Commit graph

1363 commits

Author SHA1 Message Date
4c8055c063 Removed commented code. 2024-10-22 20:31:07 +02:00
23a5593ea9 Revised commit of 3.php to limit it to the bare minimum.
The selection of Root Certicate type has been removed and only the Type 3
will be generated.
2024-10-22 20:28:55 +02:00
c4aa189a0f Merge pull request 'Add a contribution guide' (!32) from add-a-contribution-guide into main
Reviewed-on: #32
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-10-17 22:45:50 +00:00
d6baac39d6 Add a section explaining the OpenID connect link 2024-10-08 09:02:20 +02:00
afcf1b5d37 Add missing closing quote 2024-10-08 08:58:19 +02:00
12fdf40cda Merge pull request 'Implement warning thresholds for OpenPGP' (!31) from unify-behaviour-of-x509-and-gpg-retries into main
Reviewed-on: #31
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-10-07 20:59:40 +00:00
3a3dae868e Merge pull request 'Fix server cert expiry queries' (!29) from fix-user-deletion-sql into main
Reviewed-on: #29
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-10-05 19:26:37 +00:00
fae023e712 Add a contribution guide
This commit adds an initial version of a contribution guide to help new
contributors.
2024-10-05 18:25:39 +02:00
de3cf38c5d Implement warning thresholds for OpenPGP
This patch fixes https://bugs.cacert.org/view.php?id=1530 by adding the same
warning threshold behaviour for OpenPGP signing requests that exists for
X.509 signing requests.

The warning threshold has been moved to a variable. The SQL statements are
created using an sprintf statement to avoid potential SQL injections that may
get introduced by setting the warning_threshold variable to an invalid valid.

Fixes #1530
2024-10-05 17:24:49 +02:00
18ffb1b781 Fix server cert expiry queries
Addresses #1544
2024-10-05 09:55:10 +02:00
efe24df995 Merge pull request 'Add policy/CCA mail script for 2024-09-25 mailing' (!28) from send-policy-cca-script-202409 into main
Reviewed-on: #28
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-10-01 09:17:03 +00:00
6c40447437 Merge pull request 'Ignore generated files' (!27) from ignore-generated-files into main
Reviewed-on: #27
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-10-01 09:12:09 +00:00
bb4d099ea1 Add policy/CCA mail script for 2024-09-25 mailing
Signed-off-by: Jan Dittberner <jandd@cacert.org>
2024-10-01 10:56:43 +02:00
685ff8f2b8 Ignore generated files
- ignore multiple files from production (CommModule logs and debug
  output), tarballs, lastid files from scripts
- ignore files that are left over by patch, vim and JetBrains IDEs
  during development
2024-10-01 10:51:42 +02:00
7d0cb00de2 Merge pull request 'Fix user deletion' (!26) from fix-user-deletion into main
Reviewed-on: #26
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-09-30 18:54:35 +00:00
07b1cd75fc Merge pull request 'Fix cats_import' (!25) from fix-cats-importer into main
Reviewed-on: #25
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-09-30 18:54:16 +00:00
56c3a8a391 Fix user deletion
Fixes #1544
2024-09-30 08:32:38 +02:00
bba0b479d5 Fix cats_import
- compare the client certificate email address directly instead of
  trying to match DN parts
- improve handling of IP addresses
2024-09-21 10:27:54 +02:00
4edf5c0cc5 Merge pull request 'Corrected language. This is the New Client Certificate page, but has the New Server Certificate language.' (!19) from bug-1559 into main
Reviewed-on: #19
Reviewed-by: Jan Dittberner <jandd@cacert.org>
Reviewed-by: Kim Nilsson <knilsson@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-08-06 20:03:05 +00:00
fd29a02049 Merge branch 'main' into bug-1559 2024-08-06 20:02:47 +00:00
1d41eedc27 Merge pull request 'Updated text as per #bug-1537' (!24) from bug-1537 into main
Reviewed-on: #24
Reviewed-by: Kim Nilsson <knilsson@cacert.org>
Reviewed-by: Jan Dittberner <jandd@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-08-06 19:59:36 +00:00
bb8fd1519b Merge pull request 'Adjusted wording as per https://lists.cacert.org/wws/arc/cacert-policy/2020-09/msg00008.html' (!21) from bug-1560 into main
Reviewed-on: #21
Reviewed-by: Kim Nilsson <knilsson@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-08-06 19:58:52 +00:00
2ca4b1aab8 Updated text as per #bug-1537
Edited CCA, Privacy Policy and RDL text to remove references to Australia.
2024-06-12 22:39:41 -04:00
Brian McCullough
c4b9c6370e Adjusted wording as per https://lists.cacert.org/wws/arc/cacert-policy/2020-09/msg00008.html 2024-06-01 22:42:42 -04:00
Brian McCullough
5989e8adad Corrected label on CSR text box. 2024-05-29 08:40:40 -04:00
16a05fff74 Corrected language. This is the New Client Certificate page, but has the New Server Certificate language. 2024-05-24 14:03:39 -04:00
06aee033a7 Merge pull request 'Replace http links with https' (!18) from use-https-for-verification-links into main
Reviewed-on: #18
Reviewed-by: Kim Nilsson <knilsson@cacert.org>
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:46:40 +00:00
c61f0c4519 Merge branch 'main' into use-https-for-verification-links 2024-05-20 10:46:16 +00:00
408796eaf0 Merge pull request 'Improve client certificate issuing' (!17) from fix-client-cert-issues into main
Reviewed-on: #17
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:46:01 +00:00
844eb0fbf3 Merge branch 'main' into fix-client-cert-issues 2024-05-20 10:42:51 +00:00
abfce60ed4 Merge pull request 'Fix client certificate login' (!16) from fix-client-certificate-login into main
Reviewed-on: #16
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:35:30 +00:00
44987425dc Merge branch 'main' into fix-client-certificate-login 2024-05-20 10:35:19 +00:00
e021736c47 Merge pull request 'Add maintenance query to remove memid=0 emails' (!2) from fix-email-address-maintenance-bug-1543 into main
Reviewed-on: #2
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:34:39 +00:00
66daeb6fcd Merge branch 'main' into fix-email-address-maintenance-bug-1543 2024-05-20 10:34:13 +00:00
9626e7f6fc Fix initial index for email SAN lookup 2024-05-05 21:32:20 +02:00
5f89d48036 Remove leftover header call 2024-05-05 21:22:16 +02:00
3bf254e237 Use https links instead of http for registration 2024-05-05 20:16:09 +02:00
0f75bdcdac Use https links instead of http 2024-05-05 20:16:09 +02:00
9a672e9bf9 Improve client certificate issuing
- add more comprehensive message when a user does not select an email address or the SSO flag
- fix missing value for coll_found in emailcerts INSERT query
- handle database errors when the emailcerts INSERT query fails
2024-05-05 20:13:37 +02:00
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
e2f9138035 Merge pull request 'Ignore files that are dynamically generated' (!12) from update-gitignore into main
Reviewed-on: #12
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:42:35 +00:00
443467c435 Merge pull request 'Add class 3 root-certificates signed in 2021' (!13) from add-2021-class3-certificate-files into main
Reviewed-on: #13
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:41:26 +00:00
6e23a0bd87 Merge pull request 'Use Digest::SHA instead of removed Digest::SHA1' (!14) from fix-sha-digest-import into main
Reviewed-on: #14
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:39:03 +00:00
f14c9ad991 Merge pull request 'Remove locale/cv.c' (!15) from remove-unused-c-code into main
Reviewed-on: #15
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:37:24 +00:00
6d2da10fa2 Remove locale/cv.c
This change removes locale/cv.c. It does not seem to be used anywhere in
the current system. None of the current critical team members knows
about its history. It might have been replaced by
locale/escape_special_chars.php long ago.
2024-05-04 10:10:02 +02:00
5d9c8689cc Use Digest::SHA instead of removed Digest::SHA1
This fixes the Digest import in server.pl. Digest::SHA1 has long been
replaced by the more generic Digest::SHA.
2024-05-03 20:00:23 +02:00
6e3549c21a Add class 3 certificates signed in 2021
These files have been referenced in pages/index/3.php since commit
bf7dcbd0
2024-05-03 19:58:42 +02:00
03b6d7c4bf Ignore files that are dynamically generated 2024-05-03 19:54:16 +02:00
0dc3bd7626 Merge pull request 'Redirect to code.cacert.org for source code' (!11) from feature/replace-static-tarballs-with-code-reference into main
Reviewed-on: #11
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2023-09-17 09:18:01 +00:00
bf2ab338d1 Merge pull request 'Remove opinionated comments on hash algorithms' (!10) from bugfix/remove-opinionated-hash-algorithm-descriptions into main
Reviewed-on: #10
2023-09-17 09:12:18 +00:00