Commit graph

347 commits

Author SHA1 Message Date
Brian McCullough
b74b33b446 Modified text as per https://lists.cacert.org/wws/arc/cacert-policy/2020-10/msg00008.html 2024-06-01 23:00:30 -04:00
c61f0c4519 Merge branch 'main' into use-https-for-verification-links 2024-05-20 10:46:16 +00:00
3bf254e237 Use https links instead of http for registration 2024-05-05 20:16:09 +02:00
560be526c4 Fix client certificate login
This change fixes the client certificate login for cases where duplicate
serial numbers have been issued and recorded in the emailcerts table.

Email addresses from the client certificate are used as an additional
matching parameter.

- includes/lib/general.php got a new function
  get_email_addresses_from_client_cert to create an array of email
  addresses from the environment variables set by Apache httpd
- includes/loggedin.php and www/index.php use the new function to pass
  email addresses to the get_user_id_from_cert function
- get_user_id_from_cert in includes/lib/general.php has been enhanced to
  use a JOIN over the emailcerts, root_certs and email tables. All
  parameters are escaped via mysql_real_escape_string
- SQL errors in get_user_id_from_cert are now handled
- a match from get_user_id_from_cert is only returned when there is
  exactly one row in the result set

The code and the used query have been tested with Apache 2.4.10 and PHP
5.6 from Debian Jessie and a MariaDB 10.11 in strict mode using a
container based test setup to match the current production setup as
close as possible.
2024-05-05 20:08:53 +02:00
6e3549c21a Add class 3 certificates signed in 2021
These files have been referenced in pages/index/3.php since commit
bf7dcbd0
2024-05-03 19:58:42 +02:00
62dc71fb4d Redirect to code.cacert.org for source code 2023-09-17 11:11:03 +02:00
Wytze van der Raay
9240496af8 Fixes for https://bugs.cacert.org/view.php?id=1305:
CAcert Class1 root certificate needs to be reissued with
an updated CDP and a SHA-based signature.
See the message thread preserved in
https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/
for more information on the re-signed root certificates
installed and enabled by this commit.
2019-04-10 09:39:33 +00:00
Wytze van der Raay
21ffacf9f2 Fixes for https://bugs.cacert.org/view.php?id=1305:
CAcert Class1 root certificate needs to be reissued with
an updated CDP and a SHA-based signature.
See the message thread preserved in
https://lists.cacert.org/wws/arc/cacert-systemlog/2016-03/
for more information on the re-signed root certificates
installed and enabled by this commit.
2019-04-10 09:37:24 +00:00
Wytze van der Raay
44a3943358 Fix for https://bugs.cacert.org/view.php?id=1341
"Rate limit for login attempts"
2015-03-13 09:02:26 +00:00
Wytze van der Raay
cd4a66bd06 Fix for https://bugs.cacert.org/view.php?id=1345
"replace DRAFT CCA with POLICY CCA"
2015-01-15 10:50:06 +00:00
Wytze van der Raay
86e2a3cb72 Re-instate NRPDisclaimerAndLicence.php which was indavertently removed by the previous
commit for https://bugs.cacert.org/view.php?id=1131
2015-01-09 10:17:54 +00:00
Wytze van der Raay
e2de6e8f7e Fix for https://bugs.cacert.org/view.php?id=1131
"Rename _all_ Policies from .php to .html and fix all links (was: Rename
PolicyOnPolicy.php to .html)"
2015-01-08 15:02:47 +00:00
Wytze van der Raay
ca85a98ce1 Fix for https://bugs.cacert.org/view.php?id=1131
"Rename _all_ Policies from .php to .html and fix all links (was: Rename
PolicyOnPolicy.php to .html)"
2015-01-08 14:56:23 +00:00
Wytze van der Raay
add8566161 Fix for https://bugs.cacert.org/view.php?id=28
"Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails"
2014-11-24 09:59:19 +00:00
Wytze van der Raay
4f70392a23 Fix for https://bugs.cacert.org/view.php?id=1273
"Replace all backtick operators with calls to runCommand() or shell_exec()"
2014-11-24 09:56:38 +00:00
Wytze van der Raay
ca2fe0bc16 Fix for https://bugs.cacert.org/view.php?id=1192
"Check on log into the account if user aggreed to CCA, if not prompt him an acception form"
2014-11-24 09:54:09 +00:00
Mendel Mobach
8be54e45e9 Fix for https://bugs.cacert.org/view.php?id=1339 2014-11-18 22:08:23 +00:00
Wytze van der Raay
87ee92e634 Fix for https://bugs.cacert.org/view.php?id=1293
"Replace CCA document with new DRAFT version"
2014-08-29 14:39:28 +00:00
Wytze van der Raay
0ea8880f4f Fix for https://bugs.cacert.org/view.php?id=1276
"Middle Initial Matching for uid on GPG identities"
2014-08-21 14:33:59 +00:00
Wytze van der Raay
e2e8259c68 Fix for https://bugs.cacert.org/view.php?id=1291
"Executable code can be entered in location field, executable on wot15"
2014-08-09 09:13:02 +00:00
Wytze van der Raay
f032d1f013 Fix for https://bugs.cacert.org/view.php?id=1226
"Add DoB to selection of assuree"
2014-07-16 10:36:31 +00:00
Wytze van der Raay
924e6b0337 Intermediate patch for https://bugs.cacert.org/view.php?id=807
"CAcert ignores signature algorithm from csr".

This patch introduces the UI for our members to choose which signature
algorithm they want their certificates signed with. Among the choices
are SHA-256, SHA-384 and SHA-512. Further choices may be included as our
signer and web frontend permit.
2014-06-13 16:00:16 +00:00
Wytze van der Raay
81932bfd0a Combined fixes for
- https://bugs.cacert.org/view.php?id=413
  "Add a web page indicating the certificate request is still pending"
- https://bugs.cacert.org/view.php?id=1138
  "Implement to log the SE activity"
- https://bugs.cacert.org/view.php?id=1221
  "Inconsistency in Assurance Management"
2014-06-07 09:14:52 +00:00
Mendel Mobach
1112d76dd5 fix for https://bugs.cacert.org/view.php?id=1272
"Arbitrary Code Execution via SQL injection on certain database fields"
2014-04-19 07:32:11 +00:00
Mendel Mobach
365a7272cf fix for https://bugs.cacert.org/view.php?id=1184
"hex2bin function"
2014-04-18 08:10:17 +00:00
Wytze van der Raay
35e318c03c Fix for https://bugs.cacert.org/view.php?id=1218
"client cert issued no longer exportable with private key (class3). IE10
certs usage broken"
2014-02-06 15:52:57 +00:00
Wytze van der Raay
c68de86c6d Fix for https://bugs.cacert.org/view.php?id=1137
"Record the CCA acception for entering an assurance"
2014-01-15 15:55:29 +00:00
Wytze van der Raay
32fca654cb Fix for https://bugs.cacert.org/view.php?id=1004
"performance of CAcert webserver is hampered by simultaneous stats.php
execution"
2013-11-20 16:05:13 +00:00
Wytze van der Raay
82b3c5f6a9 Fix for http://bugs.cacert.org/view.php?id=1199
"arbitrary code injection"
2013-10-16 10:43:34 +00:00
Wytze van der Raay
ae8f9f152b Fix for http://bugs.cacert.org/view.php?id=1182
"Fix Deprecation messages sqldump.php"
2013-10-16 10:42:36 +00:00
Wytze van der Raay
b57d4d8b17 Fix for http://bugs.cacert.org/view.php?id=1208
Improve readability of "Assure someone" page.
2013-10-16 10:41:21 +00:00
Wytze van der Raay
3dfac78f84 Jumbo patch for the following issues:
https://bugs.cacert.org/view.php?id=893
    Extend Delete account feature for support
  https://bugs.cacert.org/view.php?id=1123
    Add the Check CCA acception to all certificate creation processes
  https://bugs.cacert.org/view.php?id=1136
    Extend SE console with the functionality to revoke all user certificates of an user account
  https://bugs.cacert.org/view.php?id=1137
    Record the CCA acception for entering an assurance
  https://bugs.cacert.org/view.php?id=1177
    Combine wot.inc.php, notary.inc.php and temp-function.php
2013-09-06 15:21:06 +00:00
Wytze van der Raay
fe56243336 Fix for https://bugs.cacert.org/view.php?id=1198
"Change membership fee currency from USD to EUR"
2013-08-29 10:18:16 +00:00
Wytze van der Raay
715d1d7184 Fix for https://bugs.cacert.org/view.php?id=1199
"arbitrary code injection"
and for https://bugs.cacert.org/view.php?id=1200
"uses configuration files from world-writable directory"
2013-08-29 10:08:59 +00:00
root
47d3b2b0a2 Fix for http://bugs.cacert.org/view.php?id=782
Add "notes" field to certificate information.
2013-07-17 08:19:05 +00:00
Wytze van der Raay
e3836dd5cc Fix for http://bugs.cacert.org/view.php?id=1173
While email or domain dispute check if the request belongs to a locked account
and stop the process.
2013-07-15 08:38:31 +00:00
Wytze van der Raay
868ff702d5 Fix for http://bugs.cacert.org/view.php?id=1134
"Delete the board flag thourougly in all parts of our software"
2013-06-26 11:00:43 +00:00
Wytze van der Raay
98c8c419c8 Fix for https://bugs.cacert.org/view.php?id=1121
"Record the CCA acception for the account creation"
2013-05-15 09:37:21 +00:00
Wytze van der Raay
b07a80b336 Fix for https://bugs.cacert.org/view.php?id=1094
"Wrong information shown when disputing a domain that is part of a organisation account."
2013-05-14 09:05:11 +00:00
Wytze van der Raay
8c6630a282 Fix for https://bugs.cacert.org/view.php?id=1112
"Exchange the text on the TTP page according to the new TTP program"
2013-04-24 13:13:08 +00:00
Wytze van der Raay
a5c21831f9 Fix for https://bugs.cacert.org/view.php?id=1099
"Automatic CAcert's root certificate install on Windows via Internet Explorer"
2013-04-24 12:43:12 +00:00
Wytze van der Raay
b44c5dd1ca Fix for https://bugs.cacert.org/view.php?id=964
"VBscript, Weak Keys script 4.php, 17.php to combine / select box key
 size and lower limit to 2048" (Codename: Blackjack)
2013-02-27 10:30:49 +00:00
Wytze van der Raay
ac71b58807 Fix for https://bugs.cacert.org/view.php?id=795
"contact form does not signal whether filed request is senstive or open"
2013-01-17 15:08:07 +00:00
Wytze van der Raay
aff3516579 Fix for https://bugs.cacert.org/view.php?id=1133
"It should not be possible to assure a blocked account"
2013-01-17 15:06:35 +00:00
Wytze van der Raay
94e48cff5a Fix for https://bugs.cacert.org/view.php?id=1130
"Replace DisputeResolutionPolicy.html with rev p20121213"
2013-01-17 14:59:30 +00:00
Wytze van der Raay
825953e6b4 Fix for https://bugs.cacert.org/view.php?id=1009
"Exchange OA policy in the WebDB with the one in SVN (rev p20080401.1)"
2013-01-17 14:58:27 +00:00
Wytze van der Raay
2540dc0f86 Fix for http://bugs.cacert.org/view.php?id=888
"to add new assurance method TTP"
2013-01-17 14:55:28 +00:00
Wytze van der Raay
a63441653e Fix for https://bugs.cacert.org/view.php?id=1114
"Change CAcert postal address to the current one on index/11.php"
2012-12-11 14:33:11 +00:00
Wytze van der Raay
27236c1388 Fix for https://bugs.cacert.org/view.php?id=860
"someone accessed your password and secret questions page, plz change pwd translation mixed and garbled, text is tanslated in TL"
2012-11-01 13:57:40 +00:00
Wytze van der Raay
316ef65915 Fix for https://bugs.cacert.org/view.php?id=978
"Invalid SPKAC requests are not properly validated"
2012-10-31 10:03:33 +00:00