arial','',6);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','',6);
$this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints")).": A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B "._("and")." 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33",0,0,'C');
$this->SetLineWidth(0.05);
$this->Line(1, 43, $this->w - 1, 43);
$this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints"). _(" (since 2019)")),0,0,'C');
$this->ln(3);
$this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA1: root: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5 "._("and")." class3: A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0"),0,0,'C');
$this->ln(3);
$this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA256: root: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5 "._("and")." class3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544"),0,0,'C');
$this->SetLineWidth(0.05); // added 3 points to the abcissa 43 -> 46 to get second line fingerprints
$this->Line(1, 46, $this->w - 1, 46);
$this->SetLineWidth(0.2);
}
@ -69,7 +73,7 @@
$date = date("Y-m-d");
// Show text blurb at top of page
$this->SetY(45);
$this->SetY(48); // added 3 points to the abcissa 45 -> 48 to get second line fingerprints
$this->SetFont('Arial','',10);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','',10);

18
www/capnew.php
View file

@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: capnew.php,v 1.5 2015/01/08 15:02:40 wytze Exp $
define('REV', '$Revision: 1.5 $');
// $Id: capnew.php,v 1.6 2019/04/10 09:37:24 wytze Exp $
define('REV', '$Revision: 1.6 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@ -297,7 +297,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
define('LIME', '#C7FF00'); // RGB 199 255 0
define('GREEN', '#00BE00'); // 0 190 0
define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia');
define('WEB', 'http://www.cacert.org');
define('WIKI','http://wiki.cacert.org/wiki');
define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@ -311,9 +311,13 @@ define('ARBIT', WIKI.'/ArbitrationForum');
define('CCA', 'CAcertCommunityAgreement'); // default policy to print
define('POLICY','policy/'); // default polciy doc directory
define('EXT','.html'); // default polciy doc extention, should be html
/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
/* finger print CAcert Root Key */ // not to use since 2019
/* finger print CAcert Root Key */ // should obtain this automatically
define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
// next two are not used on the form
define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@ -387,7 +391,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class CAPPDF extends TCPDF {
// do cap form version numbering automatically '$Revision: 1.5 $'
// do cap form version numbering automatically '$Revision: 1.6 $'
/*public*/ function Version() {
strtok(REV, ' ');
return(strtok(' '));
@ -918,7 +922,7 @@ class CAPPDF extends TCPDF {
$this->SetXY($savex,$savey);
// sha1 fingerprint CAcert rootkeys class 1 and class 3
$strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ', class 1: '. CLASS1_SHA1 . ', class 3: ' . CLASS3_SHA1;
$strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints (since 2019)") ) . ', class 1: '. CLASS1_SHA256 . ', class 3: ' . CLASS3_SHA256;
$this->Ln(3); $this->SetX($this->lMargin);
$this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
$this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);

10
www/coap.html.php
View file

@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Version: $Id: coap.html.php,v 1.3 2015/01/08 15:02:41 wytze Exp $
Version: $Id: coap.html.php,v 1.4 2019/04/10 09:37:24 wytze Exp $
*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
@ -49,19 +49,19 @@ table#TAB1 td { border: 0 }
echo '<big><big><span style="font-weight: bold;">'._("Organisation Information (COAP) form").'</span></big></big><br>', "\n";
?>
</div>
<div style="text-align: right;">CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - <a href="http://www.cacert.org/">http://www.cacert.org</a><br></div>
<div style="text-align: right;">Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia - <a href="http://www.cacert.org/">http://www.cacert.org</a><br></div>
<br>
<table style="border-bottom: solid; border-color: rgb(17, 86, 140)" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<?php
echo ' <td border=0 align="left"><font size=-7>'._("CAcert's Root Certificate sha1 fingerprints").'</font></td>', "\n";
echo ' <td border=0 align="left"><font size=-7>'._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'</font></td>', "\n";
?>
<td border=0 align="right"><font size=-7>class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33</font></td>
<td border=0 align="right"><font size=-7>class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</font></td>
</tr>
<tr>
<td border=0></td>
<td border=0 align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>
<td border=0 align="right"><font size=-7>class 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</font></td>
<tr>
</font>
</td>

18
www/coapnew.php
View file

@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
// $Id: coapnew.php,v 1.5 2015/01/08 15:02:41 wytze Exp $
define('REV', '$Revision: 1.5 $');
// $Id: coapnew.php,v 1.6 2019/04/10 09:37:24 wytze Exp $
define('REV', '$Revision: 1.6 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@ -332,7 +332,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
define('LIME', '#C7FF00'); // RGB 199 255 0
define('GREEN', '#00BE00'); // 0 190 0
define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia ');
define('WEB', 'http://www.cacert.org');
define('WIKI','http://wiki.cacert.org/wiki');
define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@ -346,9 +346,13 @@ define('ARBIT', WIKI."/ArbitrationForum");
define('CCA', "CAcertCommunityAgreement"); // default policy to print
define('POLICY','policy/'); // default polciy doc directory
define('EXT','.html'); // default polciy doc extention, should be html
/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
/* finger print CAcert Root Key */ // not to use since 2019
/* finger print CAcert Root Key */ // should obtain this automatically
define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
// next two are not used on the form
define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@ -422,7 +426,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class COAPPDF extends TCPDF {
// do cap form version numbering automatically "$Revision: 1.5 $"
// do cap form version numbering automatically "$Revision: 1.6 $"
/*public*/ function Version() {
strtok(REV, " ");
return(strtok(" "));
@ -935,7 +939,7 @@ class COAPPDF extends TCPDF {
$this->SetXY($savex,$savey);
// sha1 fingerprint CAcert rootkeys class 1 and class 3
$strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ", class 1: ". CLASS1_SHA1 . ", class 3: " . CLASS3_SHA1;
$strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints") ) . ", class 1: ". CLASS1_SHA256 . ", class 3: " . CLASS3_SHA256;
$this->Ln(3); $this->SetX($this->lMargin);
$this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
$this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);