cacert
/
cacert-webdb
8
0
Fork 0
Code Issues Pull Requests 4 Projects Releases 2 Wiki Activity

Compare commits

base: cacert:main
Branches Tags
cacert:main
cacert:add-quality-check-script
cacert:bug-1562
cacert:bug-1561
cacert:fix/bug-1550
cacert:v2023.09.16
cacert:v2024.05.20
..
compare: cacert:fix/bug-1550
Branches Tags
cacert:main
cacert:add-quality-check-script
cacert:bug-1562
cacert:bug-1561
cacert:fix/bug-1550
cacert:v2023.09.16
cacert:v2024.05.20

1 Commits
main ... fix/bug-15

Author SHA1 Message Date
bdmc c2f3370013 Modified page as per issue: bug-1550. 1 year ago
18 changed files with 322 additions and 425 deletions
Show Stats

11
.gitignore vendored
Unescape Escape View File

@ -5,14 +5,3 @@
# Ignore file with the account data
/password.dat
/CommModule/*-active
/CommModule/logfile*txt
/CommModule/nohup.out
/CommModule/serialserver.conf
/crt/
/csr/
/locale/cv
/pages/index/feed.rss
/www/*.crl
/www/*.crl.patch

2
CommModule/server.pl
Unescape Escape View File

@ -12,7 +12,7 @@ use File::CounterFile;
use Time::HiRes q(usleep);
use IPC::Open3;
use File::Copy;
use Digest::SHA qw(sha1_hex);
use Digest::SHA1 qw(sha1_hex);
#Protocol version:
my $ver=1;

36
includes/account.php
Unescape Escape View File

@ -156,7 +156,7 @@ function buildSubjectFromSession() {
$emailid = mysql_insert_id();
$body = _("Below is the link you need to open to verify your email address. Once your address is verified you will be able to start issuing certificates to your heart's content!")."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($_REQUEST['email'], "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
@ -253,8 +253,7 @@ function buildSubjectFromSession() {
if(!(array_key_exists('addid',$_REQUEST) && is_array($_REQUEST['addid'])) && $_REQUEST['SSO'] != '1')
{
showheader(_("My CAcert.org Account!"));
?><p><?= _("I didn't receive a valid Certificate Request, hit the back button and try again."); ?></p>
<p><?= _("You did not select any email address and did not check the SSO option."); ?></p><?
echo _("I didn't receive a valid Certificate Request, hit the back button and try again.");
showfooter();
exit;
}
@ -496,13 +495,8 @@ function buildSubjectFromSession() {
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."',
`coll_found`=0";
if (!mysql_query($query)) {
trigger_error("Query failed: " . mysql_errno() . ": " . mysql_error(), E_USER_ERROR);
}
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query);
$emailid = mysql_insert_id();
if(is_array($addys))
foreach($addys as $addy)
@ -520,7 +514,7 @@ function buildSubjectFromSession() {
{
$id = 4;
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
} else {
@ -671,7 +665,7 @@ function buildSubjectFromSession() {
$domainid = mysql_insert_id();
$body = sprintf(_("Below is the link you need to open to verify your domain '%s'. Once your address is verified you will be able to start issuing certificates to your heart's content!"),$_SESSION['_config']['domain'])."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=domain&domainid=$domainid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($authaddy, "[CAcert.org] "._("Email Probe"), $body, "support@cacert.org", "", "", "CAcert Support");
@ -783,7 +777,7 @@ function buildSubjectFromSession() {
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
}
@ -858,7 +852,7 @@ function buildSubjectFromSession() {
{
$id = 11;
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
} else {
@ -944,7 +938,7 @@ function buildSubjectFromSession() {
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
$crt_name = escapeshellarg($drow['crt_name']);
@ -1108,7 +1102,7 @@ function buildSubjectFromSession() {
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
printf(_("Certificate for '%s' has been renewed."), $row['CN']);
echo "<br/>\n<a href='account.php?id=6&cert=$newid' target='_new'>".
@ -1662,7 +1656,7 @@ function buildSubjectFromSession() {
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
} else {
@ -1918,7 +1912,7 @@ function buildSubjectFromSession() {
if(!file_exists($_SESSION['_config']['tmpfname']))
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
}
@ -2016,7 +2010,7 @@ function buildSubjectFromSession() {
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." CSRid: $CSRid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
} else {
@ -2088,7 +2082,7 @@ function buildSubjectFromSession() {
$res = mysql_query($query);
if(mysql_num_rows($res) <= 0)
{
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions.")." newid: $newid", "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
} else {
$drow = mysql_fetch_assoc($res);
$crtname = escapeshellarg($drow['crt_name']);
@ -2898,7 +2892,7 @@ function buildSubjectFromSession() {
if(mysql_num_rows($res) <= 0)
{
showheader(_("My CAcert.org Account!"));
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='https://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
printf(_("Your certificate request has failed to be processed correctly, see %sthe WIKI page%s for reasons and solutions."), "<a href='http://wiki.cacert.org/wiki/FAQ/CertificateRenewal'>", "</a>");
showfooter();
exit;
} else {

4
includes/lib/account.php
Unescape Escape View File

@ -120,7 +120,7 @@ class HashAlgorithms {
return array(
'sha256' => array(
'name' => 'SHA-256',
'info' => '',
'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
),
'sha384' => array(
'name' => 'SHA-384',
@ -128,7 +128,7 @@ class HashAlgorithms {
),
'sha512' => array(
'name' => 'SHA-512',
'info' => '',
'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
),
);
}

93
includes/lib/general.php
Unescape Escape View File

@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) CAcert Inc.
Copyright (C) 2004-2011 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -16,91 +16,32 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
/**
* Walk through the email address environment variables that Apache httpd
* might have set and put them into an array.
*
* The function ensures that unique addresses are returned.
*
* @return array
*/
function get_email_addresses_from_client_cert() {
$addresses = array();
$maxAddresses = 10; // implement a hard boundary to avoid endless loop
// try SAN email addresses first
$envNameBase = "SSL_CLIENT_SAN_Email";
for ($i = 0; $i <= $maxAddresses; $i++) {
$envName = sprintf("%s_%d", $envNameBase, $i);
if (!array_key_exists($envName, $_SERVER)) {
break;
}
$addresses[] = $_SERVER[$envName];
}
if (count($addresses) > 0) {
return array_unique($addresses);
}
// fallback for older Apache httpd versions that do not support email SAN fields
$envNameBase = "SSL_CLIENT_S_DN_Email";
if (array_key_exists($envNameBase, $_SERVER)) {
$addresses[] = $_SERVER[$envNameBase];
}
for ($i = 1; $i <= $maxAddresses; $i++) {
$envName = sprintf("%s_%d", $envNameBase, $i);
if (array_key_exists($envName, $_SERVER)) {
$addresses[] = $_SERVER[$envName];
}
}
return array_unique($addresses);
}
/**
* Checks if the user may log in and retrieve the user id
*
* Usually called with $_SERVER['SSL_CLIENT_M_SERIAL'] and
* $_SERVER['SSL_CLIENT_I_DN_CN']
* $_SERVER['SSL_CLIENT_I_DN_CN']
*
* @param $serial string
* usually $_SERVER['SSL_CLIENT_M_SERIAL']
* usually $_SERVER['SSL_CLIENT_M_SERIAL']
* @param $issuer_cn string
* usually $_SERVER['SSL_CLIENT_I_DN_CN']
* @param $addresses array
* list of email addresses from the certificate
* usually $_SERVER['SSL_CLIENT_I_DN_CN']
* @return int
* the user id, -1 in case of error
*
* @see get_email_addresses_from_client_cert()
* the user id, -1 in case of error
*/
function get_user_id_from_cert($serial, $issuer_cn, $addresses) {
$addresses_for_sql = array_map('mysql_real_escape_string', $addresses);
$query = sprintf("SELECT DISTINCT ec.`memid`
FROM `emailcerts` ec
JOIN root_certs r ON r.id = ec.rootcert
JOIN email e ON ec.memid = e.memid
WHERE ec.serial = '%s'
AND r.`Cert_Text` = '%s'
AND e.email IN ('%s')
AND ec.revoked = 0
AND ec.disablelogin = 0
AND UNIX_TIMESTAMP(ec.expire) > UNIX_TIMESTAMP()", mysql_real_escape_string($serial),
mysql_real_escape_string($issuer_cn), implode("', '", $addresses_for_sql));
function get_user_id_from_cert($serial, $issuer_cn)
{
$query = "select `memid` from `emailcerts` where
`serial`='".mysql_escape_string($serial)."' and
`rootcert`= (select `id` from `root_certs` where
`Cert_Text`='".mysql_escape_string($issuer_cn)."') and
`revoked`=0 and disablelogin=0 and
UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
$res = mysql_query($query);
if ($res === false) {
trigger_error(sprintf("MySQL error %d: %s", mysql_errno(), mysql_error()));
return -1;
}
if (mysql_num_rows($res) === 1) {
$row = mysql_fetch_row($res);
return intval($row[0]);
if(mysql_num_rows($res) > 0)
{
$row = mysql_fetch_assoc($res);
return intval($row['memid']);
}
return -1;

2
includes/loggedin.php
Unescape Escape View File

@ -54,7 +54,7 @@
if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
{
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN'], get_email_addresses_from_client_cert());
$_SERVER['SSL_CLIENT_I_DN_CN']);
if($user_id >= 0)
{

2
includes/sponsorinfo.php
Unescape Escape View File

@ -1,6 +1,8 @@
<div class="sponsorinfo">
<?=_("CAcert operations are sponsored by")?>
<a href="http://www.bit.nl/" target="_blank"><img class="sponsorlogo" src="/images/bit.png" alt="[BIT logo]" border="0"></a>
<a href="http://www.tunix.nl/" target="_blank"><img class="sponsorlogo" src="/images/tunix.png" alt="[TUNIX logo]" border="0"></a>
<a href="http://www.nlnet.nl/" target="_blank"><img class="sponsorlogo" src="/images/nlnet.png" alt="[NLnet logo]" border="0"></a>
<a href="http://www.openarchitecturenetwork.org/" target="_blank"><img class="sponsorlogo" src="/images/oan.png" alt="[OAN logo]" border="0"></a>
</div>

102
locale/cv.c
Unescape Escape View File

@ -0,0 +1,102 @@
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
typedef unsigned char uchar;
typedef struct{char * nm; int v;} vp;
vp vpl[] = {
{"nbsp", 160}, {"lt",0x3c}, {"amp", 38},
{"eacute", 233}, {"egrave", 232}, {"ouml", 246},
{"alpha", 0x3b1}, {"beta", 0x3b2}, {"gamma", 0x3b3},
{"delta", 0x3b4}, {"Delta", 0x394},
{"sigma", 0x3c3}, {"Sigma", 0x3a3},
{"epsilon", 0x3b5}, {"zeta", 0x3b6},
{"theta", 0x3b8}, {"mu", 0x3bc},
{"phi", 0x3c6},
{"omega", 0x3c9},
{"lambda", 0x3bb}, {"rho", 0x3c1},
{"pi", 0x3c0}, {"Pi", 0x3a0},
{"ndash", 0x2013}, {"mdash", 0x2014},
{"and", 8743}, {"rarr", 8594}, {"forall", 0x2200},
{"sum", 8721}};
int cc = 0; // count of conversions.
static void Utf(int m, uint a){
if (a & m) {Utf(m>>1, a>>6); putchar(128 | a & 63);}
else putchar((m<<1)&255 | a);}
static void utf8(uint a){
if(a == '<') printf("%s", "&lt;");
else if(a == '&') printf("%s", "&amp;");
else if(a & -128) {++cc;
Utf(-32, a>>6); putchar(128 | a & 63);} else putchar(a);}
char * em[] = {"", "tag", "quoted string", "utf", "character ref"};
int lc = 1, cil = 0, tcc=0;
char gc(int x){char c = getchar();
if(c == EOF && feof(stdin)) {
if(x) fprintf(stderr, "file ended in %s\n", em[x]);
fprintf(stderr, "Converted %d characters\n", cc);
exit(0);}
if(c == 10 || c == 13) {tcc += cil; cil = 0; ++lc;}
++cil; return c;}
void loc(){fprintf(stderr, "Ending at byte %d of line %d,"
"(or 0x%x in file):\n", cil, lc, tcc+cil);}
char gx(){char c = gc(3); if ((c&0xc0) != 0x80)
{loc(); fprintf(stderr, "Bad utf8 extension byte: %02X\n", c);}
return c;}
int main(int argc, char * * args){
int bk = argc == 2;
while(1){
int vx(int x){if((x & 0xffffffe0) == 0x80){
if(x == 150) return 8211;
if(x == 151) return 8212;
loc(); fprintf(stderr, "Invalid character: 0x%x=%d\n", x, x);}
return x;}
uchar c = gc(0);
if(c == '<'){putchar(c); while(1){char c = gc(1);
if(c == '"'){putchar(c); while(1){char c = gc(2);
if(c == '"'){putchar(c); break;}
else putchar(c);}}
else if(c == '>'){putchar(c); break;}
else putchar(c);}}
else if(bk && c > 127){int v=0, sc=0, C=c;
while(C&0x40){C <<=1; v = (v<<6) | gx() & 0x3f; ++sc;}
{int uc = vx(v | (0x3f>>sc & (int)c) << 6*sc);
{int k = sizeof(vpl)/sizeof(vp);
while(k--) if(uc == vpl[k].v)
{printf("&%s;", vpl[k].nm); goto end;}}
printf("&#x%x;", uc);}
end: ++cc;}
else if(!bk && c == '&') {char c = gc(4);
int gs(char c, int r){
int vd(char c){if('0' <= c && c <= '9') return c - '0';
{char lc = tolower(c);
if(r == 16 && 'a' <= lc && lc <= 'f') return lc - 'a' + 10;
loc();
fprintf(stderr, "Invalid digit folowing \"&#\" construct.");
exit(0);
return 0;}}
int k = vd(c);
while(1){char c = gc(4); if(c == ';') return k;
k = r*k + vd(c);}}
if(c == '#') {char c = gc(4);
utf8(vx(c == 'x' || c == 'X' ? gs('0', 16) : gs(c, 10)));}
else {int k = sizeof(vpl)/sizeof(vp);
char st[10]; st[0] = c;
{int n; for(n=1; n<10; ++n) {char c = gc(4);
if(c == ';') goto e1;
if(!isalpha(c)) break;
st[n] = c;}
loc(); fprintf(stderr, "%s reference\n",
n>10?"Verbose":"Invalid");
continue;
e1: st[n] = 0;
// loc(); fprintf(stderr, "string is <%s>.\n", st);
while(k--) if(!strcmp(st, vpl[k].nm)) {
utf8(vpl[k].v); break;}
if(k<0) {loc();
fprintf(stderr, "Unrecognized reference: &%s;\n", st);}}}}
else if(c > 127) {loc(); fprintf(stderr, "Non ASCII char.\n");}
else putchar(c);
}
return 0;
}

282
pages/account/3.php
Unescape Escape View File

@ -17,156 +17,182 @@
*/
include_once("../includes/shutdown.php");
?>
<h3><?=_("CAcert Certificate Acceptable Use Policy")?></h3>
<p><?=_("Once you decide to subscribe for an SSL Client Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement.")?></p>
<h3><?= _( "CAcert Certificate Acceptable Use Policy" ) ?></h3>
<p><?= _( "Once you decide to subscribe for an SSL Server Certificate you will need to complete this agreement. Please read it carefully. Your Certificate Request can only be processed with your acceptance and understanding of this agreement." ) ?></p>
<p><?=_("I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for a Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors.")?></p>
<p><?= _( "I hereby represent that I am fully authorized by the owner of the information contained in the CSR sent to CAcert Inc. to apply for an Digital Certificate for secure and authenticated electronic transactions. I understand that a digital certificate serves to identify the Subscriber for the purposes of electronic communication and that the management of the private keys associated with such certificates is the responsibility of the subscriber's technical staff and/or contractors." ) ?></p>
<p><?=_("CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Client Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at")?> <a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
<p><?= _( "CAcert Inc.'s public certification services are governed by a CPS as amended from time to time which is incorporated into this Agreement by reference. The Subscriber will use the SSL Server Certificate in accordance with CAcert Inc.'s CPS and supporting documentation published at" ) ?>
<a href="http://www.cacert.org/cps.php">http://www.cacert.org/cps.php</a></p>
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<h4><?= _("There is a new method for generating a CSR for this page.") ?></h5>
<p><?= _("It is completely described in https://wiki.cacert.org/TutorialsHowto/Generate-new-CSR, which you should follow. At the point where it says \"Copy CSR to Clipboard\" do that and come back to this page and paste the result into the textbox at the bottom of this page.") ?></p>
<p><a href='https://community.cacert.org/clientcert' target=_blank ><?= _("Here is a link to that procedure. It will open in a new tab.") ?></a></p>
<p><?= _( "If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence." ) ?></p>
<form method="post" action="account.php">
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td colspan="2" class="title"><?=_("New Client Certificate")?></td>
</tr>
<tr>
<td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td>
</tr>
<?
$query = "select * from `email` where `memid`='" . intval($_SESSION[ 'profile' ][ 'id' ] ) . "' and `deleted`=0 and `hash`=''";
$res = mysql_query($query );
while ($row = mysql_fetch_assoc($res))
{ ?>
<table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id']) ?>" name="addid[]" value="<?=intval($row['id']) ?>"></td>
<td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
<td colspan="2" class="title"><?= _( "New Client Certificate" ) ?></td>
</tr>
<? }
if ($_SESSION[ 'profile' ][ 'points' ] >= 50 )
{
$fname = $_SESSION[ 'profile' ][ 'fname' ];
$mname = $_SESSION[ 'profile' ][ 'mname' ];
$lname = $_SESSION[ 'profile' ][ 'lname' ];
$suffix = $_SESSION[ 'profile' ][ 'suffix' ];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked"/>
<label for="incname0"><?= _("No Name") ?></label><br/>
<? if ($fname && $lname ) { ?>
<input type="radio" id="incname1" name="incname" value="1"/>
<label for="incname1"><?= _("Include") ?> '<?= $fname . " " . $lname ?>'</label><br/>
<? } ?>
<? if ($fname && $mname && $lname ) { ?>
<input type="radio" id="incname2" name="incname" value="2"/>
<label for="incname2"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname ?> '</label><br/>
<? } ?>
<? if ($fname && $lname && $suffix ) { ?>
<input type="radio" id="incname3" name="incname" value="3"/>
<label for="incname3"><?= _("Include") ?> '<?= $fname . " " . $lname . " " . $suffix ?> '</label><br/>
<? } ?>
<? if ($fname && $mname && $lname && $suffix ) { ?>
<input type="radio" id="incname4" name="incname" value="4"/>
<label for="incname4"><?= _("Include") ?> '<?= $fname . " " . $mname . " " . $lname . " " . $suffix ?>'</label><br/>
<? } ?>
</td>
<td class="DataTD"><?= _( "Add" ) ?></td>
<td class="DataTD"><?= _( "Address" ) ?></td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked"/>
</td>
<td class="DataTD" align="left">
<label for="login"><?= _("Enable certificate login with this certificate") ?><br/>
<?= _("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?= _("Optional comment, only used in the certificate overview") ?></label><br/>
<input type="text" id="description" name="description" maxlength="100" size="100"/>
</td>
</tr>
<?
$query = "select * from `email` where `memid`='" . intval( $_SESSION[ 'profile' ][ 'id' ] ) . "' and `deleted`=0 and `hash`=''";
$res = mysql_query( $query );
while ( $row = mysql_fetch_assoc( $res ) ) { ?>
<tr>
<td class="DataTD"><input type="checkbox" id="addid<?= intval( $row[ 'id' ] ) ?>" name="addid[]"
value="<?= intval( $row[ 'id' ] ) ?>"></td>
<td class="DataTD" align="left"><label
for="addid<?= intval( $row[ 'id' ] ) ?>"><?= sanitizeHTML( $row[ 'email' ] ) ?></label>
</td>
</tr>
<? }
if ( $_SESSION[ 'profile' ][ 'points' ] >= 50 ) {
$fname = $_SESSION[ 'profile' ][ 'fname' ];
$mname = $_SESSION[ 'profile' ][ 'mname' ];
$lname = $_SESSION[ 'profile' ][ 'lname' ];
$suffix = $_SESSION[ 'profile' ][ 'suffix' ];
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="incname0" name="incname" value="0" checked="checked"/>
<label for="incname0"><?= _( "No Name" ) ?></label><br/>
<? if ( $fname && $lname ) { ?>
<input type="radio" id="incname1" name="incname" value="1"/>
<label for="incname1"><?= _( "Include" ) ?> '<?= $fname . " " . $lname ?>'</label><br/>
<? } ?>
<? if ( $fname && $mname && $lname ) { ?>
<input type="radio" id="incname2" name="incname" value="2"/>
<label for="incname2"><?= _( "Include" ) ?> '<?= $fname . " " . $mname . " " . $lname ?>
'</label><br/>
<? } ?>
<? if ( $fname && $lname && $suffix ) { ?>
<input type="radio" id="incname3" name="incname" value="3"/>
<label for="incname3"><?= _( "Include" ) ?> '<?= $fname . " " . $lname . " " . $suffix ?>
'</label><br/>
<? } ?>
<? if ( $fname && $mname && $lname && $suffix ) { ?>
<input type="radio" id="incname4" name="incname" value="4"/>
<label for="incname4"><?= _( "Include" ) ?>
'<?= $fname . " " . $mname . " " . $lname . " " . $suffix ?>'</label><br/>
<? } ?>
</td>
</tr>
<? } ?>
<?
if($_SESSION['profile']['points'] >= 50)
{
?>
<tr>
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked"/> <label for="root2"><?= _("Sign by class 3 root certificate") ?></label><br/>
<?= str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125 ) ) ?>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="login" name="login" value="1" checked="checked"/>
</td>
<td class="DataTD" align="left">
<label for="login"><?= _( "Enable certificate login with this certificate" ) ?><br/>
<?= _( "By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ ." ) ?>
</label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<label for="description"><?= _( "Optional comment, only used in the certificate overview" ) ?></label><br/>
<input type="text" id="description" name="description" maxlength="100" size="100"/>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2" align="left">
<?= _("Hash algorithm used when signing the certificate:") ?><br/>
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info ) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?= $algorithm ?>" <?= (HashAlgorithms::$default === $algorithm) ? 'checked="checked"' : '' ?> />
<label for="hash_alg_<?= $algorithm ?>"><?= $display_info[ 'name' ] ?><?= $display_info[ 'info' ] ? ' - ' . $display_info[ 'info' ] : '' ?></label><br/>
<?
}
?>
<input type="radio" id="root2" name="rootcert" value="2" checked="checked"/> <label
for="root2"><?= _( "Sign by class 3 root certificate" ) ?></label><br/>
<?= str_replace( "\n", "<br />\n", wordwrap( _( "Please note: Since you are using a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain." ), 125 ) ) ?>
</td>
</tr>
<? if ($_SESSION[ 'profile' ][ 'points' ] >= 100 && $_SESSION[ 'profile' ][ 'codesign' ] > 0 ) { ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="codesign" name="codesign" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="codesign"><?= _("Code Signing") ?><br/>
<?= _("Please note: By ticking this box you will automatically have your name included in the certificate.") ?></label>
</td>
<tr name="expertoff" style="display:none">
<td class="DataTD">
<input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)"/>
</td>
<td class="DataTD" align="left">
<label for="expertbox"><?= _( "Show advanced options" ) ?></label>
</td>
</tr>
<? } ?>
<tr>
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="SSO"><?= _("Add Single Sign On ID Information") ?><br/>
<?= str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125 ) ) ?>
<a href="http://wiki.cacert.org/wiki/SSO"><?= _("SSO WIKI Entry") ?></a></label>
</td>
</tr>
<tr>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<?= _( "Hash algorithm used when signing the certificate:" ) ?><br/>
<?
foreach ( HashAlgorithms::getInfo() as $algorithm => $display_info ) {
?>
<input type="radio" id="hash_alg_<?= $algorithm ?>" name="hash_alg"
value="<?= $algorithm ?>" <?= (HashAlgorithms::$default === $algorithm) ? 'checked="checked"' : '' ?> />
<label for="hash_alg_<?= $algorithm ?>"><?= $display_info[ 'name' ] ?><?= $display_info[ 'info' ] ? ' - ' . $display_info[ 'info' ] : '' ?></label>
<br/>
<?
}
?>
</td>
</tr>
<? if ( $_SESSION[ 'profile' ][ 'points' ] >= 100 && $_SESSION[ 'profile' ][ 'codesign' ] > 0 ) { ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="codesign" name="codesign" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="codesign"><?= _( "Code Signing" ) ?><br/>
<?= _( "Please note: By ticking this box you will automatically have your name included in the certificate." ) ?>
</label>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1"/>
</td>
<td class="DataTD" align="left">
<label for="SSO"><?= _( "Add Single Sign On ID Information" ) ?><br/>
<?= str_replace( "\n", "<br>\n", wordwrap( _( "By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it." ), 125 ) ) ?>
<a href="http://wiki.cacert.org/wiki/SSO"><?= _( "SSO WIKI Entry" ) ?></a></label>
</td>
</tr>
<td class="DataTD" colspan="2">
<label for="optionalCSR"><?= _("Paste Client CSR here") ?></label><br/>
<label for="optionalCSR"><?= _( "Client CSR, no information on the certificate will be used" ) ?></label><br/>
<textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
</td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" id="CCA" name="CCA"/>
</td>
<td class="DataTD" align="left">
<label for="CCA"><strong><?= sprintf(_("I accept the CAcert Community Agreement (%s)."), "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>") ?></strong><br/>
<?= _("Please note: You need to accept the CCA to proceed.") ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?= _("Next") ?>"/></td>
</tr>
<tr>
<td class="DataTD">
<input type="checkbox" id="CCA" name="CCA"/>
</td>
<td class="DataTD" align="left">
<label for="CCA"><strong><?= sprintf( _( "I accept the CAcert Community Agreement (%s)." ), "<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>" ) ?></strong><br/>
<?= _( "Please note: You need to accept the CCA to proceed." ) ?></label>
</td>
</tr>
<tr>
<td class="DataTD" colspan="2"><input type="submit" name="process" value="<?= _( "Next" ) ?>"/></td>
</tr>
</table>
<input type="hidden" name="oldid" value="<?= $id ?>"/>
<input type="hidden" name="oldid" value="<?= $id ?>"/>
</form>
<script language="javascript">
function showExpert(a) {
b = document.getElementsByName("expert");
for (i = 0; b.length > i; i++) {
if (!a) {
b[i].setAttribute("style", "display:none");
} else {
b[i].removeAttribute("style");
}
}
b = document.getElementsByName("expertoff");
for (i = 0; b.length > i; i++) {
b[i].removeAttribute("style");
}
}
showExpert(false);
</script>

6
scripts/cron/removedead.php
Unescape Escape View File

@ -39,12 +39,6 @@
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
mysql_query($query);
// removes entries that where introduced due to missing/wrong default value
// in MariaDB strict mode, see https://bugs.cacert.org/view.php?id=1543
$query = "delete from `email` where `memid`=0 and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 172800";
mysql_query($query);
$query = "delete from `disputedomain` where `hash`!='' and
(UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`created`)) >= 21600";
mysql_query($query);

37
www/certs/CAcert_Class3Root_x14E228.crt
Unescape Escape View File

@ -1,37 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

BIN
www/certs/CAcert_Class3Root_x14E228.der
View File

Binary file not shown.

132
www/certs/CAcert_Class3Root_x14E228.txt
Unescape Escape View File

@ -1,132 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1368616 (0x14e228)
Signature Algorithm: sha512WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
Validity
Not Before: Apr 19 12:18:30 2021 GMT
Not After : Apr 17 12:18:30 2031 GMT
Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
05:fb:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Authority Information Access:
OCSP - URI:http://ocsp.CAcert.org/
CA Issuers - URI:http://www.CAcert.org/class3.crt
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.18506.2.3.1
CPS: http://www.CAcert.org/cps.php
X509v3 CRL Distribution Points:
Full Name:
URI:https://www.cacert.org/class3.crl
Signature Algorithm: sha512WithRSAEncryption
c6:1e:ad:77:5c:b4:28:9b:d1:c8:8d:44:12:c0:bd:76:76:04:
83:21:07:f8:11:82:7f:6b:c1:95:42:c0:38:11:b5:25:70:8d:
8b:0c:c1:d5:6c:fd:1c:1a:03:7c:8b:f8:06:31:a5:9d:de:41:
29:d4:8b:9b:84:d7:3d:c1:37:86:71:a3:1f:5b:61:29:1e:5d:
77:7d:bb:f0:ad:b9:15:19:13:14:e6:35:80:ff:a6:19:b4:37:
85:94:41:e8:88:c3:5f:e0:b2:06:a4:bb:f8:40:a9:1d:39:ac:
ed:ea:3f:98:04:4d:f9:8c:f9:47:79:73:52:f5:ec:df:34:97:
fb:3e:77:e0:dc:d1:83:88:ba:88:73:47:5a:a6:a4:15:c4:0d:
70:0d:0f:9e:4b:13:07:7e:ef:18:3e:f9:a5:01:aa:79:29:b1:
e7:52:fa:53:3a:c8:a6:7f:b6:ef:89:a1:b1:a1:4d:2f:ce:63:
85:7f:a5:2a:e9:3b:d4:c1:a3:cf:0a:13:85:bb:99:d7:9c:66:
90:84:e7:66:d4:50:b3:a1:e1:2d:22:2a:25:68:c3:20:b2:2b:
c4:ba:98:1d:e8:4a:ef:5c:58:c2:b4:4d:84:56:f7:4e:bb:16:
68:42:6c:92:b8:6f:78:cd:0e:b3:fb:ef:a0:b3:64:87:f2:f7:
88:44:39:fc:b9:e6:2c:c0:98:24:d4:40:2c:5e:c8:ee:0b:1d:
b8:02:4d:26:b8:0a:18:c6:2f:1e:4b:75:6e:8f:2e:21:73:bc:
c2:03:55:ee:aa:14:e0:9a:1a:07:53:0b:df:44:14:a8:67:05:
af:44:c8:d3:a1:45:76:02:b6:7f:0c:b9:86:e9:4f:c6:6e:b0:
bb:15:b4:bf:e8:80:b5:76:31:fe:64:64:c1:0a:58:6d:c5:50:
b6:b2:03:bf:1d:42:4f:59:39:d1:c4:31:8b:e8:c8:2a:39:1c:
15:61:f0:de:40:68:0e:70:a8:b3:4f:ee:91:e8:0f:4f:b6:90:
9e:4d:80:6c:be:1c:ee:70:a4:b8:07:04:2b:0d:41:02:54:84:
4e:47:ea:8b:96:ed:76:58:61:e7:c3:21:7b:06:6f:d4:b7:0b:
e7:34:32:83:cc:35:a6:e7:25:4f:7c:17:42:fc:bc:57:03:c6:
9f:42:7f:98:60:f8:80:b2:d9:f6:b1:9c:1c:35:04:0a:89:31:
16:85:a4:fa:ee:4c:09:c5:6a:98:66:ec:c8:6e:2a:e6:cb:92:
dc:23:6c:96:c1:d4:45:f3:3c:6d:02:b8:a0:bb:c7:47:c2:c2:
1c:40:4c:45:c7:45:06:7f:3b:71:2b:ce:2b:a7:81:d6:47:46:
28:b0:3c:ca:65:f1:66:9f
-----BEGIN CERTIFICATE-----
MIIGPTCCBCWgAwIBAgIDFOIoMA0GCSqGSIb3DQEBDQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTIxMDQxOTEyMTgzMFoXDTMxMDQxNzEyMTgzMFowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjgfIwge8wDwYDVR0TAQH/BAUwAwEB/zBhBggrBgEFBQcBAQRVMFMw
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLkNBY2VydC5vcmcvMCwGCCsGAQUFBzAC
hiBodHRwOi8vd3d3LkNBY2VydC5vcmcvY2xhc3MzLmNydDBFBgNVHSAEPjA8MDoG
CysGAQQBgZBKAgMBMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9jcHMucGhwMDIGA1UdHwQrMCkwJ6AloCOGIWh0dHBzOi8vd3d3LmNhY2VydC5v
cmcvY2xhc3MzLmNybDANBgkqhkiG9w0BAQ0FAAOCAgEAxh6td1y0KJvRyI1EEsC9
dnYEgyEH+BGCf2vBlULAOBG1JXCNiwzB1Wz9HBoDfIv4BjGlnd5BKdSLm4TXPcE3
hnGjH1thKR5dd3278K25FRkTFOY1gP+mGbQ3hZRB6IjDX+CyBqS7+ECpHTms7eo/
mARN+Yz5R3lzUvXs3zSX+z534NzRg4i6iHNHWqakFcQNcA0PnksTB37vGD75pQGq
eSmx51L6UzrIpn+274mhsaFNL85jhX+lKuk71MGjzwoThbuZ15xmkITnZtRQs6Hh
LSIqJWjDILIrxLqYHehK71xYwrRNhFb3TrsWaEJskrhveM0Os/vvoLNkh/L3iEQ5
/LnmLMCYJNRALF7I7gsduAJNJrgKGMYvHkt1bo8uIXO8wgNV7qoU4JoaB1ML30QU
qGcFr0TI06FFdgK2fwy5hulPxm6wuxW0v+iAtXYx/mRkwQpYbcVQtrIDvx1CT1k5
0cQxi+jIKjkcFWHw3kBoDnCos0/ukegPT7aQnk2AbL4c7nCkuAcEKw1BAlSETkfq
i5btdlhh58MhewZv1LcL5zQyg8w1puclT3wXQvy8VwPGn0J/mGD4gLLZ9rGcHDUE
CokxFoWk+u5MCcVqmGbsyG4q5suS3CNslsHURfM8bQK4oLvHR8LCHEBMRcdFBn87
cSvOK6eB1kdGKLA8ymXxZp8=
-----END CERTIFICATE-----

4
www/index.php
Unescape Escape View File

@ -153,7 +153,7 @@ require_once('../includes/notary.inc.php');
{
include_once("../includes/lib/general.php");
$user_id = get_user_id_from_cert($_SERVER['SSL_CLIENT_M_SERIAL'],
$_SERVER['SSL_CLIENT_I_DN_CN'], get_email_addresses_from_client_cert());
$_SERVER['SSL_CLIENT_I_DN_CN']);
if($user_id >= 0)
{
@ -479,7 +479,7 @@ if ($oldid == 52 )
write_user_agreement($memid, "CCA", "account creation", "", 1);
$body = _("Thanks for signing up with CAcert.org, below is the link you need to open to verify your account. Once your account is verified you will be able to start issuing certificates till your hearts' content!")."\n\n";
$body .= "https://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= "http://".$_SESSION['_config']['normalhostname']."/verify.php?type=email&emailid=$emailid&hash=$hash\n\n";
$body .= _("Best regards")."\n"._("CAcert.org Support!");
sendmail($_SESSION['signup']['email'], "[CAcert.org] "._("Mail Probe"), $body, "support@cacert.org", "", "", "CAcert Support");

7
www/policy/CAcertCommunityAgreement.html
Unescape Escape View File

@ -68,8 +68,8 @@
<h4><a name="0.1">0.1</a> Terms</h4>
<ol>
<li>"CAcert" means CAcert Inc., a non-profit Association of Members.
Note that Association Members
<li>"CAcert" means CAcert Inc., a non-profit Association of Members
incorporated in New South Wales, Australia. Note that Association Members
are distinct from the Members defined here.</li>
<li>"Member" means you, a registered participant within CAcert's Community,
@ -295,7 +295,8 @@
<h4><a name="3.1">3.1</a> Governing Law</h4>
<p>This agreement is governed under the law of New South Wales, Australia.</p>
<p>This agreement is governed under the law of New South Wales, Australia,
being the home of the CAcert Inc. Association.</p>
<h4><a name="3.2">3.2</a> Arbitration as Forum of Dispute Resolution</h4>

8
www/policy/PrivacyPolicy.html
Unescape Escape View File

@ -99,7 +99,13 @@ Please see <a href='http://www.privacy.gov.au/'>http://www.privacy.gov.au/</a> f
Governmental warrants and civil supoenas will be processed through the dispute resolution system, which ensures that valid authority is given to whoever complies with the supoena or the warrant.
</p>
<p>If you need to contact us in writing, address your mail to the postal address of CAcert Inc. The current postal address of Cacert Inc. can be found on CAcert's web site.
<p>If you need to contact us in writing, address your mail to:</p>
<p>
CAcert Inc.<br />
PO Box 66 <br />
Oatley NSW 2223<br />
Australia
</p>
<p><a href="http://validator.w3.org/check?uri=referer"><img src="images/valid-html50-blue.png" alt="Valid HTML 5" height="31" width="88"></a></p>
</body>

2
www/policy/RootDistributionLicense.html
Unescape Escape View File

@ -51,7 +51,7 @@ Editor: Mark Lipscombe
<h2 id="g0.1">1. Terms </h2>
<p>
"CAcert Inc" means CAcert Incorporated, a non-profit association.
"CAcert Inc" means CAcert Incorporated, a non-profit association incorporated in New South Wales, Australia.
<br>
"CAcert Community Agreement" means the agreement entered into by each person wishing to RELY.
<br>

17
www/src-lic.php
Unescape Escape View File

@ -1,6 +1,6 @@
<? /*
LibreSSL - CAcert web application
Copyright (C) 2004-2023 CAcert Inc.
Copyright (C) 2004-2008 CAcert Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -17,10 +17,21 @@
*/
if(array_key_exists('iagree',$_REQUEST) && $_REQUEST['iagree'] == "yes")
{
header('Location: https://code.cacert.org/cacert/cacert-webdb/archive/main.tar.gz', TRUE, 302);
$output_file = $fname = readlink("../tarballs/current.tar.bz2");
header('Pragma: public');
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header('Content-Transfer-Encoding: none');
header('Content-Type: application/octetstream; name="' . $output_file . '"'); //This should work for IE & Opera
header('Content-Type: application/octet-stream; name="' . $output_file . '"'); //This should work for the rest
header('Content-Disposition: inline; filename="' . $output_file . '"');
header("Content-length: ".intval(filesize($_SESSION['_config']['filepath']."/tarballs/$fname")));
readfile($_SESSION['_config']['filepath']."/tarballs/$fname");
exit;
}
loadem("index");
showheader(_("CAcert Source License"));
?>

Write Preview
Loading…
Cancel
Save