f794fd9e8b
Merge remote-tracking branch 'origin/main' into fix-gpg-expiry-date-calculation
...
* origin/main:
Implement warning thresholds for OpenPGP
2024-10-16 17:11:10 +02:00
6829f5c634
Fix OpenPGP signature handling
...
- define configuration variable $signer_openpgp_key_id to hold the
OpenPGP public key id of the signer
- define a variable for the long date format to keep it consistent for all uses in client.pl
- remove unused $timestamp global variable
- extract function parse_gpg_signature_output that handles the extraction
of machine-readable information from the gpg output
- ensure that the signature creation and expiration date are read from signature packets that have
been
- increase the warning counter for a gpg signing attempt
2024-10-06 15:55:51 +02:00
ddd60a87f6
Add script to analyze gpg signature timestamps
...
This is primarily a debugging tool for critical admins.
2024-10-06 14:03:13 +02:00
de3cf38c5d
Implement warning thresholds for OpenPGP
...
This patch fixes https://bugs.cacert.org/view.php?id=1530 by adding the same
warning threshold behaviour for OpenPGP signing requests that exists for
X.509 signing requests.
The warning threshold has been moved to a variable. The SQL statements are
created using an sprintf statement to avoid potential SQL injections that may
get introduced by setting the warning_threshold variable to an invalid valid.
Fixes #1530
2024-10-05 17:24:49 +02:00
8ca6e44c69
Fix issues with OpenPGPextractExpiryDate
...
- add missing closing brace
- remove old commented code
2024-10-05 11:26:00 +02:00
8619ae841c
Fix OpenPGP signature expiry calculation
...
- use machine-readable output of gpg
- avoid regex and use direct matching of public key lines
- format date with POSIX::strftime
2024-10-05 11:03:06 +02:00
5d9c8689cc
Use Digest::SHA instead of removed Digest::SHA1
...
This fixes the Digest import in server.pl. Digest::SHA1 has long been
replaced by the more generic Digest::SHA.
2024-05-03 20:00:23 +02:00
Wytze van der Raay
7757afc66d
Switch to xz compression (instead of bz2) to reduce the size of the huge CommModule logfiles.
2018-09-06 10:25:38 +00:00
Wytze van der Raay
c8b4a22f25
Signer part of fix for https://bugs.cacert.org/view.php?id=1392
...
Issue of certificates to arbitrary domains.
2015-07-29 10:07:18 +00:00
Wytze van der Raay
d0132571dc
Fixes for https://bugs.cacert.org/view.php?id=597
...
"email notification for revoked certificates"
and for https://bugs.cacert.org/view.php?id=773
"No confirmation of revocation of server certificate"
2015-02-13 14:08:22 +00:00
Wytze van der Raay
7fc452eb68
Fix for https://bugs.cacert.org/view.php?id=1298
...
"CommModule code requires a trivial change to run with Debian Wheezy"
2014-08-21 14:57:05 +00:00
Wytze van der Raay
42f16aab95
Combined fixes for
...
- https://bugs.cacert.org/view.php?id=413
"Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
"Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
"Inconsistency in Assurance Management"
2014-06-07 09:13:27 +00:00
Wytze van der Raay
1090543068
Fix for https://bugs.cacert.org/view.php?id=1237
...
"Certificates should be issued using sha512WithRSAEncryption for signatures"
2014-01-15 15:22:09 +00:00
Wytze van der Raay
db6ea0aafd
Fix for https://bugs.cacert.org/view.php?id=1159
...
"it might be possible to execute commands on the signing server"
2013-06-20 10:14:33 +00:00
Wytze van der Raay
69d5019f12
Fix for https://bugs.cacert.org/view.php?id=540
...
No key usage attribute in cacert org certs anymore?
2012-07-27 16:00:29 +00:00
root
a0070c6cd2
Fix for https://bugs.cacert.org/view.php?id=985
...
"Move from translingo to pootle"
2012-01-24 14:24:31 +00:00
Wytze van der Raay
d67dd3d438
Fix for https://bugs.cacert.org/view.php?id=911 :
...
Wrong expiration time in newly added GPG Key if Key has no Expire date.
2011-08-20 15:36:45 +00:00
Wytze van der Raay
d86b229aac
Fix for https://bugs.cacert.org/view.php?id=948
2011-07-22 14:11:14 +00:00
Wytze van der Raay
e164a24100
Add the code of the real server.pl script running on the signing server to
...
this software distribution of the communication module between web server
and signing server. Verified on December 10, 2010.
2010-12-13 10:58:19 +00:00
Philipp Dunkel
e906f6f047
Added more verbose error messages
2010-01-03 14:36:48 +00:00
Philipp Dunkel
b5257e8969
Added missing newlines
2010-01-03 14:32:57 +00:00
Wytze van der Raay
93d8ca5f0f
Update readme.txt.
...
Remove obsolete error.txt file.
2009-12-28 15:25:10 +00:00
Wytze van der Raay
ae5cbde8b7
Make client script append to rather than overwrite the nohup.out file.
2009-12-28 15:14:40 +00:00
Wytze van der Raay
ebe8a08441
Remove clientloop.sh script (obsoleted by commmodule/commdaemon scripts).
2009-12-28 15:10:45 +00:00
Wytze van der Raay
4885a78c1c
Add proper startup/shutdown script for the CAcert CommModule processes.
...
Add separate commdaemon script to control looping of basic script, and
allow orderly shutdown.
Add hook to client.pl script to interact properly with the new commmodule
and commdaemon scripts.
2009-12-28 15:09:24 +00:00
Philipp Dunkel
60ed4bff3e
Reduced the CRL check frequency
2009-12-20 03:51:43 +00:00
Philipp Dunkel
3182cfa3c7
Added some more delay to prevent database stress
2009-12-17 10:05:23 +00:00
Philipp Dunkel
1d22e387c4
http://bugs.cacert.org/view.php?id=796
2009-12-15 22:18:56 +00:00
Philipp Dunkel
314aec03ad
http://bugs.cacert.org/view.php?id=796
2009-12-04 18:25:46 +00:00
Philipp Dunkel
cf2f113322
Removed superfluous root cert definition
2009-12-03 20:57:26 +00:00
Philipp Dunkel
c28647b8db
Added creation of missing directories
...
Improved performance
2009-10-29 23:52:06 +00:00
Philipp Dunkel
6bd322fd54
Switched to new directory layout
2009-10-16 00:16:23 +00:00
Philipp Dunkel
eba1527050
Migrated from Serial Link to USB-Serial Link
2009-09-19 23:25:05 +00:00
Wytze van der Raay
1b5940cca8
Increase retention period for CommModule logfiles to at least 2.5 years
...
in accordance with Security Manual 4.2.1 (at least 24/at most 36 months).
2009-05-24 18:08:23 +00:00
Wytze van der Raay
e10f0cc910
logclean.sh - maintenance script for logfiles generated by CommModule
...
run this daily or weekly from cron
2009-05-23 13:47:59 +00:00
Wytze van der Raay
e07b52ba77
Changes to bring logging of ComsModule into compliance with CAcert
...
Security Manual, while keeping logfiles manageable:
- Modify SysLog function to use a new date-stamped logfile every day.
- Placed obvious debug print statement under control of if ($debug).
- Changed print of Version: information into a SysLog call.
2009-05-15 15:44:01 +00:00
root
217c041b48
http://bugs.cacert.org/view.php?id=651
2009-04-09 13:48:27 +00:00
root
bfc3914775
Bug#651
2009-03-22 18:29:22 +00:00
root
597c8728a5
Added debugging information
2009-01-22 20:37:38 +00:00
root
c2cb97cfc4
Fixed a missing field in the emails
2008-11-23 04:23:21 +00:00
root
174fc24eb8
Adapted Serial Port to new Server configuration
2008-10-02 15:09:15 +00:00
root
e4da3093ce
Added filenames for error messages
2008-08-25 19:19:02 +00:00
root
ccdb2d0490
Changed the USB-Link behaviour
2008-06-07 17:25:32 +00:00
root
afccfceb56
Changed license to GPLv2
2008-04-06 19:45:09 +00:00
root
9410aa9173
Added the new USB client
2008-02-20 20:46:08 +00:00
root
b11a343dbc
Fixed a typo
2008-02-20 17:16:23 +00:00
root
18b8f0c3fe
Removed double newlines
...
Reintroduced warning handling, and added it for all kinds of certificates.
TODO: warning handling for GPG
2008-02-19 23:24:47 +00:00
root
d3992601d5
Added CommModule to CVS
2008-01-13 00:05:44 +00:00