summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-01-15 01:25:47 +0100
committerMichael Tänzer <neo@nhng.de>2014-01-15 01:25:47 +0100
commit3213ce91971fd5976a1f31b0c24a822c01591911 (patch)
tree8971ced37d9004453950c2a7ee1d8531ccba5a57
parentbc5cb72198019f4b27aa8e11b250c65cc8ca5717 (diff)
parente525adb1fcd467f68b9d6f3b685f6736ad8e7b09 (diff)
downloadcacert-devel-3213ce91971fd5976a1f31b0c24a822c01591911.tar.gz
cacert-devel-3213ce91971fd5976a1f31b0c24a822c01591911.tar.xz
cacert-devel-3213ce91971fd5976a1f31b0c24a822c01591911.zip
Merge remote-tracking branch 'origin/bug-440' into release
-rw-r--r--includes/account.php124
-rw-r--r--pages/account/11.php86
-rw-r--r--pages/account/21.php74
3 files changed, 155 insertions, 129 deletions
diff --git a/includes/account.php b/includes/account.php
index 5be932b..7c3748d 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -22,6 +22,57 @@
loadem("account");
+/**
+ * Build a subject string as needed by the signer
+ *
+ * @param array(string) $domains
+ * First domain is used as CN and repeated in subjectAltName. Duplicates
+ * should already been removed
+ *
+ * @param bool $include_xmpp_addr
+ * [default: true] Whether to include the XmppAddr in the subjectAltName.
+ * This is needed if the Jabber server is jabber.example.com but a Jabber ID
+ * on that server would be alice@example.com
+ *
+ * @return string
+ */
+function buildSubject(array $domains, $include_xmpp_addr = true) {
+ $subject = "/CN=${domains[0]}";
+
+ foreach ($domains as $domain) {
+ $subject .= "/subjectAltName=DNS:$domain";
+
+ if ($include_xmpp_addr) {
+ $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$domain";
+ }
+ }
+
+ return $subject;
+}
+
+/**
+ * Builds the subject string from the session variables
+ * $_SESSION['_config']['rows'] and $_SESSION['_config']['altrows']
+ *
+ * @return string
+ */
+function buildSubjectFromSession() {
+ $domains = array();
+
+ if (is_array($_SESSION['_config']['rows'])) {
+ $domains = array_merge($domains, $_SESSION['_config']['rows']);
+ }
+
+ if (is_array($_SESSION['_config']['altrows']))
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ if (substr($row, 0, 4) === "DNS:") {
+ $domains[] = substr($row, 4);
+ }
+ }
+
+ return buildSubject(array_unique($domains));
+}
+
$id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0;
$oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0;
$process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : "";
@@ -741,35 +792,8 @@
exit;
}
- $subject = "";
- $count = 0;
- $supressSAN=0;
- if($_SESSION["profile"]["id"] == 104074) $supressSAN=1;
+ $subject = buildSubjectFromSession();
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- } else {
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- {
- if(substr($row, 0, 4) == "DNS:")
- {
- $row = substr($row, 4);
- if(!$supressSAN) $subject .= "/subjectAltName=DNS:$row";
- if(!$supressSAN) $subject .= "/subjectAltName=otherName:1.3.6.1.5.5.7.8.5;UTF8:$row";
- }
- }
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1;
@@ -795,7 +819,6 @@
echo _("Domain not verified.");
showfooter();
exit;
-
}
mysql_query($query);
@@ -894,29 +917,7 @@
continue;
}
- $subject = "";
- $count = 0;
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- {
- $count++;
- if($count <= 1)
- {
- $subject .= "/CN=$row";
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- } else {
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
- }
- }
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row)
- if(!strstr($subject, "=$row/") &&
- substr($subject, -strlen("=$row")) != "=$row")
- $subject .= "/subjectAltName=$row";
+ $subject = buildSubjectFromSession();
$subject = mysql_real_escape_string($subject);
mysql_query("update `domaincerts` set `subject`='$subject',`csr_name`='$newfile' where `id`='$newid'");
@@ -938,6 +939,7 @@
{
echo _("You did not select any certificates for renewal.");
}
+
showfooter();
exit;
}
@@ -1445,7 +1447,6 @@
if($oldid == 16 && $process != "")
{
-
if(array_key_exists('codesign',$_REQUEST) && $_REQUEST['codesign'] && $_SESSION['profile']['codesign'] && ($_SESSION['profile']['points'] >= 100))
{
$_REQUEST['codesign'] = 1;
@@ -1948,20 +1949,7 @@
//if($org['contact'])
// $csrsubject .= "/emailAddress=".trim($org['contact']);
- if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row)
- $csrsubject .= "/commonName=$row";
- $SAN="";
- if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $subalt)
- {
- if($SAN != "")
- $SAN .= ",";
- $SAN .= "$subalt";
- }
-
- if($SAN != "")
- $csrsubject .= "/subjectAltName=".$SAN;
+ $csrsubject .= buildSubjectFromSession();
$type="";
if($_REQUEST["ocspcert"]!="" && $_SESSION['profile']['admin'] == 1) $type="8";
@@ -2757,8 +2745,8 @@
sendmail($row['email'], "[CAcert.org] "._("Password Update Notification"), $body,
"support@cacert.org", "", "", "CAcert Support");
-
}
+
showfooter();
exit;
}
diff --git a/pages/account/11.php b/pages/account/11.php
index 4e070cb..5f94122 100644
--- a/pages/account/11.php
+++ b/pages/account/11.php
@@ -15,39 +15,61 @@
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/ ?>
+
<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
</p>
-<?// print_r($_SESSION['_config']['altrows']); ?>
+
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
+
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
+?></p>
+
<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<? if(1 == 0) { ?>
-<?=_("Organisation")?>: <?=$_SESSION['_config']['O']?><br>
-<?=_("Org. Unit")?>: <?=$_SESSION['_config']['OU']?><br>
-<?=_("Location")?>: <?=$_SESSION['_config']['L']?><br>
-<?=_("State/Province")?>: <?=$_SESSION['_config']['ST']?><br>
-<?=_("Country")?>: <?=$_SESSION['_config']['C']?><br>
-<?=_("Email Address")?>: <?=$_SESSION['_config']['emailAddress']?><br>
-<? } ?>
-<?=_("No additional information will be included on certificates because it can not be automatically checked by the system.")?>
-<? if(array_key_exists('rejected',$_SESSION['_config']) && is_array($_SESSION['_config']['rejected'])) { ?>
-<br><br><?=_("The following hostnames were rejected because the system couldn't link them to your account, if they are valid please verify the domains against your account.")?><br>
-<? foreach($_SESSION['_config']['rejected'] as $row) { ?>
-<?=_("Rejected")?>: <a href="account.php?id=7&amp;newdomain=<?=$row?>"><?=$row?></a><br>
-<? } } ?>
-<? if(is_array($_SESSION['_config']['rows']) || is_array($_SESSION['_config']['altrows'])) { ?>
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-<? } else { ?>
-<br><br><b><?=_("Unable to continue as no valid commonNames or subjectAltNames were present on your certificate request.")?></b>
-<? } ?>
+<?=_("No additional information will be included on certificates because it ".
+ "can not be automatically checked by the system.")?>
</p>
+
+<p><?
+if (array_key_exists('rejected',$_SESSION['_config']) &&
+ is_array($_SESSION['_config']['rejected'])) {
+ echo _("The following hostnames were rejected because the system couldn't ".
+ "link them to your account, if they are valid please verify the ".
+ "domains against your account."), "<br>\n";
+
+ foreach ($_SESSION['_config']['rejected'] as $row) {
+ echo _("Rejected");
+ echo ": <a href='account.php?id=7&amp;newdomain=$row'>$row</a><br>\n";
+ }
+}
+?></p>
+
+<?
+if (is_array($_SESSION['_config']['rows']) ||
+ is_array($_SESSION['_config']['altrows'])) {
+ ?>
+ <form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
+ </form>
+ <?
+} else {
+ ?>
+ <p>
+ <b><?=_("Unable to continue as no valid commonNames or ".
+ "subjectAltNames were present on your certificate request.")?></b>
+ </p>
+ <?
+}
diff --git a/pages/account/21.php b/pages/account/21.php
index 6c3786b..75827fb 100644
--- a/pages/account/21.php
+++ b/pages/account/21.php
@@ -14,41 +14,57 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-*/ ?>
-<?
- $org = $_SESSION['_config']['row'];
- if($org['id'] <= 0)
- $org = $_SESSION['_config']['altrow'];
+*/
+
+$org = $_SESSION['_config']['row'];
+if ($org['id'] <= 0) {
+ $org = $_SESSION['_config']['altrow'];
+}
?>
-<p>
-<?=_("Please make sure the following details are correct before proceeding any further.")?>
-</p>
<p>
-<? if(is_array($_SESSION['_config']['rows']))
- foreach($_SESSION['_config']['rows'] as $row) { ?>
-<?=_("CommonName")?>: <?=$row?><br>
-<? } ?>
-<? if(is_array($_SESSION['_config']['altrows']))
- foreach($_SESSION['_config']['altrows'] as $row) { ?>
-<?=_("subjectAltName")?>: <?=$row?><br>
-<? } ?>
-<?=_("Organisation")?>: <?=$org['O']?><br>
-<?=_("Org. Unit")?>: <?=($_SESSION['_config']['OU'])?><br>
-<?=_("Location")?>: <?=$org['L']?><br>
-<?=_("State/Province")?>: <?=$org['ST']?><br>
-<?=_("Country")?>: <?=$org['C']?><br>
+<?=_("Please make sure the following details are correct before proceeding ".
+ "any further.")?>
+</p>
+<p><?
+if (is_array($_SESSION['_config']['rows'])) {
+ foreach ($_SESSION['_config']['rows'] as $row) {
+ echo _("CommonName"), ": $row<br>\n";
+ }
+}
-<form method="post" action="account.php">
-<input type="submit" name="process" value="<?=_("Submit")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
+if (is_array($_SESSION['_config']['altrows'])) {
+ foreach ($_SESSION['_config']['altrows'] as $row) {
+ echo _("subjectAltName"), ": $row<br>\n";
+ }
+}
+echo _("Organisation"), ": {$org['O']}<br>\n";
+echo _("Org. Unit"), ": {$_SESSION['_config']['OU']}<br>\n";
+echo _("Location"), ": {$org['L']}<br>\n";
+echo _("State/Province"), ": {$org['ST']}<br>\n";
+echo _("Country"), ": {$org['C']}<br>\n";
+?>
-<? if($_SESSION['profile']['admin'] == 1) { ?>
-<br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
-<input type="checkbox" name="ocspcert" value="OCSPCert"/> <?=_("OCSP certificate")?>
-<? } ?>
+<form method="post" action="account.php">
+ <p>
+ <input type="submit" name="process" value="<?=_("Submit")?>">
+ <input type="hidden" name="oldid" value="<?=$id?>">
+ </p>
+
+ <?
+ if ($_SESSION['profile']['admin'] == 1) {
+ ?>
+ <p>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/><br/>
+ <input type="checkbox" name="ocspcert" value="OCSPCert"/>
+ <?=_("OCSP certificate")?>
+ </p>
+ <?
+ }
+ ?>
</form>
-</p>