From 21ffacf9f23ce1bfa69a6747d6650d70f961b5ca Mon Sep 17 00:00:00 2001 From: Wytze van der Raay Date: Wed, 10 Apr 2019 09:37:24 +0000 Subject: [PATCH] Fixes for https://bugs.cacert.org/view.php?id=1305: CAcert Class1 root certificate needs to be reissued with an updated CDP and a SHA-based signature. See the message thread preserved in https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/ for more information on the re-signed root certificates installed and enabled by this commit. --- pages/index/3.php | 43 +++++++++++++++++++++---------------------- www/cap.html.php | 12 ++++++------ www/cap.php | 14 +++++++++----- www/capnew.php | 18 +++++++++++------- www/coap.html.php | 10 +++++----- www/coapnew.php | 18 +++++++++++------- 6 files changed, 63 insertions(+), 52 deletions(-) diff --git a/pages/index/3.php b/pages/index/3.php index f060c8f..f99d64c 100644 --- a/pages/index/3.php +++ b/pages/index/3.php @@ -18,35 +18,24 @@

","")?>

-

- -

@@ -56,8 +45,16 @@
  • A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58
    • + + + /** + Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this. + + https://bugs.cacert.org/view.php?id=1305#c5784 + + **/

    -
    +    
     -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
@@ -74,6 +71,8 @@ Mch2LMZhK4h/SBIft5ROzVU=
 =R/pJ
 -----END PGP SIGNATURE-----
 
    
+
+
 
     -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
diff --git a/www/cap.html.php b/www/cap.html.php
index 3522f1c..df2f682 100644
--- a/www/cap.html.php
+++ b/www/cap.html.php
@@ -16,7 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
         loadem("index");
         showheader(_("Identity Verification Form (CAP) form"));
-	Version: $Id: cap.html.php,v 1.3 2015/01/08 15:02:40 wytze Exp $
+	Version: $Id: cap.html.php,v 1.4 2019/04/10 09:37:24 wytze Exp $
 */
 	echo '', "\n";
 	echo '', "\n";
@@ -38,18 +38,18 @@
 	echo '
    ', "\n";
 	echo ''._("Identity Verification Form (CAP) form").'
    ', "\n";
 	echo '
    ', "\n";
-	echo '
    '.'CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia -  http://www.cacert.org/
    ', "\n";
+	echo '
    '.'Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia  -  http://www.cacert.org/
    ', "\n";
 
-	echo '', "\n";
+	echo '
    ', "\n";
 	echo '', "\n";
 	echo '', "\n";
-	echo '    ', "\n";
-	echo '    ', "\n";
+	echo '    ', "\n";
+	echo '    ', "\n";
 	echo '', "\n";
 	echo '', "\n";
 	echo '    ', "\n";
-	echo '    ', "\n";
+	echo '    ', "\n";
 	echo '', "\n";
 	echo '', "\n";
 	echo '', "\n";
diff --git a/www/cap.php b/www/cap.php
index 40b269a..b189b18 100644
--- a/www/cap.php
+++ b/www/cap.php
@@ -48,14 +48,18 @@
 			$this->SetFont('Arial','I',8);
 			if($_SESSION['_config']['language'] == "ja")
 				$this->SetFont('SJIS','I',8);
-			$this->Cell(0,0,'CAcert Inc. - PO Box 66 - Oatley NSW 2223 -  Australia - http://www.CAcert.org',0,0,'C');
+			$this->Cell(0,0,'CAcert Inc. - Hangar 10 Airfield Avenue - Murwillumbah NSW 2484 -  Australia - http://www.CAcert.org',0,0,'C');
 			$this->Ln(3);
 			$this->SetFont('Arial','',6);
 			if($_SESSION['_config']['language'] == "ja")
 				$this->SetFont('SJIS','',6);
-			$this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints")).": A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B "._("and")." 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33",0,0,'C');
-			$this->SetLineWidth(0.05);
-			$this->Line(1, 43, $this->w - 1, 43);
+			$this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints"). _(" (since 2019)")),0,0,'C');
+			$this->ln(3);
+			$this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA1: root: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5 "._("and")." class3: A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0"),0,0,'C');
+			$this->ln(3);
+			$this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA256: root: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5 "._("and")." class3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544"),0,0,'C');
+			$this->SetLineWidth(0.05); // added 3 points to the abcissa 43 -> 46 to get second line fingerprints
+			$this->Line(1, 46, $this->w - 1, 46);
 			$this->SetLineWidth(0.2);
 		}
 
@@ -69,7 +73,7 @@
 				$date = date("Y-m-d");
 
 			// Show text blurb at top of page
-			$this->SetY(45);
+			$this->SetY(48); // added 3 points to the abcissa 45 -> 48 to get second line fingerprints
 			$this->SetFont('Arial','',10);
 			if($_SESSION['_config']['language'] == "ja")
 				$this->SetFont('SJIS','',10);
diff --git a/www/capnew.php b/www/capnew.php
index a57bde3..5a4dcae 100644
--- a/www/capnew.php
+++ b/www/capnew.php
@@ -17,8 +17,8 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-//   $Id: capnew.php,v 1.5 2015/01/08 15:02:40 wytze Exp $
-define('REV', '$Revision: 1.5 $');
+//   $Id: capnew.php,v 1.6 2019/04/10 09:37:24 wytze Exp $
+define('REV', '$Revision: 1.6 $');
 
 /*
 **  Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -297,7 +297,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
 define('LIME', '#C7FF00');  // RGB 199 255 0
 define('GREEN', '#00BE00'); // 0 190 0
 
-define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
+define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia');
 define('WEB', 'http://www.cacert.org');
 define('WIKI','http://wiki.cacert.org/wiki');
 define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@@ -311,9 +311,13 @@ define('ARBIT', WIKI.'/ArbitrationForum');
 define('CCA', 'CAcertCommunityAgreement'); // default policy to print
 define('POLICY','policy/'); // default polciy doc directory
 define('EXT','.html'); // default polciy doc extention, should be html
+/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
+define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
+define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
+/* finger print CAcert Root Key */  // not to use since 2019
 /* finger print CAcert Root Key */ // should obtain this automatically
-define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
-define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
+define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
+define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
 // next two are not used on the form
 define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
 define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@@ -387,7 +391,7 @@ function utf8_is_ascii_ctrl($str) {
 // extend TCPF with custom functions
 class CAPPDF extends TCPDF {
 
-    // do cap form version numbering automatically '$Revision: 1.5 $'
+    // do cap form version numbering automatically '$Revision: 1.6 $'
     /*public*/ function Version() {
 	strtok(REV, ' ');
         return(strtok(' '));
@@ -918,7 +922,7 @@ class CAPPDF extends TCPDF {
             $this->SetXY($savex,$savey);
 
             // sha1 fingerprint CAcert rootkeys class 1 and class 3
-            $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ', class 1: '. CLASS1_SHA1 . ', class 3: ' . CLASS3_SHA1;
+            $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints (since 2019)") ) . ', class 1: '. CLASS1_SHA256 . ', class 3: ' . CLASS3_SHA256;
             $this->Ln(3); $this->SetX($this->lMargin);
             $this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
             $this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);
diff --git a/www/coap.html.php b/www/coap.html.php
index fdc186e..1e050cf 100644
--- a/www/coap.html.php
+++ b/www/coap.html.php
@@ -14,7 +14,7 @@
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-        Version: $Id: coap.html.php,v 1.3 2015/01/08 15:02:41 wytze Exp $
+        Version: $Id: coap.html.php,v 1.4 2019/04/10 09:37:24 wytze Exp $
 */
 ?>
 
@@ -49,19 +49,19 @@ table#TAB1 td { border: 0 }
 	echo ''._("Organisation Information (COAP) form").'
    ', "\n";
 ?>
 
-
    CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - http://www.cacert.org
    
+
    Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia - http://www.cacert.org

    ', "\n";
 	echo '
    '._("CAcert's Root Certificate sha1 fingerprints").'class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33'._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5
    class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCEclass 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544
    
 
 
    '._("CAcert's Root Certificate sha1 fingerprints").'', "\n";
+	echo '    ', "\n";
 ?>
-    
+    
-    
+    
diff --git a/www/coapnew.php b/www/coapnew.php
index 832e397..baeb224 100644
--- a/www/coapnew.php
+++ b/www/coapnew.php
@@ -17,8 +17,8 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
-//   $Id: coapnew.php,v 1.5 2015/01/08 15:02:41 wytze Exp $
-define('REV', '$Revision: 1.5 $');
+//   $Id: coapnew.php,v 1.6 2019/04/10 09:37:24 wytze Exp $
+define('REV', '$Revision: 1.6 $');
 
 /*
 **  Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -332,7 +332,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
 define('LIME', '#C7FF00');  // RGB 199 255 0
 define('GREEN', '#00BE00'); // 0 190 0
 
-define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
+define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia ');
 define('WEB', 'http://www.cacert.org');
 define('WIKI','http://wiki.cacert.org/wiki');
 define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@@ -346,9 +346,13 @@ define('ARBIT', WIKI."/ArbitrationForum");
 define('CCA', "CAcertCommunityAgreement"); // default policy to print
 define('POLICY','policy/'); // default polciy doc directory
 define('EXT','.html'); // default polciy doc extention, should be html
+/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
+define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
+define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
+/* finger print CAcert Root Key */  // not to use since 2019
 /* finger print CAcert Root Key */ // should obtain this automatically
-define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
-define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
+define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
+define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
 // next two are not used on the form
 define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
 define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@@ -422,7 +426,7 @@ function utf8_is_ascii_ctrl($str) {
 // extend TCPF with custom functions
 class COAPPDF extends TCPDF {
 
-    // do cap form version numbering automatically "$Revision: 1.5 $"
+    // do cap form version numbering automatically "$Revision: 1.6 $"
     /*public*/ function Version() {
 	strtok(REV, " ");
         return(strtok(" "));
@@ -935,7 +939,7 @@ class COAPPDF extends TCPDF {
             $this->SetXY($savex,$savey);
 
             // sha1 fingerprint CAcert rootkeys class 1 and class 3
-            $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ", class 1: ". CLASS1_SHA1 . ", class 3: " . CLASS3_SHA1;
+            $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints") ) . ", class 1: ". CLASS1_SHA256 . ", class 3: " . CLASS3_SHA256;
             $this->Ln(3); $this->SetX($this->lMargin);
             $this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
             $this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);

    
 
 
    
 '._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5
 
    
 
    
     class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCEclass 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544