844eb0fbf3
Merge branch 'main' into fix-client-cert-issues
2024-05-20 10:42:51 +00:00
9626e7f6fc
Fix initial index for email SAN lookup
2024-05-05 21:32:20 +02:00
5f89d48036
Remove leftover header call
2024-05-05 21:22:16 +02:00
9a672e9bf9
Improve client certificate issuing
...
- add more comprehensive message when a user does not select an email address or the SSO flag
- fix missing value for coll_found in emailcerts INSERT query
- handle database errors when the emailcerts INSERT query fails
2024-05-05 20:13:37 +02:00
560be526c4
Fix client certificate login
...
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.
Email addresses from the client certificate are used as an additional
matching parameter.
- includes/lib/general.php got a new function
get_email_addresses_from_client_cert to create an array of email
addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
use a JOIN over the emailcerts, root_certs and email tables. All
parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
exactly one row in the result set
The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
f6831c82af
Remove opinionated comments on hash algorithms
2023-09-17 11:04:02 +02:00
3e25be237d
Remove old sponsoring links
...
fixes https://bugs.cacert.org/view.php?id=1423
2023-09-16 16:23:16 +02:00
bdb30f8898
Use integer values for type when inserting into ordomaincerts
...
MySQL tolerated INSERTs of an empty string in the type column of the
ordomaincerts table. This commit uses an integer value of 0 as default
instead to ensure that MariaDB with strict settings accepts the INSERT
too.
2023-07-14 18:06:10 +02:00
687497c82f
Fix l10n handling on Debian 11
...
Fixes bug #1542
2022-07-07 17:56:50 +02:00
9140217aa7
Change outgoing mail hostname to ping.cacert.org
...
Fixes bug #1541
2022-07-07 17:07:55 +02:00
bf7dcbd080
Bug 1440
2021-07-04 18:51:27 +00:00
Wytze van der Raay
62a2d72a07
Emergency fix for https://bugs.cacert.org/view.php?id=1459
...
"e-mail verification fails for many addresses since upgrade from PHP 5.5 to PHP 5.6"
2019-02-23 08:28:50 +00:00
Wytze van der Raay
f6b81bfed9
Fix for https://bugs.cacert.org/view.php?id=1430
2019-02-14 08:19:33 +00:00
Wytze van der Raay
1f7b668f1b
Fix for https://bugs.cacert.org/view.php?id=1389
...
Wrong encoding for mails sent with function sendmail()
2015-08-28 15:40:09 +00:00
Wytze van der Raay
9464b4e07a
Additional patch for https://bugs.cacert.org/view.php?id=1392
...
Issue of certificates to arbitrary domains.
2015-07-27 07:21:52 +00:00
Wytze van der Raay
edae6c8e40
Fix for https://bugs.cacert.org/view.php?id=1392
...
Issue of certificates to arbitrary domains
2015-07-25 14:51:01 +00:00
Wytze van der Raay
e2de6e8f7e
Fix for https://bugs.cacert.org/view.php?id=1131
...
"Rename _all_ Policies from .php to .html and fix all links (was: Rename
PolicyOnPolicy.php to .html)"
2015-01-08 15:02:47 +00:00
Wytze van der Raay
cf5a6ce0a3
Fix for https://bugs.cacert.org/view.php?id=790
...
"Creating organisation client certs by pasted CSR"
2014-12-05 09:08:43 +00:00
Wytze van der Raay
2ca78a2eb2
Fix for https://bugs.cacert.org/view.php?id=1318
...
"E-Mail Probe does not consider mx priorities"
2014-12-05 09:06:50 +00:00
Wytze van der Raay
8477354c33
Fix for https://bugs.cacert.org/view.php?id=1288
...
"Support STARTTLS when doing a ping mail"
2014-12-05 09:05:04 +00:00
Wytze van der Raay
add8566161
Fix for https://bugs.cacert.org/view.php?id=28
...
"Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails"
2014-11-24 09:59:19 +00:00
Wytze van der Raay
4f70392a23
Fix for https://bugs.cacert.org/view.php?id=1273
...
"Replace all backtick operators with calls to runCommand() or shell_exec()"
2014-11-24 09:56:38 +00:00
Wytze van der Raay
ca2fe0bc16
Fix for https://bugs.cacert.org/view.php?id=1192
...
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
2014-11-24 09:54:09 +00:00
Mendel Mobach
8be54e45e9
Fix for https://bugs.cacert.org/view.php?id=1339
2014-11-18 22:08:23 +00:00
Wytze van der Raay
4e0598a6c2
Fix for https://bugs.cacert.org/view.php?id=1301
...
sanitizeHTML function converts input which contains non-ascii characters to an empty string
2014-10-17 12:54:20 +00:00
Wytze van der Raay
46e866f0aa
Fix for https://bugs.cacert.org/view.php?id=1297
...
"includes/lib/check_weak_key.php is broken after upgrade to Debian Wheezy with openssl 1.0"
2014-08-28 15:10:17 +00:00
Wytze van der Raay
69eee6b7b4
Fix for https://bugs.cacert.org/view.php?id=1292
...
"Issuing Certificates with "Public Exponent: 1 (0x1)""
2014-08-21 14:35:40 +00:00
Wytze van der Raay
e2e8259c68
Fix for https://bugs.cacert.org/view.php?id=1291
...
"Executable code can be entered in location field, executable on wot15"
2014-08-09 09:13:02 +00:00
Wytze van der Raay
5c7e14e915
Fix for https://bugs.cacert.org/view.php?id=1226
...
"Ädd DoB to selection of assuree"
2014-07-16 10:37:57 +00:00
Wytze van der Raay
73daac8e42
Fix for https://bugs.cacert.org/view.php?id=1280
...
"WOT: Contact Assurer form does not print preferred language"
2014-07-16 10:32:57 +00:00
Wytze van der Raay
924e6b0337
Intermediate patch for https://bugs.cacert.org/view.php?id=807
...
"CAcert ignores signature algorithm from csr".
This patch introduces the UI for our members to choose which signature
algorithm they want their certificates signed with. Among the choices
are SHA-256, SHA-384 and SHA-512. Further choices may be included as our
signer and web frontend permit.
2014-06-13 16:00:16 +00:00
Wytze van der Raay
bfbd218aac
Fix for https://bugs.cacert.org/view.php?id=929
...
"GPG/PGP menu items expand the wrong root"
2014-06-10 08:50:47 +00:00
Wytze van der Raay
ccc2a6f534
Combined fixes for
...
- https://bugs.cacert.org/view.php?id=413
"Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
"Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
"Inconsistency in Assurance Management"
2014-06-07 09:16:26 +00:00
Wytze van der Raay
42f16aab95
Combined fixes for
...
- https://bugs.cacert.org/view.php?id=413
"Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
"Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
"Inconsistency in Assurance Management"
2014-06-07 09:13:27 +00:00
Wytze van der Raay
14aafe2212
Fix for https://bugs.cacert.org/view.php?id=1275
...
"Missing quotes around"masteracc" array index"
2014-06-07 08:52:43 +00:00
Wytze van der Raay
b740a14b10
Fix for https://bugs.cacert.org/view.php?id=372
...
"Renewing certificates fails to update links between domains and the certificate
properly which causes issues"
2014-06-07 08:46:18 +00:00
Mendel Mobach
1112d76dd5
fix for https://bugs.cacert.org/view.php?id=1272
...
"Arbitrary Code Execution via SQL injection on certain database fields"
2014-04-19 07:32:11 +00:00
Mendel Mobach
ea8c675168
fix for https://bugs.cacert.org/view.php?id=1266
...
"Second-order SQL injection in Certificate-related queries"
2014-04-18 08:12:30 +00:00
Mendel Mobach
365a7272cf
fix for https://bugs.cacert.org/view.php?id=1184
...
"hex2bin function"
2014-04-18 08:10:17 +00:00
Wytze van der Raay
26fc6dd1f5
Additional fix for for http://bugs.cacert.org/view.php?id=1070
...
"Certain account passwords are logged in web server error log."
2014-04-01 14:32:06 +00:00
Wytze van der Raay
eff4f484ff
Fix for https://bugs.cacert.org/view.php?id=448
...
"when revoking a certificate, confusing info is given to the user"
2014-03-24 11:38:41 +00:00
Wytze van der Raay
4937cf6038
Fix for https://bugs.cacert.org/view.php?id=1255
...
"DSA certificate issuing ignores key strength"
2014-03-10 16:32:07 +00:00
Wytze van der Raay
1b49547d06
Fix for https://bugs.cacert.org/view.php?id=440
...
"Problem with subjectAltName"
2014-01-15 16:00:05 +00:00
Wytze van der Raay
c68de86c6d
Fix for https://bugs.cacert.org/view.php?id=1137
...
"Record the CCA acception for entering an assurance"
2014-01-15 15:55:29 +00:00
Wytze van der Raay
0d230706fc
Fix for https://bugs.cacert.org/view.php?id=1195
...
"Take out change ability on pages/account/6.php"
2014-01-15 15:50:40 +00:00
Wytze van der Raay
3b79d4bd1b
Fix for https://bugs.cacert.org/view.php?id=1236
...
"Security questions rejected invalid on adding middle name"
2014-01-15 15:40:51 +00:00
Wytze van der Raay
3ac5042e96
Fix for https://bugs.cacert.org/view.php?id=1010
...
"Reorder the view on organisation certificates"
2013-11-20 16:28:34 +00:00
Wytze van der Raay
fc979343e1
Fix for https://bugs.cacert.org/view.php?id=569
...
"output order when removing email address"
2013-10-21 09:17:17 +00:00
Wytze van der Raay
b9729ffae1
Fix for http://bugs.cacert.org/view.php?id=918
...
"Weak keys in certificates"
2013-10-16 10:44:30 +00:00
Wytze van der Raay
b57d4d8b17
Fix for http://bugs.cacert.org/view.php?id=1208
...
Improve readability of "Assure someone" page.
2013-10-16 10:41:21 +00:00