Commit graph

1343 commits

Author SHA1 Message Date
46db965846 Use mariadb version compatible with Debian 11
webdb is currently deployed on a Debian 11 system that comes with
mariadb client library version 10.5.23. The mariadb driver version broke
compatibilty in release 1.1.x. This commit ensures that versions below
1.1.x are used. This should be changed when upgrading the webdb systems
to Debian 12 or later.
2024-06-02 11:18:04 +00:00
c18f78741b Switch to Python 3.9 for Debian 11 compatibilty 2024-06-02 13:07:59 +02:00
fe02217028 Format using isort and black 2024-05-26 11:30:28 +02:00
52992aad46 Refactor and improve statistic script 2024-05-26 10:45:10 +02:00
ef68be8b60 Implement basic analyzer script 2024-05-26 10:44:53 +02:00
b3878cac77 Start Python database tooling 2024-05-26 10:44:39 +02:00
06aee033a7 Merge pull request 'Replace http links with https' (!18) from use-https-for-verification-links into main
Reviewed-on: #18
Reviewed-by: Kim Nilsson <knilsson@cacert.org>
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:46:40 +00:00
c61f0c4519 Merge branch 'main' into use-https-for-verification-links 2024-05-20 10:46:16 +00:00
408796eaf0 Merge pull request 'Improve client certificate issuing' (!17) from fix-client-cert-issues into main
Reviewed-on: #17
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:46:01 +00:00
844eb0fbf3 Merge branch 'main' into fix-client-cert-issues 2024-05-20 10:42:51 +00:00
abfce60ed4 Merge pull request 'Fix client certificate login' (!16) from fix-client-certificate-login into main
Reviewed-on: #16
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:35:30 +00:00
44987425dc Merge branch 'main' into fix-client-certificate-login 2024-05-20 10:35:19 +00:00
e021736c47 Merge pull request 'Add maintenance query to remove memid=0 emails' (!2) from fix-email-address-maintenance-bug-1543 into main
Reviewed-on: #2
Reviewed-by: Brian Mc Cullough <bmccullough@cacert.org>
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-20 10:34:39 +00:00
66daeb6fcd Merge branch 'main' into fix-email-address-maintenance-bug-1543 2024-05-20 10:34:13 +00:00
9626e7f6fc Fix initial index for email SAN lookup 2024-05-05 21:32:20 +02:00
5f89d48036 Remove leftover header call 2024-05-05 21:22:16 +02:00
3bf254e237 Use https links instead of http for registration 2024-05-05 20:16:09 +02:00
0f75bdcdac Use https links instead of http 2024-05-05 20:16:09 +02:00
9a672e9bf9 Improve client certificate issuing
- add more comprehensive message when a user does not select an email address or the SSO flag
- fix missing value for coll_found in emailcerts INSERT query
- handle database errors when the emailcerts INSERT query fails
2024-05-05 20:13:37 +02:00
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
e2f9138035 Merge pull request 'Ignore files that are dynamically generated' (!12) from update-gitignore into main
Reviewed-on: #12
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:42:35 +00:00
443467c435 Merge pull request 'Add class 3 root-certificates signed in 2021' (!13) from add-2021-class3-certificate-files into main
Reviewed-on: #13
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:41:26 +00:00
6e23a0bd87 Merge pull request 'Use Digest::SHA instead of removed Digest::SHA1' (!14) from fix-sha-digest-import into main
Reviewed-on: #14
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:39:03 +00:00
f14c9ad991 Merge pull request 'Remove locale/cv.c' (!15) from remove-unused-c-code into main
Reviewed-on: #15
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2024-05-04 13:37:24 +00:00
6d2da10fa2 Remove locale/cv.c
This change removes locale/cv.c. It does not seem to be used anywhere in
the current system. None of the current critical team members knows
about its history. It might have been replaced by
locale/escape_special_chars.php long ago.
2024-05-04 10:10:02 +02:00
5d9c8689cc Use Digest::SHA instead of removed Digest::SHA1
This fixes the Digest import in server.pl. Digest::SHA1 has long been
replaced by the more generic Digest::SHA.
2024-05-03 20:00:23 +02:00
6e3549c21a Add class 3 certificates signed in 2021
These files have been referenced in pages/index/3.php since commit
bf7dcbd0
2024-05-03 19:58:42 +02:00
03b6d7c4bf Ignore files that are dynamically generated 2024-05-03 19:54:16 +02:00
0dc3bd7626 Merge pull request 'Redirect to code.cacert.org for source code' (!11) from feature/replace-static-tarballs-with-code-reference into main
Reviewed-on: #11
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2023-09-17 09:18:01 +00:00
bf2ab338d1 Merge pull request 'Remove opinionated comments on hash algorithms' (!10) from bugfix/remove-opinionated-hash-algorithm-descriptions into main
Reviewed-on: #10
2023-09-17 09:12:18 +00:00
62dc71fb4d Redirect to code.cacert.org for source code 2023-09-17 11:11:03 +02:00
f6831c82af Remove opinionated comments on hash algorithms 2023-09-17 11:04:02 +02:00
efb9f4b461 Merge pull request 'Add missing closing a tag for link' (#9) from add-closing-tag-for-csr-app-link into main
Reviewed-on: #9
2023-09-17 08:59:39 +00:00
ccd5273c7b Add missing closing a tag for link 2023-09-17 10:49:48 +02:00
37fd9a3127 Merge pull request 'bugfix/1551-link-to-csr-app' (#8) from bugfix/1551-link-to-csr-app into main
Reviewed-on: #8
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2023-09-17 08:42:03 +00:00
3ecb1a6d1a Enable expert options by default
addresses https://bugs.cacert.org/view.php?id=1551
2023-09-16 21:28:23 +02:00
91f7e11751 Add link to new CSR generator application
addresses https://bugs.cacert.org/view.php?id=1551
2023-09-16 21:27:10 +02:00
53d4d108ce Merge pull request 'Remove old sponsoring links' (#7) from bugfix/1423-remove-tunix-and-oan-links into main
Reviewed-on: #7
Reviewed-by: Dirk Astrath <dirk@cacert.org>
2023-09-16 17:12:59 +00:00
df612b08ba Merge branch 'main' into fix-email-address-maintenance-bug-1543 2023-09-16 14:45:51 +00:00
3e25be237d Remove old sponsoring links
fixes https://bugs.cacert.org/view.php?id=1423
2023-09-16 16:23:16 +02:00
8521ac0719 Merge pull request 'Use integer values for type when inserting into ordomaincerts' (#3) from bugfix/1548-proper-type-for-orgdomain-insert into main
Reviewed-on: #3
2023-07-17 16:46:13 +00:00
6ddce57ded Merge branch 'main' into fix-email-address-maintenance-bug-1543 2023-07-16 20:27:35 +00:00
ae4f01bcbe Merge branch 'main' into bugfix/1548-proper-type-for-orgdomain-insert 2023-07-16 20:27:16 +00:00
c9ab54b30a Merge pull request 'Add migration script for missing users DEFAULTs' (#4) from bugfix/1549-add-missing-defaults-on-users-table into main
Reviewed-on: #4

Applied in prod by @dirk
2023-07-16 20:26:01 +00:00
10540621a8 Add migration script for missing users DEFAULTs
This commit adds a migration script to add missing DEFAULT values on the
users table. INSERTs into the users table fail without these DEFAULTs on
MariaDB in strict mode.
2023-07-14 18:18:49 +02:00
bdb30f8898 Use integer values for type when inserting into ordomaincerts
MySQL tolerated INSERTs of an empty string in the type column of the
ordomaincerts table. This commit uses an integer value of 0 as default
instead to ensure that MariaDB with strict settings accepts the INSERT
too.
2023-07-14 18:06:10 +02:00
508226374a Merge branch 'master' into fix-email-address-maintenance-bug-1543 2022-09-19 15:14:14 +00:00
2884caf1a5 Merge pull request 'Fix l10n handling on Debian 11' (#1) from fix-l10n-bug-1542 into master
Reviewed-on: #1
2022-07-07 17:02:14 +00:00
733949e467 Add maintenance query to remove memid=0 emails
This commit introduces a fix for wrongly inserted email addresses that
have a memid=0 field because of MariaDBs strict mode that was enabled
after moving from MySQL to MariaDB.

Fixes https://bugs.cacert.org/view.php?id=1543
2022-07-07 18:18:40 +02:00
687497c82f Fix l10n handling on Debian 11
Fixes bug #1542
2022-07-07 17:56:50 +02:00