Merge branch 'main' into fix-email-address-maintenance-bug-1543

pull/2/head
Jan Dittberner 4 weeks ago
commit 66daeb6fcd

11
.gitignore vendored

@ -5,3 +5,14 @@
# Ignore file with the account data
/password.dat
/CommModule/*-active
/CommModule/logfile*txt
/CommModule/nohup.out
/CommModule/serialserver.conf
/crt/
/csr/
/locale/cv
/pages/index/feed.rss
/www/*.crl
/www/*.crl.patch

@ -12,7 +12,7 @@ use File::CounterFile;
use Time::HiRes q(usleep);
use IPC::Open3;
use File::Copy;
use Digest::SHA1 qw(sha1_hex);
use Digest::SHA qw(sha1_hex);
#Protocol version:
my $ver=1;

@ -120,7 +120,7 @@ class HashAlgorithms {
return array(
'sha256' => array(
'name' => 'SHA-256',
'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
'info' => '',
),
'sha384' => array(
'name' => 'SHA-384',
@ -128,7 +128,7 @@ class HashAlgorithms {
),
'sha512' => array(
'name' => 'SHA-512',
'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
'info' => '',
),
);
}

@ -1,8 +1,6 @@
<div class="sponsorinfo">
<?=_("CAcert operations are sponsored by")?>
<a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a>
<a href="http://www.tunix.nl/" target="_blank"><img class="sponsorlogo" src="/images/tunix.png" alt="[TUNIX logo]" border="0"></a>
<a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a>
<a href="http://www.openarchitecturenetwork.org/" target="_blank"><img class="sponsorlogo" src="/images/oan.png" alt="[OAN logo]" border="0"></a>
</div>

@ -1,102 +0,0 @@
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
typedef unsigned char uchar;
typedef struct{char * nm; int v;} vp;
vp vpl[] = {
{"nbsp", 160}, {"lt",0x3c}, {"amp", 38},
{"eacute", 233}, {"egrave", 232}, {"ouml", 246},
{"alpha", 0x3b1}, {"beta", 0x3b2}, {"gamma", 0x3b3},
{"delta", 0x3b4}, {"Delta", 0x394},
{"sigma", 0x3c3}, {"Sigma", 0x3a3},
{"epsilon", 0x3b5}, {"zeta", 0x3b6},
{"theta", 0x3b8}, {"mu", 0x3bc},
{"phi", 0x3c6},
{"omega", 0x3c9},
{"lambda", 0x3bb}, {"rho", 0x3c1},
{"pi", 0x3c0}, {"Pi", 0x3a0},
{"ndash", 0x2013}, {"mdash", 0x2014},
{"and", 8743}, {"rarr", 8594}, {"forall", 0x2200},
{"sum", 8721}};
int cc = 0; // count of conversions.
static void Utf(int m, uint a){
if (a & m) {Utf(m>>1, a>>6); putchar(128 | a & 63);}
else putchar((m<<1)&255 | a);}
static void utf8(uint a){
if(a == '<') printf("%s", "&lt;");
else if(a == '&') printf("%s", "&amp;");
else if(a & -128) {++cc;
Utf(-32, a>>6); putchar(128 | a & 63);} else putchar(a);}
char * em[] = {"", "tag", "quoted string", "utf", "character ref"};
int lc = 1, cil = 0, tcc=0;
char gc(int x){char c = getchar();
if(c == EOF && feof(stdin)) {
if(x) fprintf(stderr, "file ended in %s\n", em[x]);
fprintf(stderr, "Converted %d characters\n", cc);
exit(0);}
if(c == 10 || c == 13) {tcc += cil; cil = 0; ++lc;}
++cil; return c;}
void loc(){fprintf(stderr, "Ending at byte %d of line %d,"
"(or 0x%x in file):\n", cil, lc, tcc+cil);}
char gx(){char c = gc(3); if ((c&0xc0) != 0x80)
{loc(); fprintf(stderr, "Bad utf8 extension byte: %02X\n", c);}
return c;}
int main(int argc, char * * args){
int bk = argc == 2;
while(1){
int vx(int x){if((x & 0xffffffe0) == 0x80){
if(x == 150) return 8211;
if(x == 151) return 8212;
loc(); fprintf(stderr, "Invalid character: 0x%x=%d\n", x, x);}
return x;}
uchar c = gc(0);
if(c == '<'){putchar(c); while(1){char c = gc(1);
if(c == '"'){putchar(c); while(1){char c = gc(2);
if(c == '"'){putchar(c); break;}
else putchar(c);}}
else if(c == '>'){putchar(c); break;}
else putchar(c);}}
else if(bk && c > 127){int v=0, sc=0, C=c;
while(C&0x40){C <<=1; v = (v<<6) | gx() & 0x3f; ++sc;}
{int uc = vx(v | (0x3f>>sc & (int)c) << 6*sc);
{int k = sizeof(vpl)/sizeof(vp);
while(k--) if(uc == vpl[k].v)
{printf("&%s;", vpl[k].nm); goto end;}}
printf("&#x%x;", uc);}
end: ++cc;}
else if(!bk && c == '&') {char c = gc(4);
int gs(char c, int r){
int vd(char c){if('0' <= c && c <= '9') return c - '0';
{char lc = tolower(c);
if(r == 16 && 'a' <= lc && lc <= 'f') return lc - 'a' + 10;
loc();
fprintf(stderr, "Invalid digit folowing \"&#\" construct.");
exit(0);
return 0;}}
int k = vd(c);
while(1){char c = gc(4); if(c == ';') return k;
k = r*k + vd(c);}}
if(c == '#') {char c = gc(4);
utf8(vx(c == 'x' || c == 'X' ? gs('0', 16) : gs(c, 10)));}
else {int k = sizeof(vpl)/sizeof(vp);
char st[10]; st[0] = c;
{int n; for(n=1; n<10; ++n) {char c = gc(4);
if(c == ';') goto e1;
if(!isalpha(c)) break;
st[n] = c;}
loc(); fprintf(stderr, "%s reference\n",
n>10?"Verbose":"Invalid");
continue;
e1: st[n] = 0;
// loc(); fprintf(stderr, "string is <%s>.\n", st);
while(k--) if(!strcmp(st, vpl[k].nm)) {
utf8(vpl[k].v); break;}
if(k<0) {loc();
fprintf(stderr, "Unrecognized reference: &%s;\n", st);}}}}
else if(c > 127) {loc(); fprintf(stderr, "Non ASCII char.\n");}
else putchar(c);
}
return 0;
}

@ -26,171 +26,147 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
</tr>
<h4><?= _("There is a new method for generating a CSR for this page.") ?></h5>
<p><?= _("It is completely described in https://wiki.cacert.org/TutorialsHowto/Generate-new-CSR, which you should follow. At the point where it says \"Copy CSR to Clipboard\" do that and come back to this page and paste the result into the textbox at the bottom of this page.") ?></p>
<p><a href='https://community.cacert.org/clientcert' target=_blank ><?= _("Here is a link to that procedure. It will open in a new tab.") ?></a></p>
<?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
$res = mysql_query($query);
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
<? }
if($_SESSION['profile']['points'] >= 50)
{
$fname = $_SESSION['profile']['fname'];
$mname = $_SESSION['profile']['mname'];
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked" />
<label for="incname0"><?=_("No Name")?></label><br />
<? if($fname && $lname) { ?>
<input type="radio" id="incname1" name="incname" value="1" />
<label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br />
<? } ?>
<? if($fname && $mname && $lname) { ?>
<input type="radio" id="incname2" name="incname" value="2" />
<label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br />
<? } ?>
<? if($fname && $lname && $suffix) { ?>
<input type="radio" id="incname3" name="incname" value="3" />
<label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br />
<? } ?>
<? if($fname && $mname && $lname && $suffix) { ?>
<input type="radio" id="incname4" name="incname" value="4" />
<label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br />
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
</tr>
<?
$query = "select * from `email` where `memid`='" . intval($_SESSION[ 'profile' ][ 'id' ] ) . "' and `deleted`=0 and `hash`=''";
$res = mysql_query($query );
while ($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id']) ?>" name="addid[]" value="<?=intval($row['id']) ?>"></td>
<td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
<? }
if ($_SESSION[ 'profile' ][ 'points' ] >= 50 )
{
$fname = $_SESSION[ 'profile' ][ 'fname' ];
$mname = $_SESSION[ 'profile' ][ 'mname' ];
$lname = $_SESSION[ 'profile' ][ 'lname' ];
$suffix = $_SESSION[ 'profile' ][ 'suffix' ];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked"/>
<label for="incname0"><?= _("No Name") ?></label><br/>
<? if ($fname && $lname ) { ?>
<input type="radio" id="incname1" name="incname" value="1"/>
<label for="incname1"><?= _("Include") ?> '<?= $fname . " " . $lname ?>'</label><br/>
<? } ?>
<? if ($fname && $mname && $lname ) { ?>
<input type="radio" id="incname2" name="incname" value="2"/>
<label for="incname2"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname ?> '</label><br/>
<? } ?>
<? if ($fname && $lname && $suffix ) { ?>
<input type="radio" id="incname3" name="incname" value="3"/>
<label for="incname3"><?= _("Include") ?> '<?= $fname . " " . $lname . " " . $suffix ?> '</label><br/>
<? } ?>
<? if ($fname && $mname && $lname && $suffix ) { ?>
<input type="radio" id="incname4" name="incname" value="4"/>
<label for="incname4"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname . " " . $suffix ?>'</label><br/>
<? } ?>
</td>
</tr>
<? } ?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td>
<td class="DataTD" align="left">
<label for="login"><?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="text" id="description" name="description" maxlength="100" size="100" />
</td>
</tr>
<tr name="expertoff" style="display:none">
<td class="DataTD">
<input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
</td>
<td class="DataTD" align="left">
<label for="expertbox"><?=_("Show advanced options")?></label>
</td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked"/>
</td>
<td class="DataTD" align="left">
<label for="login"><?= _("Enable certificate login with this certificate") ?><br/>
<?= _("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?= _("Optional comment, only used in the certificate overview") ?></label><br/>
<input type="text" id="description" name="description" maxlength="100" size="100"/>
</td>
</tr>
<?
if($_SESSION['profile']['points'] >= 50)
{
?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
<?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
<?
}
if($_SESSION['profile']['points'] >= 50)
{
?>
</td>
</tr>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="codesign" name="codesign" value="1" />
</td>
<td class="DataTD" align="left">
<label for="codesign"><?=_("Code Signing")?><br />
<?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked"/> <label for="root2"><?= _("Sign by class 3 root certificate") ?></label><br/>
<?= str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125 ) ) ?>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1" />
</td>
<td class="DataTD" align="left">
<label for="SSO"><?=_("Add Single Sign On ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label>
</td>
</tr>
<tr name="expert">
<td class="DataTD" colspan="2">
<label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br />
<textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
</td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" id="CCA" name="CCA" />
</td>
<td class="DataTD" align="left">
<label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please note: You need to accept the CCA to proceed.")?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?=$id?>" />
</form>
<tr>
<td class="DataTD" colspan="2" align="left">
<?= _("Hash algorithm used when signing the certificate:") ?><br/>
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info ) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?= $algorithm ?>" <?= (HashAlgorithms::$default === $algorithm) ? 'checked="checked"' : '' ?> />
<label for="hash_alg_<?= $algorithm ?>"><?= $display_info[ 'name' ] ?><?= $display_info[ 'info' ] ? ' - ' . $display_info[ 'info' ] : '' ?></label><br/>
<?
}
?>
</td>
</tr>
<? if ($_SESSION[ 'profile' ][ 'points' ] >= 100 && $_SESSION[ 'profile' ][ 'codesign' ] > 0 ) { ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="codesign" name="codesign" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="codesign"><?= _("Code Signing") ?><br/>
<?= _("Please note: By ticking this box you will automatically have your name included in the certificate.") ?></label>
</td>
</tr>
<? } ?>
<script language="javascript">
function showExpert(a)
{
b=document.getElementsByName("expert");
for(i=0;b.length>i;i++)
{
if(!a) {b[i].setAttribute("style","display:none"); }
else {b[i].removeAttribute("style");}
}
b=document.getElementsByName("expertoff");
for(i=0;b.length>i;i++)
{
b[i].removeAttribute("style");
}
}
showExpert(false);
</script>
<tr>
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="SSO"><?= _("Add Single Sign On ID Information") ?><br/>
<?= str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125 ) ) ?>
<a href="http://wiki.cacert.org/wiki/SSO"><?= _("SSO WIKI Entry") ?></a></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2">
<label for="optionalCSR"><?= _("Optional Client CSR, no information on the certificate will be used") ?></label><br/>
<textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
</td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" id="CCA" name="CCA"/>
</td>
<td class="DataTD" align="left">
<label for="CCA"><strong><?= sprintf(_("I accept the CAcert Community Agreement (%s)."), "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>") ?></strong><br/>
<?= _("Please note: You need to accept the CCA to proceed.") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?= _("Next") ?>"/></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?= $id ?>"/>
</form>

@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

@ -0,0 +1,132 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1368616 (0x14e228)
Signature Algorithm: sha512WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
Not Before: Apr 19 12:18:30 2021 GMT
Not After : Apr 17 12:18:30 2031 GMT
Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
05:fb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Authority Information Access:
OCSP - URI:http://ocsp.CAcert.org/
CA Issuers - URI:http://www.CAcert.org/class3.crt
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.18506.2.3.1
CPS: http://www.CAcert.org/cps.php
X509v3 CRL Distribution Points:
Full Name:
URI:https://www.cacert.org/class3.crl
Signature Algorithm: sha512WithRSAEncryption
c6:1e:ad:77:5c:b4:28:9b:d1:c8:8d:44:12:c0:bd:76:76:04:
83:21:07:f8:11:82:7f:6b:c1:95:42:c0:38:11:b5:25:70:8d:
8b:0c:c1:d5:6c:fd:1c:1a:03:7c:8b:f8:06:31:a5:9d:de:41:
29:d4:8b:9b:84:d7:3d:c1:37:86:71:a3:1f:5b:61:29:1e:5d:
77:7d:bb:f0:ad:b9:15:19:13:14:e6:35:80:ff:a6:19:b4:37:
85:94:41:e8:88:c3:5f:e0:b2:06:a4:bb:f8:40:a9:1d:39:ac:
ed:ea:3f:98:04:4d:f9:8c:f9:47:79:73:52:f5:ec:df:34:97:
fb:3e:77:e0:dc:d1:83:88:ba:88:73:47:5a:a6:a4:15:c4:0d:
70:0d:0f:9e:4b:13:07:7e:ef:18:3e:f9:a5:01:aa:79:29:b1:
e7:52:fa:53:3a:c8:a6:7f:b6:ef:89:a1:b1:a1:4d:2f:ce:63:
85:7f:a5:2a:e9:3b:d4:c1:a3:cf:0a:13:85:bb:99:d7:9c:66:
90:84:e7:66:d4:50:b3:a1:e1:2d:22:2a:25:68:c3:20:b2:2b:
c4:ba:98:1d:e8:4a:ef:5c:58:c2:b4:4d:84:56:f7:4e:bb:16:
68:42:6c:92:b8:6f:78:cd:0e:b3:fb:ef:a0:b3:64:87:f2:f7:
88:44:39:fc:b9:e6:2c:c0:98:24:d4:40:2c:5e:c8:ee:0b:1d:
b8:02:4d:26:b8:0a:18:c6:2f:1e:4b:75:6e:8f:2e:21:73:bc:
c2:03:55:ee:aa:14:e0:9a:1a:07:53:0b:df:44:14:a8:67:05:
af:44:c8:d3:a1:45:76:02:b6:7f:0c:b9:86:e9:4f:c6:6e:b0:
bb:15:b4:bf:e8:80:b5:76:31:fe:64:64:c1:0a:58:6d:c5:50:
b6:b2:03:bf:1d:42:4f:59:39:d1:c4:31:8b:e8:c8:2a:39:1c:
15:61:f0:de:40:68:0e:70:a8:b3:4f:ee:91:e8:0f:4f:b6:90:
9e:4d:80:6c:be:1c:ee:70:a4:b8:07:04:2b:0d:41:02:54:84:
4e:47:ea:8b:96:ed:76:58:61:e7:c3:21:7b:06:6f:d4:b7:0b:
e7:34:32:83:cc:35:a6:e7:25:4f:7c:17:42:fc:bc:57:03:c6:
9f:42:7f:98:60:f8:80:b2:d9:f6:b1:9c:1c:35:04:0a:89:31:
16:85:a4:fa:ee:4c:09:c5:6a:98:66:ec:c8:6e:2a:e6:cb:92:
dc:23:6c:96:c1:d4:45:f3:3c:6d:02:b8:a0:bb:c7:47:c2:c2:
1c:40:4c:45:c7:45:06:7f:3b:71:2b:ce:2b:a7:81:d6:47:46:
28:b0:3c:ca:65:f1:66:9f
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc.
Copyright (C) 2004-2023 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -17,21 +17,10 @@
*/
if(array_key_exists('iagree',$_REQUEST) && $_REQUEST['iagree'] == "yes")
{
$output_file = $fname = readlink("../tarballs/current.tar.bz2");
header('Pragma: public');
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header('Content-Transfer-Encoding: none');
header('Content-Type: application/octetstream; name="' . $output_file . '"'); //This should work for IE & Opera
header('Content-Type: application/octet-stream; name="' . $output_file . '"'); //This should work for the rest
header('Content-Disposition: inline; filename="' . $output_file . '"');
header("Content-length: ".intval(filesize($_SESSION['_config']['filepath']."/tarballs/$fname")));
readfile($_SESSION['_config']['filepath']."/tarballs/$fname");
header('Location: https://code.cacert.org/cacert/cacert-webdb/archive/main.tar.gz', TRUE, 302);
exit;
}
loadem("index");
showheader(_("CAcert Source License"));
?>

Loading…
Cancel
Save