Commit graph

48 commits

Author SHA1 Message Date
f794fd9e8b Merge remote-tracking branch 'origin/main' into fix-gpg-expiry-date-calculation
* origin/main:
  Implement warning thresholds for OpenPGP
2024-10-16 17:11:10 +02:00
6829f5c634 Fix OpenPGP signature handling
- define configuration variable $signer_openpgp_key_id to hold the
  OpenPGP public key id of the signer
- define a variable for the long date format to keep it consistent for all uses in client.pl
- remove unused $timestamp global variable
- extract function parse_gpg_signature_output that handles the extraction
  of machine-readable information from the gpg output
- ensure that the signature creation and expiration date are read from signature packets that have
  been
- increase the warning counter for a gpg signing attempt
2024-10-06 15:55:51 +02:00
ddd60a87f6 Add script to analyze gpg signature timestamps
This is primarily a debugging tool for critical admins.
2024-10-06 14:03:13 +02:00
de3cf38c5d Implement warning thresholds for OpenPGP
This patch fixes https://bugs.cacert.org/view.php?id=1530 by adding the same
warning threshold behaviour for OpenPGP signing requests that exists for
X.509 signing requests.

The warning threshold has been moved to a variable. The SQL statements are
created using an sprintf statement to avoid potential SQL injections that may
get introduced by setting the warning_threshold variable to an invalid valid.

Fixes #1530
2024-10-05 17:24:49 +02:00
8ca6e44c69 Fix issues with OpenPGPextractExpiryDate
- add missing closing brace
- remove old commented code
2024-10-05 11:26:00 +02:00
8619ae841c Fix OpenPGP signature expiry calculation
- use machine-readable output of gpg
- avoid regex and use direct matching of public key lines
- format date with POSIX::strftime
2024-10-05 11:03:06 +02:00
5d9c8689cc Use Digest::SHA instead of removed Digest::SHA1
This fixes the Digest import in server.pl. Digest::SHA1 has long been
replaced by the more generic Digest::SHA.
2024-05-03 20:00:23 +02:00
Wytze van der Raay
7757afc66d Switch to xz compression (instead of bz2) to reduce the size of the huge CommModule logfiles. 2018-09-06 10:25:38 +00:00
Wytze van der Raay
c8b4a22f25 Signer part of fix for https://bugs.cacert.org/view.php?id=1392
Issue of certificates to arbitrary domains.
2015-07-29 10:07:18 +00:00
Wytze van der Raay
d0132571dc Fixes for https://bugs.cacert.org/view.php?id=597
"email notification for revoked certificates"
and for https://bugs.cacert.org/view.php?id=773
"No confirmation of revocation of server certificate"
2015-02-13 14:08:22 +00:00
Wytze van der Raay
7fc452eb68 Fix for https://bugs.cacert.org/view.php?id=1298
"CommModule code requires a trivial change to run with Debian Wheezy"
2014-08-21 14:57:05 +00:00
Wytze van der Raay
42f16aab95 Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:13:27 +00:00
Wytze van der Raay
1090543068 Fix for https://bugs.cacert.org/view.php?id=1237
"Certificates should be issued using sha512WithRSAEncryption for signatures"
2014-01-15 15:22:09 +00:00
Wytze van der Raay
db6ea0aafd Fix for https://bugs.cacert.org/view.php?id=1159
"it might be possible to execute commands on the signing server"
2013-06-20 10:14:33 +00:00
Wytze van der Raay
69d5019f12 Fix for https://bugs.cacert.org/view.php?id=540
No key usage attribute in cacert org certs anymore?
2012-07-27 16:00:29 +00:00
root
a0070c6cd2 Fix for https://bugs.cacert.org/view.php?id=985
"Move from translingo to pootle"
2012-01-24 14:24:31 +00:00
Wytze van der Raay
d67dd3d438 Fix for https://bugs.cacert.org/view.php?id=911 :
Wrong expiration time in newly added GPG Key if Key has no Expire date.
2011-08-20 15:36:45 +00:00
Wytze van der Raay
d86b229aac Fix for https://bugs.cacert.org/view.php?id=948 2011-07-22 14:11:14 +00:00
Wytze van der Raay
e164a24100 Add the code of the real server.pl script running on the signing server to
this software distribution of the communication module between web server
and signing server. Verified on December 10, 2010.
2010-12-13 10:58:19 +00:00
Philipp Dunkel
e906f6f047 Added more verbose error messages 2010-01-03 14:36:48 +00:00
Philipp Dunkel
b5257e8969 Added missing newlines 2010-01-03 14:32:57 +00:00
Wytze van der Raay
93d8ca5f0f Update readme.txt.
Remove obsolete error.txt file.
2009-12-28 15:25:10 +00:00
Wytze van der Raay
ae5cbde8b7 Make client script append to rather than overwrite the nohup.out file. 2009-12-28 15:14:40 +00:00
Wytze van der Raay
ebe8a08441 Remove clientloop.sh script (obsoleted by commmodule/commdaemon scripts). 2009-12-28 15:10:45 +00:00
Wytze van der Raay
4885a78c1c Add proper startup/shutdown script for the CAcert CommModule processes.
Add separate commdaemon script to control looping of basic script, and
allow orderly shutdown.
Add hook to client.pl script to interact properly with the new commmodule
and commdaemon scripts.
2009-12-28 15:09:24 +00:00
Philipp Dunkel
60ed4bff3e Reduced the CRL check frequency 2009-12-20 03:51:43 +00:00
Philipp Dunkel
3182cfa3c7 Added some more delay to prevent database stress 2009-12-17 10:05:23 +00:00
Philipp Dunkel
1d22e387c4 http://bugs.cacert.org/view.php?id=796 2009-12-15 22:18:56 +00:00
Philipp Dunkel
314aec03ad http://bugs.cacert.org/view.php?id=796 2009-12-04 18:25:46 +00:00
Philipp Dunkel
cf2f113322 Removed superfluous root cert definition 2009-12-03 20:57:26 +00:00
Philipp Dunkel
c28647b8db Added creation of missing directories
Improved performance
2009-10-29 23:52:06 +00:00
Philipp Dunkel
6bd322fd54 Switched to new directory layout 2009-10-16 00:16:23 +00:00
Philipp Dunkel
eba1527050 Migrated from Serial Link to USB-Serial Link 2009-09-19 23:25:05 +00:00
Wytze van der Raay
1b5940cca8 Increase retention period for CommModule logfiles to at least 2.5 years
in accordance with Security Manual 4.2.1 (at least 24/at most 36 months).
2009-05-24 18:08:23 +00:00
Wytze van der Raay
e10f0cc910 logclean.sh - maintenance script for logfiles generated by CommModule
run this daily or weekly from cron
2009-05-23 13:47:59 +00:00
Wytze van der Raay
e07b52ba77 Changes to bring logging of ComsModule into compliance with CAcert
Security Manual, while keeping logfiles manageable:
- Modify SysLog function to use a new date-stamped logfile every day.
- Placed obvious debug print statement under control of if ($debug).
- Changed print of Version: information into a SysLog call.
2009-05-15 15:44:01 +00:00
root
217c041b48 http://bugs.cacert.org/view.php?id=651 2009-04-09 13:48:27 +00:00
root
bfc3914775 Bug#651 2009-03-22 18:29:22 +00:00
root
597c8728a5 Added debugging information 2009-01-22 20:37:38 +00:00
root
c2cb97cfc4 Fixed a missing field in the emails 2008-11-23 04:23:21 +00:00
root
174fc24eb8 Adapted Serial Port to new Server configuration 2008-10-02 15:09:15 +00:00
root
e4da3093ce Added filenames for error messages 2008-08-25 19:19:02 +00:00
root
ccdb2d0490 Changed the USB-Link behaviour 2008-06-07 17:25:32 +00:00
root
afccfceb56 Changed license to GPLv2 2008-04-06 19:45:09 +00:00
root
9410aa9173 Added the new USB client 2008-02-20 20:46:08 +00:00
root
b11a343dbc Fixed a typo 2008-02-20 17:16:23 +00:00
root
18b8f0c3fe Removed double newlines
Reintroduced warning handling, and added it for all kinds of certificates.
TODO: warning handling for GPG
2008-02-19 23:24:47 +00:00
root
d3992601d5 Added CommModule to CVS 2008-01-13 00:05:44 +00:00