Fix for https://bugs.cacert.org/view.php?id=790

"Creating organisation client certs by pasted CSR"
10 years ago · cf5a6ce0a3
parent 2ca78a2eb2
commit cf5a6ce0a3
5 changed files with 21 additions and 2 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -1560,7 +1560,12 @@ function buildSubjectFromSession() {
 			}
 			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
 		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
-			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+			$csr = clean_csr($_REQUEST['CSR']);
+			if(strpos($csr,"---BEGIN") === FALSE)
+			{
+				// In case the CSR is missing the ---BEGIN lines, add them automatically:
+				$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+			}

 			if (($weakKey = checkWeakKeyCSR($csr)) !== "")
 			{
--- a/includes/keygen.php
+++ b/includes/keygen.php
@ -121,7 +121,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
 			<input type="hidden" name="keytype" value="NS">
 			<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">

-			<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+			<input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
 			<input type="hidden" name="oldid" value="<?=intval($id)?>">
 		</form>
 	</p>
--- a/pages/account/16.php
+++ b/pages/account/16.php
@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>

 <script language="javascript">
 function showExpert(a)
--- a/pages/account/17.php
+++ b/pages/account/17.php
@ -17,3 +17,12 @@
 */

 require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+		<form method="post" action="account.php">
+			<input type="hidden" name="keytype" value="VI">
+			<textarea rows="20" cols="40" name="CSR"></textarea>
+			<input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+			<input type="hidden" name="oldid" value="17">
+		</form>
--- a/pages/account/19.php
+++ b/pages/account/19.php
@ -52,6 +52,10 @@
 			showfooter();
 			exit;
 		}
+	} else if($row['keytype'] == "VI"){
+		showheader(_("My CAcert.org Account!"));
+		echo "<pre>".$cert."</pre>";
+		showfooter();
 	} else {
 		showheader(_("My CAcert.org Account!"));
 ?>