From cf5a6ce0a3abd74efa77e00d9322ea95d540cfdc Mon Sep 17 00:00:00 2001
From: Wytze van der Raay
Date: Fri, 5 Dec 2014 09:08:43 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=790 "Creating
organisation client certs by pasted CSR"
---
includes/account.php | 7 ++++++-
includes/keygen.php | 2 +-
pages/account/16.php | 1 +
pages/account/17.php | 9 +++++++++
pages/account/19.php | 4 ++++
5 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/includes/account.php b/includes/account.php
index 26845cd..6dacf2d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1560,7 +1560,12 @@ function buildSubjectFromSession() {
}
mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
- $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+ $csr = clean_csr($_REQUEST['CSR']);
+ if(strpos($csr,"---BEGIN") === FALSE)
+ {
+ // In case the CSR is missing the ---BEGIN lines, add them automatically:
+ $csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+ }
if (($weakKey = checkWeakKeyCSR($csr)) !== "")
{
diff --git a/includes/keygen.php b/includes/keygen.php
index 2713a81..15dee8a 100644
--- a/includes/keygen.php
+++ b/includes/keygen.php
@@ -121,7 +121,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
=_("Keysize:")?>
- ">
+ ">
diff --git a/pages/account/16.php b/pages/account/16.php
index 8783bc5..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
+=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>