From 69d5019f12dd2b17265f65c4dc8d6f2502f3dcdd Mon Sep 17 00:00:00 2001 From: Wytze van der Raay Date: Fri, 27 Jul 2012 16:00:29 +0000 Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=540 No key usage attribute in cacert org certs anymore? --- CommModule/server.pl | 21 ++++- www/policy/CertificationPracticeStatement.php | 76 +++++++++---------- 2 files changed, 56 insertions(+), 41 deletions(-) diff --git a/CommModule/server.pl b/CommModule/server.pl index eb5113a..c70bc9a 100755 --- a/CommModule/server.pl +++ b/CommModule/server.pl @@ -502,9 +502,28 @@ sub SignX509($$$$$$$$) { open OUT,">$wid/extfile"; print OUT "basicConstraints = critical, CA:FALSE\n"; + print OUT "keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement\n"; print OUT "extendedKeyUsage = clientAuth, serverAuth, nsSGC, msSGC\n"; - print OUT "keyUsage = digitalSignature, keyEncipherment\n"; print OUT "authorityInfoAccess = OCSP;URI:$OCSPUrl\n"; + + my $CRLUrl=""; + if($root==0) + { + $CRLUrl="http://crl.cacert.org/revoke.crl"; + } + elsif($root==1) + { + $CRLUrl="http://crl.cacert.org/class3-revoke.crl"; + } + elsif($root==2) + { + $CRLUrl="http://crl.cacert.org/class3s-revoke.crl"; + } + else + { + $CRLUrl="http://crl.cacert.org/root${root}.crl"; + } + print OUT "crlDistributionPoints = URI:${CRLUrl}\n"; print OUT "subjectAltName = $san\n" if(length($san)); close OUT; $extfile=" -extfile $wid/extfile "; diff --git a/www/policy/CertificationPracticeStatement.php b/www/policy/CertificationPracticeStatement.php index 739dec3..415bbe2 100644 --- a/www/policy/CertificationPracticeStatement.php +++ b/www/policy/CertificationPracticeStatement.php @@ -69,7 +69,7 @@ a:hover { CAcert Policy Status
Creation date: 20060726
Status: DRAFT p20091108
- + @@ -3203,54 +3203,50 @@ The form of the PGP signatures depends on several factors, therefore no stipulat

7.1.2. Certificate extensions

-Client certificates include the following extensions:. + Client certificates include the following extensions:

- + +

+ Server certificates include the following extensions: +

+

-Server certificates include the following extensions: + Code-Signing certificates include the following extensions:

- - -

-Code-Signing certificates include the following extensions: -

- - +