Commit graph

384 commits

Author SHA1 Message Date
844eb0fbf3 Merge branch 'main' into fix-client-cert-issues 2024-05-20 10:42:51 +00:00
9626e7f6fc Fix initial index for email SAN lookup 2024-05-05 21:32:20 +02:00
5f89d48036 Remove leftover header call 2024-05-05 21:22:16 +02:00
9a672e9bf9 Improve client certificate issuing
- add more comprehensive message when a user does not select an email address or the SSO flag
- fix missing value for coll_found in emailcerts INSERT query
- handle database errors when the emailcerts INSERT query fails
2024-05-05 20:13:37 +02:00
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
f6831c82af Remove opinionated comments on hash algorithms 2023-09-17 11:04:02 +02:00
3e25be237d Remove old sponsoring links
fixes https://bugs.cacert.org/view.php?id=1423
2023-09-16 16:23:16 +02:00
bdb30f8898 Use integer values for type when inserting into ordomaincerts
MySQL tolerated INSERTs of an empty string in the type column of the
ordomaincerts table. This commit uses an integer value of 0 as default
instead to ensure that MariaDB with strict settings accepts the INSERT
too.
2023-07-14 18:06:10 +02:00
687497c82f Fix l10n handling on Debian 11
Fixes bug #1542
2022-07-07 17:56:50 +02:00
9140217aa7 Change outgoing mail hostname to ping.cacert.org
Fixes bug #1541
2022-07-07 17:07:55 +02:00
bf7dcbd080 Bug 1440 2021-07-04 18:51:27 +00:00
Wytze van der Raay
62a2d72a07 Emergency fix for https://bugs.cacert.org/view.php?id=1459
"e-mail verification fails for many addresses since upgrade from PHP 5.5 to PHP 5.6"
2019-02-23 08:28:50 +00:00
Wytze van der Raay
f6b81bfed9 Fix for https://bugs.cacert.org/view.php?id=1430 2019-02-14 08:19:33 +00:00
Wytze van der Raay
1f7b668f1b Fix for https://bugs.cacert.org/view.php?id=1389
Wrong encoding for mails sent with function sendmail()
2015-08-28 15:40:09 +00:00
Wytze van der Raay
9464b4e07a Additional patch for https://bugs.cacert.org/view.php?id=1392
Issue of certificates to arbitrary domains.
2015-07-27 07:21:52 +00:00
Wytze van der Raay
edae6c8e40 Fix for https://bugs.cacert.org/view.php?id=1392
Issue of certificates to arbitrary domains
2015-07-25 14:51:01 +00:00
Wytze van der Raay
e2de6e8f7e Fix for https://bugs.cacert.org/view.php?id=1131
"Rename _all_ Policies from .php to .html and fix all links (was: Rename
PolicyOnPolicy.php to .html)"
2015-01-08 15:02:47 +00:00
Wytze van der Raay
cf5a6ce0a3 Fix for https://bugs.cacert.org/view.php?id=790
"Creating organisation client certs by pasted CSR"
2014-12-05 09:08:43 +00:00
Wytze van der Raay
2ca78a2eb2 Fix for https://bugs.cacert.org/view.php?id=1318
"E-Mail Probe does not consider mx priorities"
2014-12-05 09:06:50 +00:00
Wytze van der Raay
8477354c33 Fix for https://bugs.cacert.org/view.php?id=1288
"Support STARTTLS when doing a ping mail"
2014-12-05 09:05:04 +00:00
Wytze van der Raay
add8566161 Fix for https://bugs.cacert.org/view.php?id=28
"Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails"
2014-11-24 09:59:19 +00:00
Wytze van der Raay
4f70392a23 Fix for https://bugs.cacert.org/view.php?id=1273
"Replace all backtick operators with calls to runCommand() or shell_exec()"
2014-11-24 09:56:38 +00:00
Wytze van der Raay
ca2fe0bc16 Fix for https://bugs.cacert.org/view.php?id=1192
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
2014-11-24 09:54:09 +00:00
Mendel Mobach
8be54e45e9 Fix for https://bugs.cacert.org/view.php?id=1339 2014-11-18 22:08:23 +00:00
Wytze van der Raay
4e0598a6c2 Fix for https://bugs.cacert.org/view.php?id=1301
sanitizeHTML function converts input which contains non-ascii characters to an empty string
2014-10-17 12:54:20 +00:00
Wytze van der Raay
46e866f0aa Fix for https://bugs.cacert.org/view.php?id=1297
"includes/lib/check_weak_key.php is broken after upgrade to Debian Wheezy with openssl 1.0"
2014-08-28 15:10:17 +00:00
Wytze van der Raay
69eee6b7b4 Fix for https://bugs.cacert.org/view.php?id=1292
"Issuing Certificates with "Public Exponent: 1 (0x1)""
2014-08-21 14:35:40 +00:00
Wytze van der Raay
e2e8259c68 Fix for https://bugs.cacert.org/view.php?id=1291
"Executable code can be entered in location field, executable on wot15"
2014-08-09 09:13:02 +00:00
Wytze van der Raay
5c7e14e915 Fix for https://bugs.cacert.org/view.php?id=1226
"Ädd DoB to selection of assuree"
2014-07-16 10:37:57 +00:00
Wytze van der Raay
73daac8e42 Fix for https://bugs.cacert.org/view.php?id=1280
"WOT: Contact Assurer form does not print preferred language"
2014-07-16 10:32:57 +00:00
Wytze van der Raay
924e6b0337 Intermediate patch for https://bugs.cacert.org/view.php?id=807
"CAcert ignores signature algorithm from csr".

This patch introduces the UI for our members to choose which signature
algorithm they want their certificates signed with. Among the choices
are SHA-256, SHA-384 and SHA-512. Further choices may be included as our
signer and web frontend permit.
2014-06-13 16:00:16 +00:00
Wytze van der Raay
bfbd218aac Fix for https://bugs.cacert.org/view.php?id=929
"GPG/PGP menu items expand the wrong root"
2014-06-10 08:50:47 +00:00
Wytze van der Raay
ccc2a6f534 Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:16:26 +00:00
Wytze van der Raay
42f16aab95 Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:13:27 +00:00
Wytze van der Raay
14aafe2212 Fix for https://bugs.cacert.org/view.php?id=1275
"Missing quotes around"masteracc" array index"
2014-06-07 08:52:43 +00:00
Wytze van der Raay
b740a14b10 Fix for https://bugs.cacert.org/view.php?id=372
"Renewing certificates fails to update links between domains and the certificate
 properly which causes issues"
2014-06-07 08:46:18 +00:00
Mendel Mobach
1112d76dd5 fix for https://bugs.cacert.org/view.php?id=1272
"Arbitrary Code Execution via SQL injection on certain database fields"
2014-04-19 07:32:11 +00:00
Mendel Mobach
ea8c675168 fix for https://bugs.cacert.org/view.php?id=1266
"Second-order SQL injection in Certificate-related queries"
2014-04-18 08:12:30 +00:00
Mendel Mobach
365a7272cf fix for https://bugs.cacert.org/view.php?id=1184
"hex2bin function"
2014-04-18 08:10:17 +00:00
Wytze van der Raay
26fc6dd1f5 Additional fix for for http://bugs.cacert.org/view.php?id=1070
"Certain account passwords are logged in web server error log."
2014-04-01 14:32:06 +00:00
Wytze van der Raay
eff4f484ff Fix for https://bugs.cacert.org/view.php?id=448
"when revoking a certificate, confusing info is given to the user"
2014-03-24 11:38:41 +00:00
Wytze van der Raay
4937cf6038 Fix for https://bugs.cacert.org/view.php?id=1255
"DSA certificate issuing ignores key strength"
2014-03-10 16:32:07 +00:00
Wytze van der Raay
1b49547d06 Fix for https://bugs.cacert.org/view.php?id=440
"Problem with subjectAltName"
2014-01-15 16:00:05 +00:00
Wytze van der Raay
c68de86c6d Fix for https://bugs.cacert.org/view.php?id=1137
"Record the CCA acception for entering an assurance"
2014-01-15 15:55:29 +00:00
Wytze van der Raay
0d230706fc Fix for https://bugs.cacert.org/view.php?id=1195
"Take out change ability on pages/account/6.php"
2014-01-15 15:50:40 +00:00
Wytze van der Raay
3b79d4bd1b Fix for https://bugs.cacert.org/view.php?id=1236
"Security questions rejected invalid on adding middle name"
2014-01-15 15:40:51 +00:00
Wytze van der Raay
3ac5042e96 Fix for https://bugs.cacert.org/view.php?id=1010
"Reorder the view on organisation certificates"
2013-11-20 16:28:34 +00:00
Wytze van der Raay
fc979343e1 Fix for https://bugs.cacert.org/view.php?id=569
"output order when removing email address"
2013-10-21 09:17:17 +00:00
Wytze van der Raay
b9729ffae1 Fix for http://bugs.cacert.org/view.php?id=918
"Weak keys in certificates"
2013-10-16 10:44:30 +00:00
Wytze van der Raay
b57d4d8b17 Fix for http://bugs.cacert.org/view.php?id=1208
Improve readability of "Assure someone" page.
2013-10-16 10:41:21 +00:00