From a2a8c7dbe9568ad669dba762061a9bd5f8cb65a5 Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Thu, 16 Jun 2011 09:20:24 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=918 (detection
 and prevention of weak keys for CAcert-issued certificates)

---
 www/api/ccsr.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/www/api/ccsr.php b/www/api/ccsr.php
index e81c738..a4ec71e 100644
--- a/www/api/ccsr.php
+++ b/www/api/ccsr.php
@@ -59,6 +59,12 @@
 		$codesign = 1;
 
 	$CSR = trim($_REQUEST['optionalCSR']);
+	
+	if (($weakKey = checkWeakKeyCSR($CSR)) !== "")
+	{
+		die("403, $weakKey");
+	}
+	
 	$incsr = tempnam("/tmp", "ccsrIn");
 	$checkedcsr = tempnam("/tmp", "ccsrOut");
 	$fp = fopen($incsr, "w");