cacert/cacert-webdb
9
0
Fork 0
Code Issues Pull requests 3 Projects Releases 4 Wiki Activity

Merge branch 'main' into fix-email-address-maintenance-bug-1543

Browse source
This commit is contained in:
Jan Dittberner 2024-05-20 10:34:13 +00:00
commit 66daeb6fcd
10 changed files with 320 additions and 279 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.gitignore vendored
View file

@ -5,3 +5,14 @@
# Ignore file with the account data # Ignore file with the account data
/password.dat /password.dat
/CommModule/*-active
/CommModule/logfile*txt
/CommModule/nohup.out
/CommModule/serialserver.conf
/crt/
/csr/
/locale/cv
/pages/index/feed.rss
/www/*.crl
/www/*.crl.patch

2
CommModule/server.pl
View file

@ -12,7 +12,7 @@ use File::CounterFile;
use Time::HiRes q(usleep); use Time::HiRes q(usleep);
use IPC::Open3; use IPC::Open3;
use File::Copy; use File::Copy;
use Digest::SHA1 qw(sha1_hex); use Digest::SHA qw(sha1_hex);
#Protocol version: #Protocol version:
my $ver=1; my $ver=1;

4
includes/lib/account.php
View file

@ -120,7 +120,7 @@ class HashAlgorithms {
return array( return array(
'sha256' => array( 'sha256' => array(
'name' => 'SHA-256', 'name' => 'SHA-256',
'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'), 'info' => '',
), ),
'sha384' => array( 'sha384' => array(
'name' => 'SHA-384', 'name' => 'SHA-384',
@ -128,7 +128,7 @@ class HashAlgorithms {
), ),
'sha512' => array( 'sha512' => array(
'name' => 'SHA-512', 'name' => 'SHA-512',
'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'), 'info' => '',
), ),
); );
} }

2
includes/sponsorinfo.php
View file

@ -1,8 +1,6 @@
<div class="sponsorinfo"> <div class="sponsorinfo">
<?=_("CAcert operations are sponsored by")?> <?=_("CAcert operations are sponsored by")?>
<a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a> <a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a>
<a href="http://www.tunix.nl/" target="_blank"><img class="sponsorlogo" src="/images/tunix.png" alt="[TUNIX logo]" border="0"></a>
<a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a> <a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a>
<a href="http://www.openarchitecturenetwork.org/" target="_blank"><img class="sponsorlogo" src="/images/oan.png" alt="[OAN logo]" border="0"></a>
</div> </div>

102
locale/cv.c
View file

@ -1,102 +0,0 @@
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
typedef unsigned char uchar;
typedef struct{char * nm; int v;} vp;
vp vpl[] = {
{"nbsp", 160}, {"lt",0x3c}, {"amp", 38},
{"eacute", 233}, {"egrave", 232}, {"ouml", 246},
{"alpha", 0x3b1}, {"beta", 0x3b2}, {"gamma", 0x3b3},
{"delta", 0x3b4}, {"Delta", 0x394},
{"sigma", 0x3c3}, {"Sigma", 0x3a3},
{"epsilon", 0x3b5}, {"zeta", 0x3b6},
{"theta", 0x3b8}, {"mu", 0x3bc},
{"phi", 0x3c6},
{"omega", 0x3c9},
{"lambda", 0x3bb}, {"rho", 0x3c1},
{"pi", 0x3c0}, {"Pi", 0x3a0},
{"ndash", 0x2013}, {"mdash", 0x2014},
{"and", 8743}, {"rarr", 8594}, {"forall", 0x2200},
{"sum", 8721}};
int cc = 0; // count of conversions.
static void Utf(int m, uint a){
if (a & m) {Utf(m>>1, a>>6); putchar(128 | a & 63);}
else putchar((m<<1)&255 | a);}
static void utf8(uint a){
if(a == '<') printf("%s", "&lt;");
else if(a == '&') printf("%s", "&amp;");
else if(a & -128) {++cc;
Utf(-32, a>>6); putchar(128 | a & 63);} else putchar(a);}
char * em[] = {"", "tag", "quoted string", "utf", "character ref"};
int lc = 1, cil = 0, tcc=0;
char gc(int x){char c = getchar();
if(c == EOF && feof(stdin)) {
if(x) fprintf(stderr, "file ended in %s\n", em[x]);
fprintf(stderr, "Converted %d characters\n", cc);
exit(0);}
if(c == 10 || c == 13) {tcc += cil; cil = 0; ++lc;}
++cil; return c;}
void loc(){fprintf(stderr, "Ending at byte %d of line %d,"
"(or 0x%x in file):\n", cil, lc, tcc+cil);}
char gx(){char c = gc(3); if ((c&0xc0) != 0x80)
{loc(); fprintf(stderr, "Bad utf8 extension byte: %02X\n", c);}
return c;}
int main(int argc, char * * args){
int bk = argc == 2;
while(1){
int vx(int x){if((x & 0xffffffe0) == 0x80){
if(x == 150) return 8211;
if(x == 151) return 8212;
loc(); fprintf(stderr, "Invalid character: 0x%x=%d\n", x, x);}
return x;}
uchar c = gc(0);
if(c == '<'){putchar(c); while(1){char c = gc(1);
if(c == '"'){putchar(c); while(1){char c = gc(2);
if(c == '"'){putchar(c); break;}
else putchar(c);}}
else if(c == '>'){putchar(c); break;}
else putchar(c);}}
else if(bk && c > 127){int v=0, sc=0, C=c;
while(C&0x40){C <<=1; v = (v<<6) | gx() & 0x3f; ++sc;}
{int uc = vx(v | (0x3f>>sc & (int)c) << 6*sc);
{int k = sizeof(vpl)/sizeof(vp);
while(k--) if(uc == vpl[k].v)
{printf("&%s;", vpl[k].nm); goto end;}}
printf("&#x%x;", uc);}
end: ++cc;}
else if(!bk && c == '&') {char c = gc(4);
int gs(char c, int r){
int vd(char c){if('0' <= c && c <= '9') return c - '0';
{char lc = tolower(c);
if(r == 16 && 'a' <= lc && lc <= 'f') return lc - 'a' + 10;
loc();
fprintf(stderr, "Invalid digit folowing \"&#\" construct.");
exit(0);
return 0;}}
int k = vd(c);
while(1){char c = gc(4); if(c == ';') return k;
k = r*k + vd(c);}}
if(c == '#') {char c = gc(4);
utf8(vx(c == 'x' || c == 'X' ? gs('0', 16) : gs(c, 10)));}
else {int k = sizeof(vpl)/sizeof(vp);
char st[10]; st[0] = c;
{int n; for(n=1; n<10; ++n) {char c = gc(4);
if(c == ';') goto e1;
if(!isalpha(c)) break;
st[n] = c;}
loc(); fprintf(stderr, "%s reference\n",
n>10?"Verbose":"Invalid");
continue;
e1: st[n] = 0;
// loc(); fprintf(stderr, "string is <%s>.\n", st);
while(k--) if(!strcmp(st, vpl[k].nm)) {
utf8(vpl[k].v); break;}
if(k<0) {loc();
fprintf(stderr, "Unrecognized reference: &%s;\n", st);}}}}
else if(c > 127) {loc(); fprintf(stderr, "Non ASCII char.\n");}
else putchar(c);
}
return 0;
}

292
pages/account/3.php
View file

@ -26,171 +26,147 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<h4><?= _("There is a new method for generating a CSR for this page.") ?></h5>
<p><?= _("It is completely described in https://wiki.cacert.org/TutorialsHowto/Generate-new-CSR, which you should follow. At the point where it says \"Copy CSR to Clipboard\" do that and come back to this page and paste the result into the textbox at the bottom of this page.") ?></p>
<p><a href='https://community.cacert.org/clientcert' target=_blank ><?= _("Here is a link to that procedure. It will open in a new tab.") ?></a></p>
<form method="post" action="account.php"> <form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper"> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr> <tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td> <td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td> <td class="DataTD"><?=_("Address")?></td>
</tr> </tr>
<?
$query = "select * from `email` where `memid`='" . intval($_SESSION[ 'profile' ][ 'id' ] ) . "' and `deleted`=0 and `hash`=''";
$res = mysql_query($query );
while ($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id']) ?>" name="addid[]" value="<?=intval($row['id']) ?>"></td>
<td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
<? }
if ($_SESSION[ 'profile' ][ 'points' ] >= 50 )
{
$fname = $_SESSION[ 'profile' ][ 'fname' ];
$mname = $_SESSION[ 'profile' ][ 'mname' ];
$lname = $_SESSION[ 'profile' ][ 'lname' ];
$suffix = $_SESSION[ 'profile' ][ 'suffix' ];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked"/>
<label for="incname0"><?= _("No Name") ?></label><br/>
<? if ($fname && $lname ) { ?>
<input type="radio" id="incname1" name="incname" value="1"/>
<label for="incname1"><?= _("Include") ?> '<?= $fname . " " . $lname ?>'</label><br/>
<? } ?>
<? if ($fname && $mname && $lname ) { ?>
<input type="radio" id="incname2" name="incname" value="2"/>
<label for="incname2"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname ?> '</label><br/>
<? } ?>
<? if ($fname && $lname && $suffix ) { ?>
<input type="radio" id="incname3" name="incname" value="3"/>
<label for="incname3"><?= _("Include") ?> '<?= $fname . " " . $lname . " " . $suffix ?> '</label><br/>
<? } ?>
<? if ($fname && $mname && $lname && $suffix ) { ?>
<input type="radio" id="incname4" name="incname" value="4"/>
<label for="incname4"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname . " " . $suffix ?>'</label><br/>
<? } ?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked"/>
</td>
<td class="DataTD" align="left">
<label for="login"><?= _("Enable certificate login with this certificate") ?><br/>
<?= _("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?= _("Optional comment, only used in the certificate overview") ?></label><br/>
<input type="text" id="description" name="description" maxlength="100" size="100"/>
</td>
</tr>
<? <?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; if($_SESSION['profile']['points'] >= 50)
$res = mysql_query($query); {
while($row = mysql_fetch_assoc($res))
{ ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr>
<? }
if($_SESSION['profile']['points'] >= 50)
{
$fname = $_SESSION['profile']['fname'];
$mname = $_SESSION['profile']['mname'];
$lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix'];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked" />
<label for="incname0"><?=_("No Name")?></label><br />
<? if($fname && $lname) { ?>
<input type="radio" id="incname1" name="incname" value="1" />
<label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br />
<? } ?>
<? if($fname && $mname && $lname) { ?>
<input type="radio" id="incname2" name="incname" value="2" />
<label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br />
<? } ?>
<? if($fname && $lname && $suffix) { ?>
<input type="radio" id="incname3" name="incname" value="3" />
<label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br />
<? } ?>
<? if($fname && $mname && $lname && $suffix) { ?>
<input type="radio" id="incname4" name="incname" value="4" />
<label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br />
<? } ?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td>
<td class="DataTD" align="left">
<label for="login"><?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="text" id="description" name="description" maxlength="100" size="100" />
</td>
</tr>
<tr name="expertoff" style="display:none">
<td class="DataTD">
<input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
</td>
<td class="DataTD" align="left">
<label for="expertbox"><?=_("Show advanced options")?></label>
</td>
</tr>
<?
if($_SESSION['profile']['points'] >= 50)
{
?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
<?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?> ?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> /> <tr>
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br /> <td class="DataTD" colspan="2" align="left">
<? <input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
} <input type="radio" id="root2" name="rootcert" value="2" checked="checked"/> <label for="root2"><?= _("Sign by class 3 root certificate") ?></label><br/>
?> <?= str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125 ) ) ?>
</td> </td>
</tr> </tr>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="codesign" name="codesign" value="1" />
</td>
<td class="DataTD" align="left">
<label for="codesign"><?=_("Code Signing")?><br />
<?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label>
</td>
</tr>
<? } ?> <? } ?>
<tr name="expert"> <tr>
<td class="DataTD"> <td class="DataTD" colspan="2" align="left">
<input type="checkbox" id="SSO" name="SSO" value="1" /> <?= _("Hash algorithm used when signing the certificate:") ?><br/>
</td> <?
<td class="DataTD" align="left"> foreach (HashAlgorithms::getInfo() as $algorithm => $display_info ) {
<label for="SSO"><?=_("Add Single Sign On ID Information")?><br /> ?>
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?> <input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?= $algorithm ?>" <?= (HashAlgorithms::$default === $algorithm) ? 'checked="checked"' : '' ?> />
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label> <label for="hash_alg_<?= $algorithm ?>"><?= $display_info[ 'name' ] ?><?= $display_info[ 'info' ] ? ' - ' . $display_info[ 'info' ] : '' ?></label><br/>
</td> <?
</tr> }
?>
</td>
</tr>
<tr name="expert"> <? if ($_SESSION[ 'profile' ][ 'points' ] >= 100 && $_SESSION[ 'profile' ][ 'codesign' ] > 0 ) { ?>
<td class="DataTD" colspan="2"> <tr>
<label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br /> <td class="DataTD">
<textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea> <input type="checkbox" id="codesign" name="codesign" value="1"/>
</td> </td>
</tr> <td class="DataTD" align="left">
<label for="codesign"><?= _("Code Signing") ?><br/>
<?= _("Please note: By ticking this box you will automatically have your name included in the certificate.") ?></label>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="SSO"><?= _("Add Single Sign On ID Information") ?><br/>
<?= str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125 ) ) ?>
<a href="http://wiki.cacert.org/wiki/SSO"><?= _("SSO WIKI Entry") ?></a></label>
</td>
</tr>
<tr> <tr>
<td class="DataTD"> <td class="DataTD" colspan="2">
<input type="checkbox" id="CCA" name="CCA" /> <label for="optionalCSR"><?= _("Optional Client CSR, no information on the certificate will be used") ?></label><br/>
</td> <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
<td class="DataTD" align="left"> </td>
<label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> </tr>
<?=_("Please note: You need to accept the CCA to proceed.")?></label>
</td> <tr>
</tr> <td class="DataTD">
<tr> <input type="checkbox" id="CCA" name="CCA"/>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>" /></td> </td>
</tr> <td class="DataTD" align="left">
</table> <label for="CCA"><strong><?= sprintf(_("I accept the CAcert Community Agreement (%s)."), "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>") ?></strong><br/>
<input type="hidden" name="oldid" value="<?=$id?>" /> <?= _("Please note: You need to accept the CCA to proceed.") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?= _("Next") ?>"/></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?= $id ?>"/>
</form> </form>
<script language="javascript">
function showExpert(a)
{
b=document.getElementsByName("expert");
for(i=0;b.length>i;i++)
{
if(!a) {b[i].setAttribute("style","display:none"); }
else {b[i].removeAttribute("style");}
}
b=document.getElementsByName("expertoff");
for(i=0;b.length>i;i++)
{
b[i].removeAttribute("style");
}
}
showExpert(false);
</script>

37
www/certs/CAcert_Class3Root_x14E228.crt Normal file
View file

@ -0,0 +1,37 @@
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

BIN
www/certs/CAcert_Class3Root_x14E228.der Normal file
View file

Binary file not shown.

132
www/certs/CAcert_Class3Root_x14E228.txt Normal file
View file

@ -0,0 +1,132 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1368616 (0x14e228)
Signature Algorithm: sha512WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
Not Before: Apr 19 12:18:30 2021 GMT
Not After : Apr 17 12:18:30 2031 GMT
Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
05:fb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Authority Information Access:
OCSP - URI:http://ocsp.CAcert.org/
CA Issuers - URI:http://www.CAcert.org/class3.crt
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.18506.2.3.1
CPS: http://www.CAcert.org/cps.php
X509v3 CRL Distribution Points:
Full Name:
URI:https://www.cacert.org/class3.crl
Signature Algorithm: sha512WithRSAEncryption
c6:1e:ad:77:5c:b4:28:9b:d1:c8:8d:44:12:c0:bd:76:76:04:
83:21:07:f8:11:82:7f:6b:c1:95:42:c0:38:11:b5:25:70:8d:
8b:0c:c1:d5:6c:fd:1c:1a:03:7c:8b:f8:06:31:a5:9d:de:41:
29:d4:8b:9b:84:d7:3d:c1:37:86:71:a3:1f:5b:61:29:1e:5d:
77:7d:bb:f0:ad:b9:15:19:13:14:e6:35:80:ff:a6:19:b4:37:
85:94:41:e8:88:c3:5f:e0:b2:06:a4:bb:f8:40:a9:1d:39:ac:
ed:ea:3f:98:04:4d:f9:8c:f9:47:79:73:52:f5:ec:df:34:97:
fb:3e:77:e0:dc:d1:83:88:ba:88:73:47:5a:a6:a4:15:c4:0d:
70:0d:0f:9e:4b:13:07:7e:ef:18:3e:f9:a5:01:aa:79:29:b1:
e7:52:fa:53:3a:c8:a6:7f:b6:ef:89:a1:b1:a1:4d:2f:ce:63:
85:7f:a5:2a:e9:3b:d4:c1:a3:cf:0a:13:85:bb:99:d7:9c:66:
90:84:e7:66:d4:50:b3:a1:e1:2d:22:2a:25:68:c3:20:b2:2b:
c4:ba:98:1d:e8:4a:ef:5c:58:c2:b4:4d:84:56:f7:4e:bb:16:
68:42:6c:92:b8:6f:78:cd:0e:b3:fb:ef:a0:b3:64:87:f2:f7:
88:44:39:fc:b9:e6:2c:c0:98:24:d4:40:2c:5e:c8:ee:0b:1d:
b8:02:4d:26:b8:0a:18:c6:2f:1e:4b:75:6e:8f:2e:21:73:bc:
c2:03:55:ee:aa:14:e0:9a:1a:07:53:0b:df:44:14:a8:67:05:
af:44:c8:d3:a1:45:76:02:b6:7f:0c:b9:86:e9:4f:c6:6e:b0:
bb:15:b4:bf:e8:80:b5:76:31:fe:64:64:c1:0a:58:6d:c5:50:
b6:b2:03:bf:1d:42:4f:59:39:d1:c4:31:8b:e8:c8:2a:39:1c:
15:61:f0:de:40:68:0e:70:a8:b3:4f:ee:91:e8:0f:4f:b6:90:
9e:4d:80:6c:be:1c:ee:70:a4:b8:07:04:2b:0d:41:02:54:84:
4e:47:ea:8b:96:ed:76:58:61:e7:c3:21:7b:06:6f:d4:b7:0b:
e7:34:32:83:cc:35:a6:e7:25:4f:7c:17:42:fc:bc:57:03:c6:
9f:42:7f:98:60:f8:80:b2:d9:f6:b1:9c:1c:35:04:0a:89:31:
16:85:a4:fa:ee:4c:09:c5:6a:98:66:ec:c8:6e:2a:e6:cb:92:
dc:23:6c:96:c1:d4:45:f3:3c:6d:02:b8:a0:bb:c7:47:c2:c2:
1c:40:4c:45:c7:45:06:7f:3b:71:2b:ce:2b:a7:81:d6:47:46:
28:b0:3c:ca:65:f1:66:9f
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

17
www/src-lic.php
View file

@ -1,6 +1,6 @@
<? /* <? /*
LibreSSL - CAcert web application LibreSSL - CAcert web application
Copyright (C) 2004-2008 CAcert Inc. Copyright (C) 2004-2023 CAcert Inc.
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -17,21 +17,10 @@
*/ */
if(array_key_exists('iagree',$_REQUEST) && $_REQUEST['iagree'] == "yes") if(array_key_exists('iagree',$_REQUEST) && $_REQUEST['iagree'] == "yes")
{ {
$output_file = $fname = readlink("../tarballs/current.tar.bz2"); header('Location: https://code.cacert.org/cacert/cacert-webdb/archive/main.tar.gz', TRUE, 302);
header('Pragma: public');
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header('Content-Transfer-Encoding: none');
header('Content-Type: application/octetstream; name="' . $output_file . '"'); //This should work for IE & Opera
header('Content-Type: application/octet-stream; name="' . $output_file . '"'); //This should work for the rest
header('Content-Disposition: inline; filename="' . $output_file . '"');
header("Content-length: ".intval(filesize($_SESSION['_config']['filepath']."/tarballs/$fname")));
readfile($_SESSION['_config']['filepath']."/tarballs/$fname");
exit; exit;
} }
loadem("index"); loadem("index");
showheader(_("CAcert Source License")); showheader(_("CAcert Source License"));
?> ?>