summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xCommModule/client.pl129
-rwxr-xr-xCommModule/logclean.sh9
-rwxr-xr-xCommModule/server.pl10
-rw-r--r--includes/general.php27
-rw-r--r--includes/mysql.php.sample30
-rw-r--r--locale/Makefile2
-rw-r--r--pages/index/3.php43
-rw-r--r--scripts/59de-ate-freiburg-email.txt91
-rw-r--r--scripts/59de-ate-freiburg-mail.php.txt138
-rw-r--r--scripts/60de-ate-bremen-email.txt92
-rw-r--r--scripts/60de-ate-bremen-mail.php.txt142
-rw-r--r--scripts/61de-ate-dresden-email.txt92
-rw-r--r--scripts/61de-ate-dresden-mail.php.txt147
-rw-r--r--scripts/62de-froscon2015-email.txt33
-rw-r--r--scripts/62de-froscon2015-mail.php.txt151
-rw-r--r--scripts/63dk-ate-nykobing-email.txt121
-rw-r--r--scripts/63dk-ate-nykobing-mail.php.txt155
-rwxr-xr-xscripts/db_migrations/version6.sh70
-rw-r--r--scripts/oa03-csr_org_client_cert.php.txt98
-rw-r--r--scripts/oa03-csr_org_client_cert.txt58
-rw-r--r--scripts/send_policy_cca_correct_20150221_1.php113
-rw-r--r--scripts/send_policy_cca_correct_20150221_2.php97
-rw-r--r--www/cap.html.php12
-rw-r--r--www/cap.php14
-rw-r--r--www/capnew.php18
-rw-r--r--www/certs/class3_X0E.crt39
-rw-r--r--www/certs/class3_X0E.derbin0 -> 1750 bytes
-rw-r--r--www/certs/class3_X0E.txt139
-rw-r--r--www/certs/root_X0F.crt40
-rw-r--r--www/certs/root_X0F.derbin0 -> 1778 bytes
-rw-r--r--www/certs/root_X0F.txt142
-rw-r--r--www/coap.html.php10
-rw-r--r--www/coapnew.php18
-rw-r--r--www/index.php12
-rw-r--r--www/policy/NRPDisclaimerAndLicence.php14
35 files changed, 2178 insertions, 128 deletions
diff --git a/CommModule/client.pl b/CommModule/client.pl
index 9e91c46..4d85b48 100755
--- a/CommModule/client.pl
+++ b/CommModule/client.pl
@@ -172,7 +172,7 @@ else
$PortObj->baudrate(115200);
$PortObj->parity("none");
$PortObj->databits(8);
-$PortObj->stopbits(1);
+$PortObj->stopbits(1);
}
}
@@ -286,8 +286,8 @@ sub SendIt($)
# {
# $PortObj->write(substr($_[0],$_,1));
# }
-
-}
+
+}
my $modus=0;
@@ -313,17 +313,17 @@ sub SendHandshaked($)
$xor ^= unpack("C",substr($_[0],$_,1));
}
#print "XOR: $xor\n";
-
+
my $tryagain=1;
while($tryagain)
{
SendIt($_[0].pack("C",$xor)."rie4Ech7");
-
+
Error "Packet receipt was not confirmed in 5 seconds. Connection lost!\n" if(!scalar($sel->can_read(5)));
$data="";
$length=read SER,$data,1;
-
+
if($length && $data eq "\x10")
{
SysLog "Sent successfully!...\n";
@@ -335,14 +335,14 @@ sub SendHandshaked($)
}
else
{
- Error "I cannot send! $length ".unpack("C",$data)."\n";
+ Error "I cannot send! $length ".unpack("C",$data)."\n";
}
}
}
else
{
- print "!Cannot send! $length \n";
+ print "!Cannot send! $length \n";
Error "!Stopped sending.\n";
}
}
@@ -423,7 +423,7 @@ sub Request($$$$$$$$$$$)
my @fields=unpack3array(substr($data,3,-9));
SysLog "Answer from Server: ".hexdump($data)."\n" if($debug);
-
+
#if(open OUT,">result.dat")
#{
# print OUT $data;
@@ -461,8 +461,8 @@ sub X509extractSAN($)
{
$SAN.="," if($SAN ne "");
$SAN.= trim($bit[1]);
- }
- else
+ }
+ else
{
$newsubject .= "/".$val;
}
@@ -470,7 +470,7 @@ sub X509extractSAN($)
$newsubject=~s{^//}{/};
$newsubject=~s/[\n\r\t\x00"\\']//g;
$SAN=~s/[ \n\r\t\x00"\\']//g;
- return($SAN,$newsubject);
+ return($SAN,$newsubject);
}
sub X509extractExpiryDate($)
@@ -526,25 +526,25 @@ sub X509extractSerialNumber($)
return "";
}
-sub OpenPGPextractExpiryDate ($)
+sub OpenPGPextractExpiryDate ($)
{
my $r="";
my $cts;
my @date;
-
+
open(RGPG, $gpgbin.' -vv '.$_[0].' 2>&1 |') or Error('Can\'t start GnuPG($gpgbin): '.$!."\n");
open(OUT, '> infogpg.txt' ) or Error('Can\'t open output file: infogpg.txt: '.$!);
$/="\n";
- while (<RGPG>)
+ while (<RGPG>)
{
print OUT $_;
- unless ($r)
+ unless ($r)
{
if ( /^\s*version \d+, created (\d+), md5len 0, sigclass (?:0x[0-9a-fA-F]+|\d+)\s*$/ )
{
SysLog "Detected CTS: $1\n";
$cts = int($1);
- } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ )
+ } elsif ( /^\s*critical hashed subpkt \d+ len \d+ \(sig expires after ((\d+)y)?((\d+)d)?((\d+)h)?(\d+)m\)\s*$/ )
{
SysLog "Detected FRAME $2 $4 $6 $8\n";
$cts += $2 * 31536000; # secs per year (60 * 60 * 24 * 365)
@@ -560,19 +560,19 @@ sub OpenPGPextractExpiryDate ($)
}
}
- close(OUT );
+ close(OUT );
close(RGPG);
SysLog "CTS: $cts R: $r\n";
-
- if ( $r )
+
+ if ( $r )
{
@date = gmtime($r);
$r = sprintf('%.4i-%.2i-%.2i %.2i:%.2i:%.2i', # date format
$date[5] + 1900, $date[4] + 1, $date[3], # day
$date[2], $date[1], $date[0], # time
);
-
+
}
SysLog "$r\n";
return $r;
@@ -605,7 +605,7 @@ sub setUsersLanguage($)
if($lang ne "")
{
$ENV{"LANG"}=$lang;
- setlocale(LC_ALL, $lang);
+ setlocale(LC_ALL, $lang);
} else {
$ENV{"LANG"}="en_AU";
setlocale(LC_ALL, "en_AU");
@@ -642,7 +642,7 @@ sub sendmail($$$$$$$)
my ($to, $subject, $message, $from, $replyto, $toname, $fromname)=@_;
my $errorsto="returns\@cacert.org";
my $extra="";
-
+
# sendmail($user{email}, "[CAcert.org] Your GPG/PGP Key", $body, "support\@cacert.org", "", "", "CAcert Support");
my @lines=split("\n",$message);
@@ -653,14 +653,14 @@ sub sendmail($$$$$$$)
if($line eq ".")
{
$message .= " .\n";
- } else
+ } else
{
$message .= $line."\n";
- }
+ }
}
$fromname = $from if($fromname eq "");
-
+
my @bits = split(",", $from);
$from = addslashes($bits['0']);
$fromname = addslashes($fromname);
@@ -672,7 +672,7 @@ sub sendmail($$$$$$$)
SysLog "SMTP: ".<$smtp>;
print $smtp "MAIL FROM:<returns\@cacert.org>\r\n";
SysLog "MAIL FROM: ".<$smtp>;
-
+
@bits = split(",", $to);
foreach my $user (@bits)
{
@@ -707,7 +707,7 @@ sub sendmail($$$$$$$)
print $smtp "Content-Type: text/plain; charset=\"utf-8\"\r\n";
print $smtp "Content-Transfer-Encoding: 8bit\r\n";
}
- else
+ else
{
print $smtp "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n";
print $smtp "Content-Transfer-Encoding: quoted-printable\r\n";
@@ -756,7 +756,7 @@ sub HandleCerts($$)
{
#Weird SQL structure ...
my @sqlres=$dbh->selectrow_array("select memid from domains where id='".int($row{'domid'})."'");
- $row{'memid'}=$sqlres[0];
+ $row{'memid'}=$sqlres[0];
SysLog("Fetched memid: $row{'memid'}\n") if($debug);
}
@@ -857,7 +857,7 @@ sub HandleCerts($$)
print OUT $crt;
close OUT;
system "$opensslbin x509 -in $crtname.der -inform der -out $crtname";
- }
+ }
}
else
{
@@ -901,7 +901,7 @@ sub HandleCerts($$)
$body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
}
- else
+ else
{
SysLog("Could not find the issued certificate. $crtname ".$row{"id"}."\n");
$dbh->do("update `$table` set warning=warning+1 where `id`='".$row{'id'}."'");
@@ -914,7 +914,7 @@ sub DoCRL($$)
{
my $crl=$_[0];
my $crlname=$_[1];
-
+
if(length($crl))
{
if($crl=~m/^-----BEGIN X509 CRL-----/)
@@ -929,7 +929,7 @@ sub DoCRL($$)
open OUT,">$crlname.patch";
print OUT $crl;
close OUT;
- my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp";
+ my $res=system "xdelta patch $crlname.patch $crlname $crlname.tmp";
#print "xdelta res: $res\n";
if($res==512)
{
@@ -939,7 +939,7 @@ sub DoCRL($$)
}
}
- my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
+ my $res=`openssl crl -verify -in $crlname.tmp -inform der -noout 2>&1`;
SysLog "verify: $res\n";
if($res=~m/verify OK/)
{
@@ -1023,17 +1023,29 @@ sub RevokeCerts($$)
if($result)
{
- setUsersLanguage($row{memid});
-
- my %user=getUserData($row{memid});
-
$dbh->do("update `$table` set `revoked`=now() where `id`='".$row{'id'}."'");
- my $body = _("Hi")." $user{fname},\n\n";
- $body .= sprintf(_("Your certificate for %s has been revoked, as per request.")."\n\n", $row{'CN'});
- $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
- SysLog("Sending email to ".$user{"email"}."\n") if($debug);
- sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
+ if($org eq "")
+ {
+ if($server)
+ {
+ my @a=$dbh->selectrow_array("select `memid` from `domains` where `id`='".int($row{domid})."'");
+ sendRevokeMail($a[0], $row{'CN'}, $row{'serial'});
+ }
+ else
+ {
+ sendRevokeMail($row{memid}, $row{'CN'}, $row{'serial'});
+ }
+ }
+ else
+ {
+ my $orgsth = $dbh->prepare("select `memid` from `org` where `orgid`='".int($row{orgid})."'");
+ $orgsth->execute();
+ while ( my ($memid) = $orgsth->fetchrow_array() )
+ {
+ sendRevokeMail($memid, $row{'CN'}, $row{'serial'});
+ }
+ }
}
}
@@ -1046,6 +1058,21 @@ sub RevokeCerts($$)
}
+sub sendRevokeMail()
+{
+ my $memid = $_[0];
+ my $certName = $_[1];
+ my $serial = $_[2];
+ setUsersLanguage($memid);
+
+ my %user=getUserData($memid);
+
+ my $body = _("Hi")." $user{fname},\n\n";
+ $body .= sprintf(_("Your certificate for '%s' with the serial number '%s' has been revoked, as per request.")."\n\n", $certName, $serial);
+ $body .= _("Best regards")."\n"._("CAcert.org Support!")."\n\n";
+ SysLog("Sending email to ".$user{"email"}."\n") if($debug);
+ sendmail($user{email}, "[CAcert.org] "._("Your certificate"), $body, "support\@cacert.org", "", "", "CAcert Support");
+}
@@ -1057,7 +1084,7 @@ sub HandleGPG()
while ( $rowdata = $sth->fetchrow_hashref() )
{
my %row=%{$rowdata};
-
+
my $prefix="gpg";
my $short=int($row{'id'}/1000);
my $csrname = "../csr/$prefix-".$row{'id'}.".csr";
@@ -1071,11 +1098,11 @@ sub HandleGPG()
#my $csrname = "../csr/gpg-".$row{'id'}.".csr";
#my $crtname = "../crt/gpg-".$row{'id'}.".crt";
-
+
SysLog "Opening $csrname\n";
-
+
my $crt="";
-
+
if(-s $csrname && open(IN,"<$csrname"))
{
undef $/;
@@ -1101,12 +1128,12 @@ sub HandleGPG()
{
SysLog "Opening $crtname\n";
setUsersLanguage($row{memid});
-
+
my $date=OpenPGPextractExpiryDate($crtname);
my %user=getUserData($row{memid});
-
+
$dbh->do("update `gpg` set `crt`='$crtname', issued=now(), `expire`='$date' where `id`='".$row{'id'}."'");
-
+
my $body = _("Hi")." $user{fname},\n\n";
$body .= sprintf(_("Your CAcert signed key for %s is available online at:")."\n\n", $row{'email'});
$body .= "https://www.cacert.org/gpg.php?id=3&cert=$row{id}\n\n";
@@ -1153,5 +1180,5 @@ while ( -f "./client.pl-active" )
my $timestamp=strftime("%m%d%H%M%Y.%S",gmtime);
Request($ver,0,0,0,0,0,0,0,$timestamp,"","");
sleep(1);
- usleep(1700000);
+ usleep(1700000);
}
diff --git a/CommModule/logclean.sh b/CommModule/logclean.sh
index 99963ee..62aa04c 100755
--- a/CommModule/logclean.sh
+++ b/CommModule/logclean.sh
@@ -2,6 +2,9 @@
# logclean.sh - maintenance script for logfiles generated by CommModule
# run this daily or weekly from cron
+COMPRESS="xz -9 -M 1GiB" # compression program to use
+COMPRESS_EXT=xz # file extension for compression program
+
syslog_error()
{
logger -i -t CommModule/logclean.sh -p user.err $1
@@ -31,12 +34,12 @@ if [ -n "${FILES}" ]
then
for F in ${FILES}
do
- syslog_notice "Compressing ${F}" && bzip2 ${F}
+ syslog_notice "Compressing ${F}" && ${COMPRESS} ${F}
done
fi
# move compressed logfiles to oldlogs directory
-FILES=`find logfile20*.txt.bz2 -print`
+FILES=`find logfile20*.txt.${COMPRESS_EXT} -print`
if [ -n "${FILES}" ]
then
mkdir -p oldlogs
@@ -47,7 +50,7 @@ then
fi
# delete old logfiles which have not been modified in at least 2.5+ years
-FILES=`find oldlogs/logfile20*.txt.bz2 -mtime +913 -print`
+FILES=`find oldlogs/logfile20*.txt.${COMPRESS_EXT} -mtime +913 -print`
if [ -n "${FILES}" ]
then
for F in ${FILES}
diff --git a/CommModule/server.pl b/CommModule/server.pl
index 6084042..3fd77e6 100755
--- a/CommModule/server.pl
+++ b/CommModule/server.pl
@@ -491,8 +491,8 @@ sub SignX509($$$$$$$$)
$subject=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
$san=~ s/\\x([A-F0-9]{2})/pack("C", hex($1))/egi;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
- Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00"'\\]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject: ".hexdump($subject)." - $subject\n" if($subject=~m/[\n\r\t\x00#"'\\]/);
print "Subject: $subject\n";
print "SAN: $san\n";
@@ -590,8 +590,8 @@ sub SignOpenPGP
my $keyid=undef;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
- Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00"'\\;]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
+ Error "Invalid characters in Subject!\n" if($subject=~m/[ \n\r\t\x00#"'\\;]/);
if(open OUT,">$wid/request.key")
@@ -843,7 +843,7 @@ sub RevokeX509
{
my ($root,$template,$hash,$days,$spkac,$request,$san,$subject)=@_;
- Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00"'\\]/);
+ Error "Invalid characters in SubjectAltName!\n" if($san=~m/[ \n\r\t\x00#"'\\]/);
Error "Invalid characters in Hash!\n" if(! $subject=~m/^[0-9a-fA-F]+$/);
SysLog "Widerrufe $PkiSystems{$_[0]}\n";
diff --git a/includes/general.php b/includes/general.php
index 17b449b..735f357 100644
--- a/includes/general.php
+++ b/includes/general.php
@@ -298,8 +298,14 @@
}
}
- if($cnok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ $cnok = 0;
+ }
+
+ if($cnok == 0) {
$_SESSION['_config']['rejected'][] = $CN;
+ continue;
+ }
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
@@ -350,8 +356,14 @@
}
}
- if($altok == 0)
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $alt)) {
+ $altok = 0;
+ }
+
+ if($altok == 0) {
$_SESSION['_config']['rejected'][] = $alt;
+ continue;
+ }
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
@@ -391,6 +403,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $CN)) {
+ continue;
+ }
+
if($_SESSION['_config']['row'] != "")
$rows[] = $CN;
}
@@ -439,6 +455,10 @@
}
}
+ if(!preg_match("/(?=^.{4,253}$)(^(?:\\*\\.)?((?!-)[a-zA-Z0-9_-]{1,63}(?<!-)\\.)+[a-zA-Z]{2,63}$)/i", $alt)) {
+ continue;
+ }
+
if($_SESSION['_config']['altrow'] != "")
$altrows[] = $subalt;
}
@@ -573,6 +593,7 @@
$fp_opt = array(
'ssl' => array(
'verify_peer' => false, // Opportunistic Encryption
+ 'verify_peer_name' => false, // Opportunistic Encryption
)
);
$fp_ctx = stream_context_create($fp_opt);
@@ -611,7 +632,7 @@
continue;
}
- stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+ stream_socket_enable_crypto($fp, true, STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
fputs($fp, "EHLO www.cacert.org\r\n");
do {
diff --git a/includes/mysql.php.sample b/includes/mysql.php.sample
index 10185fc..77be95f 100644
--- a/includes/mysql.php.sample
+++ b/includes/mysql.php.sample
@@ -26,7 +26,7 @@
$_SESSION['_config']['securehostname'] = "secure.cacert.org";
$_SESSION['_config']['tverify'] = "tverify.cacert.org";
- function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $extra="")
+ function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $use_utf8 = true)
{
$lines = explode("\n", $message);
$message = "";
@@ -49,8 +49,8 @@
$smtp = fsockopen("localhost", 25);
if(!$smtp)
{
- echo("Could not connect to mailserver at localhost:25\n");
- return;
+ echo("Could not connect to mailserver at localhost:25\n");
+ return;
}
$InputBuffer = fgets($smtp, 1024);
fputs($smtp, "HELO www.cacert.org\r\n");
@@ -83,19 +83,31 @@
fputs($smtp, "Subject: $subject\r\n");
}
fputs($smtp, "Mime-Version: 1.0\r\n");
- if($extra == "")
+ if($use_utf8)
{
fputs($smtp, "Content-Type: text/plain; charset=\"utf-8\"\r\n");
- fputs($smtp, "Content-Transfer-Encoding: 8bit\r\n");
- } else {
+ }
+ else
+ {
fputs($smtp, "Content-Type: text/plain; charset=\"iso-8859-1\"\r\n");
- fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n");
- fputs($smtp, "Content-Disposition: inline\r\n");
}
+ fputs($smtp, "Content-Transfer-Encoding: quoted-printable\r\n");
+ fputs($smtp, "Content-Disposition: inline\r\n");
+
// fputs($smtp, "Content-Transfer-Encoding: BASE64\r\n");
fputs($smtp, "\r\n");
// fputs($smtp, chunk_split(base64_encode(recode("html..utf-8", $message)))."\r\n.\r\n");
- fputs($smtp, recode("html..utf-8", $message)."\r\n.\r\n");
+ $encoded_lines = explode( "\n", str_replace("\r", "", $message) );
+ array_walk( $encoded_lines,
+ function (&$a) {
+ $a = quoted_printable_encode(recode("html..utf-8", $a));
+ });
+ $encoded_message = implode("\n", $encoded_lines);
+
+ $encoded_message = str_replace("\r.", "\r=2E", $encoded_message);
+ $encoded_message = str_replace("\n.", "\n=2E", $encoded_message);
+ fputs($smtp, $encoded_message);
+ fputs($smtp, "\r\n.\r\n");
fputs($smtp, "QUIT\n");
$InputBuffer = fgets($smtp, 1024);
fclose($smtp);
diff --git a/locale/Makefile b/locale/Makefile
index a2b856b..b831719 100644
--- a/locale/Makefile
+++ b/locale/Makefile
@@ -127,7 +127,7 @@ SSH_USER := critical
SSH_OPTIONS :=
SCP_OPTIONS := $(SSH_OPTIONS)
-FILE_OWNER := www-data
+FILE_OWNER := pootle
POT_UPLOAD_PATH := /var/www/Pootle/po/cacert/templates/messages.pot
MANAGE_PY := /var/www/Pootle/manage.py
diff --git a/pages/index/3.php b/pages/index/3.php
index f060c8f..f99d64c 100644
--- a/pages/index/3.php
+++ b/pages/index/3.php
@@ -18,35 +18,24 @@
<p><?=sprintf(_("You are bound by the %s Root Distribution Licence %s for any re-distributions of CAcert's roots."),"<a href='/policy/RootDistributionLicense.html'>","</a>")?></p>
-<h3><?=_("Windows Installer") ?></h3>
-<ul class="no_indent">
- <li><? printf(_("%s Windows installer package %s for browsers that use the Windows certificate store %s (for example Internet Explorer, Chrome on Windows and Safari on Windows)"), '<a href="certs/CAcert_Root_Certificates.msi">', '</a>', '<br/>')?></li>
- <li><?=_("SHA1 Hash:") ?> 2db1957db31aa0d778d1a65ea146760ee1e67611</li>
- <li><?=_("SHA256 Hash:") ?> 88883f2e3117bae6f43922fbaef8501b94efe4143c12116244ca5d0c23bcbb16</li>
-</ul>
-
<h3><?=_("Class 1 PKI Key")?></h3>
<ul class="no_indent">
- <li><a href="certs/root.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
- <li><a href="certs/root.der"><?=_("Root Certificate (DER Format)")?></a></li>
- <li><a href="certs/root.txt"><?=_("Root Certificate (Text Format)")?></a></li>
+ <li><a href="certs/root_X0F.crt"><?=_("Root Certificate (PEM Format)")?></a></li>
+ <li><a href="certs/root_X0F.der"><?=_("Root Certificate (DER Format)")?></a></li>
+ <li><a href="certs/root_X0F.txt"><?=_("Root Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/revoke.crl">CRL</a></li>
- <li><?=_("SHA1 Fingerprint:")?> 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33</li>
- <li><?=_("MD5 Fingerprint:")?> A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B</li>
+ <li><?=_("SHA256 fingerprint:")?> 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</li>
+ <li><?=_("SHA1 fingerprint:")?> DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5</li>
</ul>
<h3><?=_("Class 3 PKI Key")?></h3>
<ul class="no_indent">
- <li><a href="certs/class3.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
- <li><a href="certs/class3.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
- <li><a href="certs/class3.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
+ <li><a href="certs/class3_X0E.crt"><?=_("Intermediate Certificate (PEM Format)")?></a></li>
+ <li><a href="certs/class3_X0E.der"><?=_("Intermediate Certificate (DER Format)")?></a></li>
+ <li><a href="certs/class3_X0E.txt"><?=_("Intermediate Certificate (Text Format)")?></a></li>
<li><a href="<?=$_SERVER['HTTPS']?"https":"http"?>://crl.cacert.org/class3-revoke.crl">CRL</a></li>
-<?php /*
- class3 subroot fingerprint updated: 2011-05-23 class3 Re-sign project
- https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
-*/ ?>
- <li><?=_("SHA1 Fingerprint:")?> AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE</li>
- <li><?=_("MD5 Fingerprint:")?> F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42</li>
+ <li><?=_("SHA256 fingerprint:")?> F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</li>
+ <li><?=_("SHA1 fingerprint:")?> A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0</li>
</ul>
<h3><?=_("GPG Key")?></h3>
@@ -56,8 +45,16 @@
<li><?=_("Fingerprint:")?> A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58</li>
</ul>
+
+<?php if ( false ) { ?>
+ /**
+ Since we don't seem to have a way to GPG sign our current key, we have, at least temporarily, removed this.
+
+ https://bugs.cacert.org/view.php?id=1305#c5784
+
+ **/
<h4><?=_("PKI fingerprint signed by the CAcert GPG Key")?></h4>
-<pre>
+ <pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
@@ -74,6 +71,8 @@ Mch2LMZhK4h/SBIft5ROzVU=
=R/pJ
-----END PGP SIGNATURE-----
</pre>
+<?php } ?>
+
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
diff --git a/scripts/59de-ate-freiburg-email.txt b/scripts/59de-ate-freiburg-email.txt
new file mode 100644
index 0000000..09b3ad7
--- /dev/null
+++ b/scripts/59de-ate-freiburg-email.txt
@@ -0,0 +1,91 @@
+[Deutsch]
+
+Es hat sich viel getan in den letzten Jahren. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das erste Mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Montag, den 2. Februar 2015
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Karma Indian Palace
+- Bertoldstrasse 51-53 (gegenüber Cinemaxx)
+- 79098 Freiburg
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2015-02-02-ATE-Freiburg]
+Blog [http://blog.cacert.org/2015/01/ate-freiburg-2015-02-02/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Freiburg teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+
+[English]
+
+During the last years many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Monday, February 2nd 2015
+- during: 19:00 - ca. 22:00
+- Karma Indian Palace
+- Bertoldstrasse 51-53 (across to Cinemaxx)
+- 79098 Freiburg
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2015-02-02-ATE-Freiburg]
+Blog [http://blog.cacert.org/2015/01/ate-freiburg-2015-02-02/]
+
+User reply for registration: 'I will attend the ATE-Freiburg'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/59de-ate-freiburg-mail.php.txt b/scripts/59de-ate-freiburg-mail.php.txt
new file mode 100644
index 0000000..c8f0d81
--- /dev/null
+++ b/scripts/59de-ate-freiburg-mail.php.txt
@@ -0,0 +1,138 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("59de-ate-freiburg-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $locid = 228950; // Berlin
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $locid = 675661; // Graz, Steiermark, Austria
+// $locid = 1992733; // Wien, Wien, Austria
+
+// $locid = ; 54334 // Amberg, Bayern, Germany
+// $eventname = "ATE-Amberg";
+// $city = "06. Januar 2014";
+
+// $locid = 1089877; // Linz, Oberoesterreich, Austria
+// $eventname = "ATE-Linz";
+// $city = "16. Mai 2014";
+
+// $locid = 1993029; // Wiesbaden, Hessen, Germany
+// $eventname = "ATE-Wiesbaden";
+// $city = "22. Mai 2014";
+
+
+// $locid = 1356196; // Oberwart, Burgenland, Germany
+// $eventname = "ATE-Oberwart (Korrektur)";
+// $city = "27. Juni 2014";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "13. November 2014";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "19. November 2014";
+
+ $locid = 606775; // Freiburg, Baden-Wuertemberg, Germany
+ $eventname = "ATE-Freiburg";
+ $city = "2. Februar 2015";
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/60de-ate-bremen-email.txt b/scripts/60de-ate-bremen-email.txt
new file mode 100644
index 0000000..bc80f1b
--- /dev/null
+++ b/scripts/60de-ate-bremen-email.txt
@@ -0,0 +1,92 @@
+[Deutsch]
+
+Es hat sich viel getan in den letzten Jahren. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das erste Mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Dienstag, den 5. Mai 2015
+- in der Zeit von: 19:00 - ca. 22:00 Uhr
+- Embassy of Nerdistan
+- in den Raeumen des AUCOOP Bremen e.V. (2. OG)
+- Weberstr. 18
+- 28203 Bremen
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2015-05-05-ATE-Bremen]
+Blog [http://blog.cacert.org/2015/04/ate-bremen-2015-05-05/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Bremen teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+[English]
+
+During the last years many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Tuesday, May 5th 2015
+- during: 19:00 - ca. 22:00
+- Embassy of Nerdistan
+- located at AUCOOP Bremen e.V. (2n floor)
+- Weberstr. 18
+- 28203 Bremen
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2015-05-05-ATE-Bremen]
+Blog [http://blog.cacert.org/2015/04/ate-bremen-2015-05-05/]
+
+User reply for registration: 'I will attend the ATE-Bremen'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/60de-ate-bremen-mail.php.txt b/scripts/60de-ate-bremen-mail.php.txt
new file mode 100644
index 0000000..909412d
--- /dev/null
+++ b/scripts/60de-ate-bremen-mail.php.txt
@@ -0,0 +1,142 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("60de-ate-bremen-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $locid = 228950; // Berlin
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $locid = 675661; // Graz, Steiermark, Austria
+// $locid = 1992733; // Wien, Wien, Austria
+
+// $locid = ; 54334 // Amberg, Bayern, Germany
+// $eventname = "ATE-Amberg";
+// $city = "06. Januar 2014";
+
+// $locid = 1089877; // Linz, Oberoesterreich, Austria
+// $eventname = "ATE-Linz";
+// $city = "16. Mai 2014";
+
+// $locid = 1993029; // Wiesbaden, Hessen, Germany
+// $eventname = "ATE-Wiesbaden";
+// $city = "22. Mai 2014";
+
+
+// $locid = 1356196; // Oberwart, Burgenland, Germany
+// $eventname = "ATE-Oberwart (Korrektur)";
+// $city = "27. Juni 2014";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "13. November 2014";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "19. November 2014";
+
+// $locid = 606775; // Freiburg, Baden-Wuertemberg, Germany
+// $eventname = "ATE-Freiburg";
+// $city = "2. Februar 2015";
+
+ $locid = 281755; // Bremen, Bremen, Germany
+ $eventname = "ATE-Bremen";
+ $city = "5. Mai 2015";
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/61de-ate-dresden-email.txt b/scripts/61de-ate-dresden-email.txt
new file mode 100644
index 0000000..e22427c
--- /dev/null
+++ b/scripts/61de-ate-dresden-email.txt
@@ -0,0 +1,92 @@
+[Deutsch]
+
+Es hat sich viel getan in den letzten Jahren. Eine ganze Reihe von bisher
+eher "muendlich ueberlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einpraegen?
+- Wie verhaelst du dich,
+ wenn du ein fremdes Ausweisdokument das erste Mal pruefst?
+
+Antworten auf diese und weitere Fragen erhaelst du bei den
+Assurer Training Events (ATEs).
+
+Darueberhinaus wird beim ATE der Vorgang der Identitaetsueberpruefung
+trainiert und auditiert, um die Qualitaet der Assurances in der
+taeglichen Praxis zu erfassen. Dabei gilt es moegliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Moeglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden koennen.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Naehe findet statt am:
+
+- Dienstag, den 12. Mai 2015
+- in der Zeit von: 18:00 - ca. 21:00 Uhr
+- robotron-Buerokomplex
+- in den Raeumen des Chaos Computer Club Dresden (GCHQ)
+- Lingnerallee 3
+- 01069 Dresden
+
+
+Details zum Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [http://wiki.cacert.org/Events/2015-05-12-ATE-Dresden]
+Blog [http://blog.cacert.org/2015/04/ate-dresden-2015-05-12/]
+
+Teilnehmer Registrierung mit Rueckantwort:
+ 'Ich moechte am ATE-Dresden teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
+
+[English]
+
+During the last years many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Tuesday, May 12th 2015
+- during: 18:00 - ca. 21:00
+- robotron-Buerokomplex
+- at Chaos Computer Club Dresden (GCHQ)
+- Lingnerallee 3
+- 01069 Dresden
+
+Details to the location can be found:
+Wiki [http://wiki.cacert.org/Events/2015-05-12-ATE-Dresden]
+Blog [http://blog.cacert.org/2015/04/ate-dresden-2015-05-12/]
+
+User reply for registration: 'I will attend the ATE-Dresden'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
diff --git a/scripts/61de-ate-dresden-mail.php.txt b/scripts/61de-ate-dresden-mail.php.txt
new file mode 100644
index 0000000..2b3ec78
--- /dev/null
+++ b/scripts/61de-ate-dresden-mail.php.txt
@@ -0,0 +1,147 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("61de-ate-dresden-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $locid = 228950; // Berlin
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $locid = 675661; // Graz, Steiermark, Austria
+// $locid = 1992733; // Wien, Wien, Austria
+
+// $locid = ; 54334 // Amberg, Bayern, Germany
+// $eventname = "ATE-Amberg";
+// $city = "06. Januar 2014";
+
+// $locid = 1089877; // Linz, Oberoesterreich, Austria
+// $eventname = "ATE-Linz";
+// $city = "16. Mai 2014";
+
+// $locid = 1993029; // Wiesbaden, Hessen, Germany
+// $eventname = "ATE-Wiesbaden";
+// $city = "22. Mai 2014";
+
+
+// $locid = 1356196; // Oberwart, Burgenland, Germany
+// $eventname = "ATE-Oberwart (Korrektur)";
+// $city = "27. Juni 2014";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "13. November 2014";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "19. November 2014";
+
+// $locid = 606775; // Freiburg, Baden-Wuertemberg, Germany
+// $eventname = "ATE-Freiburg";
+// $city = "2. Februar 2015";
+
+// $locid = 281755; // Bremen, Bremen, Germany
+// $eventname = "ATE-Bremen";
+// $city = "5. Mai 2015";
+
+ $locid = 510891; // Dresden, Sachsen, Germany
+ $eventname = "ATE-Dresden";
+ $city = "12. Mai 2015";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/62de-froscon2015-email.txt b/scripts/62de-froscon2015-email.txt
new file mode 100644
index 0000000..1daa2a3
--- /dev/null
+++ b/scripts/62de-froscon2015-email.txt
@@ -0,0 +1,33 @@
+Hallo,
+
+CAcert wird dieses Jahr zum zehnten Mal mit einem Stand auf der FrOSCon
+vertreten sein. Damit gehoert CAcert zu den Projekten, die bei allen zehn
+Auflagen der FrOSCon dabei waren.
+
+CAcert wird neben dem Stand, an dem wie ueblich Assured und ueber CAcert
+informiert wird, auch mit einem Projektraum vertreten sein. In diesem
+Projektraum wird an aktuellen Softwareentwicklungen bei CAcert gearbeitet,
+z.B. Test der Root Erstellung, Gigi/Cassiopeia dem Redesign der Software.
+
+Wir hoffen, dass wir viele von Euch auf der FrOSCon treffen werden.
+
+Wann?
+- Samstag + Sonntag, 22. + 23. August 2015
+- Einlass Samstag ab 08:30h und Sonntag ab 09:00h
+
+Ort:
+- in der Hochschule Bonn-Rhein-Sieg
+- Grantham-Allee 20
+- 53757 Sankt Augustin
+
+Tickets
+- Der Eintritt ist in diesem Jahr frei!
+
+
+Euer Event Team
+
+Kontakt: events@cacert.org
+
+
+[1] [https://www.froscon.de]
+[2] [https://wiki.cacert.org/Events/FrOSCon2015]
diff --git a/scripts/62de-froscon2015-mail.php.txt b/scripts/62de-froscon2015-mail.php.txt
new file mode 100644
index 0000000..3923e72
--- /dev/null
+++ b/scripts/62de-froscon2015-mail.php.txt
@@ -0,0 +1,151 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("62de-froscon2015-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $locid = 228950; // Berlin
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $locid = 675661; // Graz, Steiermark, Austria
+// $locid = 1992733; // Wien, Wien, Austria
+
+// $locid = ; 54334 // Amberg, Bayern, Germany
+// $eventname = "ATE-Amberg";
+// $city = "06. Januar 2014";
+
+// $locid = 1089877; // Linz, Oberoesterreich, Austria
+// $eventname = "ATE-Linz";
+// $city = "16. Mai 2014";
+
+// $locid = 1993029; // Wiesbaden, Hessen, Germany
+// $eventname = "ATE-Wiesbaden";
+// $city = "22. Mai 2014";
+
+
+// $locid = 1356196; // Oberwart, Burgenland, Germany
+// $eventname = "ATE-Oberwart (Korrektur)";
+// $city = "27. Juni 2014";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "13. November 2014";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "19. November 2014";
+
+// $locid = 606775; // Freiburg, Baden-Wuertemberg, Germany
+// $eventname = "ATE-Freiburg";
+// $city = "2. Februar 2015";
+
+// $locid = 281755; // Bremen, Bremen, Germany
+// $eventname = "ATE-Bremen";
+// $city = "5. Mai 2015";
+
+// $locid = 510891; // Dresden, Sachsen, Germany
+// $eventname = "ATE-Dresden";
+// $city = "12. Mai 2015";
+
+ $locid = 1631926; // Sankt Augustin, Nordrhein-Westfalen, Germany
+ $eventname = "CAcert auf der FrOSCon 2015";
+ $city = "22. und 23. August";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/63dk-ate-nykobing-email.txt b/scripts/63dk-ate-nykobing-email.txt
new file mode 100644
index 0000000..4c0b7ee
--- /dev/null
+++ b/scripts/63dk-ate-nykobing-email.txt
@@ -0,0 +1,121 @@
+[Danish]
+Gennem det sidste års tid er der sket mange ændringer hos CAcert. Mange mundtlige regler er blevet skrevet ned i politikker. Nye procedurer (f.eks. Assurer Challenge) og forpligtelser (f.eks. CAcert Community Agreement) har set dagens lys.
+Assurandør trænings events (ATE) forsøger at udbrede disse informationer.
+- Hvad mangler på den gamle CAP formular?
+- Hvorfor skal jeg huske R/L/O?
+- Hvad kan du gøre hvis en person fremviser ID dokumenter jeg ikke kender?
+Disse og flere spørgsmål vil blive besvaret under en Assurandør trænings event (ATE)
+Yderligere, træner man på ATE, hvordan man verificere og kontrollere verificeringer for at måle kvaliteten af verificeringsprocessen i det daglige. Der er en del fejl, som er nemme at falde i. Assurandører får mulighed for at se disse fejl og hvordan man undgår dem.
+Som IanG sagde: ATE eller Assurandør Træningens events er klart anbefalet til alle assurandører og indeholder dele som hjælper direkte med vores godkendelseskontrol. Kom og find ud af hvordan du også kan hjælpe.
+
+Den næste event, som afholdes i dit område er:
+- Søndag d. 20. September 2015
+- Kl. 10:00 – ca. 17:00
+- ShowIT Media
+- Slotsbryggen 14 A-D
+- 4800 Nykøbing F.
+- Denmark
+
+BEMÆRK: eventen foregår på engelsk
+Detaljerne om eventen og programmet kan findes på:
+Wiki [https://wiki.cacert.org/Events/2015-09-20-ATE-DK-Nykobing]
+Blog [https://blog.cacert.org/2015/07/ate-nykobing-denmark-on-september-20th-2015/]
+Du kan tilmelde dig ved at besvare denne mail og i emnet feltet skrive: 'I will attend the ATE-Nykobing'
+Event teamet ser frem til din deltagelse
+Kontakt: events@cacert.org
+
+[English]
+
+During the last years many changes took place inside CAcert. Many "oral"
+rules have been put into Policies. New procedures
+(e.g. Assurer Challenge) and obligations
+(e.g. CAcert Community Agreement) have been put into live.
+The Assurer Training Events (ATE) try to spread this information:
+
+- What is missing on the "old" CAP forms?
+- Why should I remember R/L/O?
+- What can you do if an Assuree shows an ID document unknown to you?
+
+These and more questions will be answered during the
+Assurer Training Events (ATEs)
+
+Furthermore, the ATE trains how to do assurances and audits assurances,
+to measure the quality of assurances in the daily routine. Here are some
+possible errors and pitfalls which need to be found. Assurers have the
+opportunity to see those errors and how to avoid them.
+
+As IanG said: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers and includes parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+The next event held in your area will be:
+
+- Sunday 20th September 2015
+- during 10:00 - ca. 17:00
+- ShowIT Media
+- Slotsbryggen 14 A-D
+- 4800 Nykobing F
+- Denmark
+
+Important: the speeches will be held in English.
+
+Details to the location and the agenda can be found:
+Wiki [https://wiki.cacert.org/Events/2015-09-20-ATE-DK-Nykobing]
+Blog [https://blog.cacert.org/2015/07/ate-nykobing-denmark-on-september-20th-2015/]
+
+User reply for registration: 'I will attend the ATE-Nykobing'
+
+The event team is looking forward for your attendance:
+
+Contact: events@cacert.org
+
+[Deutsch]
+
+Es hat sich viel getan im letzten Jahr. Eine ganze Reihe von bisher
+eher "mündlich überlieferten" Regeln wurden in Policies gegossen.
+Neue Prozeduren (z.B. die Assurer Challenge) und Verpflichtungen (z.B.
+in dem CAcert Community Agreement) wurden beschlossen. Die Assurer
+Training Events wollen versuchen, die ganzen Informationen unter's
+Volk zu bringen:
+
+- Welcher Satz fehlt auf alten CAP Formularen?
+- Warum soll ich mir R/L/O einprägen?
+- Wie verhältst du dich,
+ wenn du ein fremdes Ausweisdokument das erste Mal prüfst?
+
+Antworten auf diese und weitere Fragen erhältst du bei den
+Assurer Training Events (ATEs).
+
+Darüber hinaus wird beim ATE der Vorgang der Identitätsüberprüfung
+trainiert und auditiert, um die Qualität der Assurances in der
+täglichen Praxis zu erfassen. Dabei gilt es mögliche Fehler und
+Fallstricke zu erkennen und aufzudecken. Die Assurer haben also die
+Möglichkeit, sich mit den Fehlern auseinanderzusetzen und zu erfahren,
+wie diese vermieden werden können.
+
+Wie IanG sagte: The ATE or Assurer Training Event is exceptionally
+recommended for all Assurers, and include parts which contribute
+directly to our audit. Come and find out how you can also contribute.
+
+Die kommende Veranstaltung in deiner Nähe findet statt am:
+
+- Sonntag, den 20. September 2015
+- in der Zeit von: 10:00 - ca. 17:00 Uhr
+- ShowIT Media
+- Slotsbryggen 14 A-D
+- 4800 Nykobing F
+- Denmark
+
+Wichtig: Die Vortragsprache ist Englisch.
+
+Details zum Ablauf, Veranstaltungsort und Anfahrthinweise findet Ihr im
+Wiki [https://wiki.cacert.org/Events/2015-09-20-ATE-DK-Nykobing]
+Blog [https://blog.cacert.org/2015/07/ate-nykobing-denmark-on-september-20th-2015/]
+
+Teilnehmer Registrierung mit Rückantwort:
+ 'Ich moechte am ATE-Nykobing teilnehmen'
+
+Das Veranstaltungs-Team freut sich schon auf Eure Teilnahme.
+
+Kontakt: events@cacert.org
+
diff --git a/scripts/63dk-ate-nykobing-mail.php.txt b/scripts/63dk-ate-nykobing-mail.php.txt
new file mode 100644
index 0000000..f22e52a
--- /dev/null
+++ b/scripts/63dk-ate-nykobing-mail.php.txt
@@ -0,0 +1,155 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2013 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("63dk-ate-nykobing-email.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+
+// $locid = intval($_REQUEST['location']);
+// $maxdist = intval($_REQUEST['maxdist']);
+// maxdist in [Km]
+ $maxdist = 200;
+
+
+// location location.ID
+// verified: 29.4.09 u.schroeter
+// $locid = 7902857; // Paris
+// $locid = 238568; // Bielefeld
+// $locid = 715191; // Hamburg
+// $locid = 1102495; // London
+// $locid = 606058; // Frankfurt
+// $locid = 1775784; // Stuttgart
+// $locid = 228950; // Berlin
+// $locid = 606058; // Frankfurt
+// $locid = 599389; // Flensburg
+// $locid = 61065; // Amsterdam, Eemnes
+// $locid = 228950; // Berlin
+// $locid = 2138880; // Baltimore (Baltimore (city)), Maryland, United States
+// $locid = 1486658; // Potsdam
+// $locid = 664715; // Goteborg, Vastra Gotaland, Sweden
+// $locid = 2094781; // Mission Hills (Los Angeles), California, United States
+// $locid = 423655; // Copenhagen, Kobenhavn*, Denmark
+// $locid = 2093625; // Los Angeles, CA ???
+// $locid = 2094326 // Los Angeles (Los Angeles), California, United States
+// $locid = 2257312; // Sydney, New South Wales, Australia
+// $locid = 572764; // Essen, Nordrhein-Westfalen, Germany
+// $locid = 78; // Aachen, Nordrhein-Westfalen, Germany
+// $locid = 1260319; // Muenchen
+// $locid = 266635; // Bonn, Nordrhein-Westfalen, Germany
+// $locid = 873779; // Karlsruhe, Baden-Wuerttemberg, Germany
+// $locid = 520340; // Dusseldorf, Nordrhein-Westfalen, Germany
+// $locid = 2262656; // Melbourne, Victoria, Australia
+// $locid = 2185076; // Raleigh (Wake), North Carolina, United States
+// $locid = 2126955; // Lawrence (Douglas), Kansas, United States
+// $locid = 919560; // Kiel, Schleswig-Holstein, Germany
+// $locid = 228950; // Berlin
+// $locid = 1117395; // Lubeck Hansestadt, Schleswig-Holstein, Germany
+// $locid = 675661; // Graz, Steiermark, Austria
+// $locid = 1992733; // Wien, Wien, Austria
+
+// $locid = ; 54334 // Amberg, Bayern, Germany
+// $eventname = "ATE-Amberg";
+// $city = "06. Januar 2014";
+
+// $locid = 1089877; // Linz, Oberoesterreich, Austria
+// $eventname = "ATE-Linz";
+// $city = "16. Mai 2014";
+
+// $locid = 1993029; // Wiesbaden, Hessen, Germany
+// $eventname = "ATE-Wiesbaden";
+// $city = "22. Mai 2014";
+
+
+// $locid = 1356196; // Oberwart, Burgenland, Germany
+// $eventname = "ATE-Oberwart (Korrektur)";
+// $city = "27. Juni 2014";
+
+// $locid = 675661; // Graz, Steiermark, Austria
+// $eventname = "ATE-Graz";
+// $city = "13. November 2014";
+
+// $locid = 1992733; // Wien, Wien, Austria
+// $eventname = "ATE-Wien";
+// $city = "19. November 2014";
+
+// $locid = 606775; // Freiburg, Baden-Wuertemberg, Germany
+// $eventname = "ATE-Freiburg";
+// $city = "2. Februar 2015";
+
+// $locid = 281755; // Bremen, Bremen, Germany
+// $eventname = "ATE-Bremen";
+// $city = "5. Mai 2015";
+
+// $locid = 510891; // Dresden, Sachsen, Germany
+// $eventname = "ATE-Dresden";
+// $city = "12. Mai 2015";
+
+// $locid = 1631926; // Sankt Augustin, Nordrhein-Westfalen, Germany
+// $eventname = "CAcert auf der FrOSCon 2015";
+// $city = "22. und 23. August";
+
+ $locid = 1352507; // Nykobing, Storstrom, Denmark
+ $eventname = "ATE-Nykobing";
+ $city = "2015-09-20";
+
+
+ $query = "select * from `locations` where `id`='$locid'";
+ $loc = mysql_fetch_assoc(mysql_query($query));
+
+ $query = "SELECT ROUND(6378.137 * ACOS(0.9999999*((SIN(PI() * $loc[lat] / 180) * SIN(PI() * `locations`.`lat` / 180)) +
+ (COS(PI() * $loc[lat] / 180 ) * COS(PI() * `locations`.`lat` / 180) *
+ COS(PI() * `locations`.`long` / 180 - PI() * $loc[long] / 180)))), -1) AS `distance`, sum(`points`) as pts, `users`.*
+ FROM `locations`
+ inner join `users` on `users`.`locid` = `locations`.`id`
+ inner join `alerts` on `users`.`id`=`alerts`.`memid`
+ inner join `notary` on `users`.`id`=`notary`.`to`
+ WHERE (`alerts`.`general`=1 OR `alerts`.`country`=1 OR `alerts`.`regional`=1 OR `alerts`.`radius`=1)
+ GROUP BY `users`.`id`
+ HAVING `distance` <= '$maxdist'
+ ORDER BY `distance` ";
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ }
+ // 1x cc to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city", $lines, "events@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ // 1x mailing report to events.cacert.org
+ sendmail("events@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20090525.1
+ sendmail("p.dunkel@cacert.org", "[CAcert.org] $eventname - $city Report", "invitation sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert Events Organisation", "returns@cacert.org", 1);
+ echo "invitation sent to $xrows recipients.\n";
+
+?>
diff --git a/scripts/db_migrations/version6.sh b/scripts/db_migrations/version6.sh
new file mode 100755
index 0000000..dcba365
--- /dev/null
+++ b/scripts/db_migrations/version6.sh
@@ -0,0 +1,70 @@
+#!/bin/sh
+# LibreSSL - CAcert web application
+# Copyright (C) 2004-2011 CAcert Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+
+# script to do database migrations
+
+set -e # script fails if any command fails
+
+STDIN=0
+STDOUT=1
+STDERR=2
+
+if [ "$1" = "--help" ]; then
+ cat >&$STDERR <<- USAGE
+ Usage: $0 [MYSQL_OPTIONS]
+ You have to specify all options needed by "mysql" as if you had started
+ the MySQL command line client directly (including the name of the
+ database to operate on). The MySQL user used has to have enough
+ privileges to do all necessary operations (among others CREATE, ALTER,
+ DROP, UPDATE, INSERT, DELETE).
+ You might need to enter the mysql password multiple times if you
+ specify the -p option.
+ USAGE
+ exit 1
+fi
+
+mysql_opt=" --batch --skip-column-names $@"
+
+schema_version=$( mysql $mysql_opt <<- 'SQL'
+
+ SELECT MAX(`version`) FROM `schema_version`;
+SQL
+)
+if [ $schema_version != 5 ]; then
+ cat >&$STDERR <<- ERROR
+ Error: database schema is not in the right version to do the migration!
+ Expected version: 5
+ ERROR
+ exit 2
+fi
+
+mysql $mysql_opt <<- 'SQL'
+ALTER TABLE `users` ADD `lastLoginAttempt` DATETIME NULL;
+system echo "added user column"
+
+ -- Update schema version number
+ INSERT INTO `schema_version`
+ (`version`, `when`) VALUES
+ ('6' , NOW() );
+SQL
+
+
+echo "Database successfully migrated to version 6"
+exit 0
+
diff --git a/scripts/oa03-csr_org_client_cert.php.txt b/scripts/oa03-csr_org_client_cert.php.txt
new file mode 100644
index 0000000..89a49c4
--- /dev/null
+++ b/scripts/oa03-csr_org_client_cert.php.txt
@@ -0,0 +1,98 @@
+#!/usr/bin/php -q
+<? /*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2011 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+ include_once("../includes/mysql.php");
+
+ $lines = "";
+ $fp = fopen("oa03-csr_org_client_cert.txt", "r");
+ while(!feof($fp))
+ {
+ $line = trim(fgets($fp, 4096));
+ $lines .= wordwrap($line, 75, "\n")."\n";
+ }
+ fclose($fp);
+
+// --- Variable parameters --- begin
+
+// $country
+// "" (empty) email to _all_ countries
+// "DE" 2-digit country code, eg. email to Germany Org's only
+
+// $status
+// Status: 1 mails to org contacts only
+// 2 mails to org admins only
+// 3 mails to org contacts + org admins
+
+// $subject
+// sample:
+// with
+// mailing subject results in
+// a) $country = ""
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website"
+// b) $country = "DE"
+// "[CAcert.org] Allowance to publish Organisation Assurance on CAcert website (DE)"
+
+
+////OA Allowance
+//$country = ""; // "DE" or ""
+//$status = 3; // 1, 2 or 3 3 = 1+2
+//$subject = "Allowance to publish Organisation Assurance on CAcert website";
+
+
+//OA Org Client Cert Information
+$country = ""; // "DE" or ""
+$status = 3; // 1, 2 or 3 3 = 1+2
+$subject = "New Feature in CAcert Organisation Accounts";
+
+// --- Variable parameters --- end
+
+$query = "SELECT orginfo.contact as email, orginfo.O, 1 as status
+ FROM orginfo
+ WHERE (orginfo.C like '$country%' and (1=$status or 3=$status))
+ UNION
+ Select users.email, orginfo.O, 2 as status
+ FROM users
+ inner join org on users.id = org.memid
+ inner join orginfo on org.orgid=orginfo.id
+ WHERE (orginfo.C like '$country%' and (2=$status or 3=$status))
+ ORDER BY O";
+
+
+ echo $query;
+
+ // comment next line when starting to send mail not only to me
+ // $query = "select * from `users` where `email` like 'cacerttest%'";
+
+ $res = mysql_query($query);
+ $xrows = mysql_num_rows($res);
+
+ while($row = mysql_fetch_assoc($res))
+ {
+ // uncomment next line to send mails ...
+ sendmail($row['email'], "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")") , $lines, "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ }
+ // 1x cc to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")"), $lines, "oao@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+ // 1x mailing report to oao.cacert.org
+ sendmail("oao@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ // 1x mailing report to Arbitrator of case http://wiki.cacert.org/wiki/Arbitrations/a20110608.1
+ sendmail("bernhard@cacert.org", "[CAcert.org] ".$subject.(empty($country)?"":" (".$country.")")." - Report", "oa-mailing sent to $xrows recipients.", "support@cacert.org", "", "", "CAcert OA Support", "returns@cacert.org", 1);
+
+ echo "oa-mailing sent to $xrows recipients.\n";
+?>
diff --git a/scripts/oa03-csr_org_client_cert.txt b/scripts/oa03-csr_org_client_cert.txt
new file mode 100644
index 0000000..f766360
--- /dev/null
+++ b/scripts/oa03-csr_org_client_cert.txt
@@ -0,0 +1,58 @@
+[German version below]
+Dear Sir or Madam,
+ Dear CEO or CAcert Organisation Administrator,
+
+We're proud to announce that the software team has implemented a new variant
+to create Organisation Client Certificates!
+
+Until now, client certificates in an Organisation Account could only be created
+by using the browser feature to create a key pair and signing request in one
+run.
+
+The new feature is called CSR, Certificate Signing Request. The end user can
+create a CSR (certificate signing request) on his own computer and give it to
+the Organisation Administrator. The Organisation Administrator will copy & paste
+it into the web form and will receive the signed certificate which he will send
+back to the user. This means that the user generates the private key for the
+signed certificate.
+
+The key benefit of this approach is that the Organisation Administrator has no access to the end-user's private key.
+
+See also
+https://blog.cacert.org/2014/12/creating-certificates-with-csr-now-possible-for-org-accounts/
+https://wiki.cacert.org/OrganisationAssurance/OA/OrgAdmin/Handbook/EN#clientcert
+
+Best regards
+
+Marcus Maengel
+CAcert Organisation Assurance Officer
+
+[German version]
+Sehr geehrte Damen und Herren,
+ sehr geehrte CEO und Organisationsadministratoren,
+
+Wir freuen uns darüber, Ihnen mitteilen zu können, dass das Software Team einen
+weitere Methode der Software hinzugefügt hat, mit der man Organisations-Client-
+Zertifikate erstellen kann.
+
+Der bisher einzige Weg war es, die Organisations-Client-Zertifikate im Browser
+zu erstellen. Dabei werden sowohl der private Schlüssel erzeugt als auch das
+Signieren in einem Schritt durchgeführt.
+
+Die neue Methode nutzt den CSR (Certificate Signing Request). Ein Anwender kann
+auf seinem eigenen PC den privaten Schlüssel und den CSR erstellen. Letzterer
+wird an den Organisationsadminstrator gesendet. Der Organisationsadminstrator
+kopiert den CSR in das Web-Formular und erhält den signierten öffentlichen
+Schlüssel, der dann an den Anwender zurück gesendet wird.
+
+Ein Vorteil dieser Methode ist es, dass der Organisationsadministrator keinen
+Zugriff auf den privaten Schlüssel des Anwenders benötigt.
+
+Weiteres ist hier zu finden
+https://blog.cacert.org/2014/12/creating-certificates-with-csr-now-possible-for-org-accounts/
+https://wiki.cacert.org/OrganisationAssurance/OA/OrgAdmin/Handbook/DE#clientcert
+
+Mit freundlichen Grüßen
+
+Marcus Maengel
+CAcert Organisation Assurance Officer \ No newline at end of file
diff --git a/scripts/send_policy_cca_correct_20150221_1.php b/scripts/send_policy_cca_correct_20150221_1.php
new file mode 100644
index 0000000..797771a
--- /dev/null
+++ b/scripts/send_policy_cca_correct_20150221_1.php
@@ -0,0 +1,113 @@
+#!/usr/bin/php -q
+<?php
+/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once("../includes/mysql.php");
+
+// read texts
+
+$lines_EN = <<<EOF
+
+We have to inform you that there was an incorrect version of the CAcert Community Agreement (CCA) on the main website of CAcert for a couple of days.
+
+The CCA provides the general terms and conditions for all CAcert members. We may only issue certificates and sign PGP keys to those who have accepted these terms and conditions.
+
+Unfortunately, you are among those who have accepted the CCA while the incorrect version was online.
+
+The correct version of the CCA can be found at:
+http://www.cacert.org/policy/CAcertCommunityAgreement.html
+
+If you agree to this version, you do not need to do anything.
+
+If you do not accept this version, please send an email to support@cacert.org no later than 2015-03-08 to request termination of your CAcert membership. Terminating your membership will cause the revocation of all your certificates, the disabling of your login to the CAcert web interface and the anonymisation of your personal data.
+
+Most of the differences will probably not affect you. but they can be seen at:
+http://svn.cacert.org/CAcert/Policies/CAcertCommunityAgreement_20140708.html
+
+Major changes are:
+ * The CCA was changed to clearly be a general terms and conditions what makes it easier to join and exit as CAcert member. For CAcert it was obvious to do the change, because all CAcert members sign the same conditions without the possibility to strike or add personal clauses.
+ * More ways to accept the CCA were added.
+ * Termination of membership was clarified some more. Some other options beside the ruling of an Arbitrator were cautiously added.
+ * You have a new obligation to answer in arbitration cases. This seems to be obvious, but you never signed it before. In the past this was derived from some points within our Dispute Resolution Policy (DRP).
+ * Sharing of accounts and credentials was banned more clearly. Also the obligation to only use a certificate in the appropriate contexts was added. It was already part of the Certification Practice Statement (CPS).
+ * Some kinds of contributions as personal data are now excepted from the non-exclusive non-restrictive non-revocable transfer of licence to CAcert.
+ * Official communication with CAcert was simplified.
+ * Some deprecated references were removed.
+
+Sincerely,
+Eva Stöwe
+CAcert Policy Officer
+EOF;
+
+$lines_EN = wordwrap($lines_EN, 75, "\n");
+$lines_EN = mb_convert_encoding($lines_EN, "HTML-ENTITIES", "UTF-8");
+
+
+// read last used id
+$lastid = 0;
+if (file_exists("send_policy_cca_correct_20150221_1_lastid.txt"))
+{
+ $fp = fopen("send_policy_cca_correct_20150221_1_lastid.txt", "r");
+ $lastid = trim(fgets($fp, 4096));
+ fclose($fp);
+}
+
+echo "ID now: $lastid\n";
+
+
+$count = 0;
+
+$query = "
+
+ SELECT
+ users.id,
+ users.fname,
+ users.lname,
+ users.email,
+ COUNT(*) AS agreement_count
+ FROM user_agreements
+ LEFT JOIN users ON users.id = user_agreements.memid
+ WHERE user_agreements.date >= '2015-01-08 14:29:00'
+ AND user_agreements.date <= '2015-01-15 10:48:00'
+ AND user_agreements.document = 'CCA'
+ AND users.id NOT IN (
+ SELECT user_agreements.memid
+ FROM user_agreements
+ WHERE user_agreements.date < '2015-01-08 14:29:00'
+ AND user_agreements.document = 'CCA')
+ GROUP BY users.id";
+
+$res = mysql_query($query);
+
+while($row = mysql_fetch_assoc($res))
+{
+ $mailtxt = "Dear ${row["fname"]} ${row["lname"]},\n".$lines_EN."\n\n";
+
+ sendmail($row['email'], "[CAcert.org] CAcert Community Agreement (CCA)", $mailtxt, "support@cacert.org", "", "", "CAcert", "returns@cacert.org", "");
+
+ $fp = fopen("send_policy_cca_correct_20150221_1_lastid.txt", "w");
+ fputs($fp, $row["id"]."\n");
+ fclose($fp);
+
+ $count++;
+ echo "Sent ${count}th mail. User ID: ${row["id"]}\n";
+
+ if(0 == $count % 5) {
+ sleep (1);
+ }
+}
diff --git a/scripts/send_policy_cca_correct_20150221_2.php b/scripts/send_policy_cca_correct_20150221_2.php
new file mode 100644
index 0000000..fa9f384
--- /dev/null
+++ b/scripts/send_policy_cca_correct_20150221_2.php
@@ -0,0 +1,97 @@
+#!/usr/bin/php -q
+<?php
+/*
+ LibreSSL - CAcert web application
+ Copyright (C) 2004-2009 CAcert Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+*/
+include_once("../includes/mysql.php");
+
+// read texts
+
+$lines_EN = <<<EOF
+
+We have to inform you that there was an incorrect version of the CAcert Community Agreement (CCA) on the main website of CAcert for some a couple of days.
+
+The CCA is the general terms and conditions for CAcert. We may only issue certificates and sign PGP keys to those who have accepted those conditions.
+
+As you have accepted the CCA during that period, we want to give you a link to the correct version, to ensure that you are not confused about the different versions.
+
+The correct version of the CCA can be found at:
+http://www.cacert.org/policy/CAcertCommunityAgreement.html
+
+Sincerely,
+Eva Stöwe
+CAcert Policy Officer
+EOF;
+
+$lines_EN = wordwrap($lines_EN, 75, "\n");
+$lines_EN = mb_convert_encoding($lines_EN, "HTML-ENTITIES", "UTF-8");
+
+
+// read last used id
+$lastid = 0;
+if (file_exists("send_policy_cca_correct_20150221_2_lastid.txt"))
+{
+ $fp = fopen("send_policy_cca_correct_20150221_2_lastid.txt", "r");
+ $lastid = trim(fgets($fp, 4096));
+ fclose($fp);
+}
+
+echo "ID now: $lastid\n";
+
+
+$count = 0;
+
+$query = "
+
+ SELECT
+ users.id,
+ users.fname,
+ users.lname,
+ users.email,
+ COUNT(*) AS agreement_count
+ FROM user_agreements
+ LEFT JOIN users ON users.id = user_agreements.memid
+ WHERE user_agreements.date >= '2015-01-08 14:29:00'
+ AND user_agreements.date <= '2015-01-15 10:48:00'
+ AND user_agreements.document = 'CCA'
+ AND users.id IN (
+ SELECT users.id
+ FROM user_agreements
+ LEFT JOIN users ON users.id = user_agreements.memid
+ WHERE user_agreements.date < '2015-01-08 14:29:00'
+ AND user_agreements.document = 'CCA')
+ GROUP BY users.id";
+
+$res = mysql_query($query);
+
+while($row = mysql_fetch_assoc($res))
+{
+ $mailtxt = "Dear ${row["fname"]} ${row["lname"]},\n".$lines_EN."\n\n";
+
+ sendmail($row['email'], "[CAcert.org] CAcert Community Agreement (CCA)", $mailtxt, "support@cacert.org", "", "", "CAcert", "returns@cacert.org", "");
+
+ $fp = fopen("send_policy_cca_correct_20150221_2_lastid.txt", "w");
+ fputs($fp, $row["id"]."\n");
+ fclose($fp);
+
+ $count++;
+ echo "Sent ${count}th mail. User ID: ${row["id"]}\n";
+
+ if(0 == $count % 5) {
+ sleep (1);
+ }
+}
diff --git a/www/cap.html.php b/www/cap.html.php
index 8e5fe01..971cdbc 100644
--- a/www/cap.html.php
+++ b/www/cap.html.php
@@ -16,7 +16,7 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
loadem("index");
showheader(_("Identity Verification Form (CAP) form"));
- Version: $Id: cap.html.php,v 1.2 2011-06-10 18:30:41 wytze Exp $
+ Version: $Id: cap.html.php,v 1.3 2015/01/08 15:02:40 wytze Exp $
*/
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">', "\n";
echo '<html>', "\n";
@@ -38,18 +38,18 @@
echo '<div style="text-align: right;">', "\n";
echo '<big><big><span style="font-weight: bold;">'._("Identity Verification Form (CAP) form").'</span></big></big><br>', "\n";
echo '</div>', "\n";
- echo '<div style="text-align: right;">'.'CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - <a href="http://www.cacert.org/"> http://www.cacert.org/</a><br></div>', "\n";
+ echo '<div style="text-align: right;">'.'Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia - <a href="http://www.cacert.org/"> http://www.cacert.org/</a><br></div>', "\n";
- echo '<table border=1 cellspacing="0" cellpadding="0" bordercolor="lightblue" cellpadding="0" cellspacing="0" width="100%" style="color: white; background-color: rgb(112, 154, 186);" rules="groups">', "\n";
+ echo '<table border=1 cellspacing="0" cellpadding="0" bordercolor="lightblue" width="100%" style="color: white; background-color: rgb(112, 154, 186);" rules="groups">', "\n";
echo '<tbody>', "\n";
echo '<tr><td>', "\n";
echo '<tr>', "\n";
- echo ' <td align="left"><font size=-7>'._("CAcert's Root Certificate sha1 fingerprints").'</font></td>', "\n";
- echo ' <td align="right"><font size=-7>class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33</font></td>', "\n";
+ echo ' <td align="left"><font size=-7>'._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'</font></td>', "\n";
+ echo ' <td align="right"><font size=-7>class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</font></td>', "\n";
echo '</tr>', "\n";
echo '<tr>', "\n";
echo ' <td></td>', "\n";
- echo ' <td align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>', "\n";
+ echo ' <td align="right"><font size=-7>class 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</font></td>', "\n";
echo '<tr>', "\n";
echo '</font>', "\n";
echo '</td>', "\n";
diff --git a/www/cap.php b/www/cap.php
index 40b269a..b189b18 100644
--- a/www/cap.php
+++ b/www/cap.php
@@ -48,14 +48,18 @@
$this->SetFont('Arial','I',8);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','I',8);
- $this->Cell(0,0,'CAcert Inc. - PO Box 66 - Oatley NSW 2223 - Australia - http://www.CAcert.org',0,0,'C');
+ $this->Cell(0,0,'CAcert Inc. - Hangar 10 Airfield Avenue - Murwillumbah NSW 2484 - Australia - http://www.CAcert.org',0,0,'C');
$this->Ln(3);
$this->SetFont('Arial','',6);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','',6);
- $this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints")).": A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B "._("and")." 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33",0,0,'C');
- $this->SetLineWidth(0.05);
- $this->Line(1, 43, $this->w - 1, 43);
+ $this->Cell(0,0, recode($_SESSION['_config']['recode'], _("CAcert's Root Certificate fingerprints"). _(" (since 2019)")),0,0,'C');
+ $this->ln(3);
+ $this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA1: root: DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5 "._("and")." class3: A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0"),0,0,'C');
+ $this->ln(3);
+ $this->Cell(0,0, recode($_SESSION['_config']['recode'], "SHA256: root: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5 "._("and")." class3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544"),0,0,'C');
+ $this->SetLineWidth(0.05); // added 3 points to the abcissa 43 -> 46 to get second line fingerprints
+ $this->Line(1, 46, $this->w - 1, 46);
$this->SetLineWidth(0.2);
}
@@ -69,7 +73,7 @@
$date = date("Y-m-d");
// Show text blurb at top of page
- $this->SetY(45);
+ $this->SetY(48); // added 3 points to the abcissa 45 -> 48 to get second line fingerprints
$this->SetFont('Arial','',10);
if($_SESSION['_config']['language'] == "ja")
$this->SetFont('SJIS','',10);
diff --git a/www/capnew.php b/www/capnew.php
index 273b0e6..546b4e2 100644
--- a/www/capnew.php
+++ b/www/capnew.php
@@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// $Id: capnew.php,v 1.4 2012-01-24 14:26:05 root Exp $
-define('REV', '$Revision: 1.4 $');
+// $Id: capnew.php,v 1.5 2015/01/08 15:02:40 wytze Exp $
+define('REV', '$Revision: 1.5 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -297,7 +297,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
define('LIME', '#C7FF00'); // RGB 199 255 0
define('GREEN', '#00BE00'); // 0 190 0
-define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
+define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia');
define('WEB', 'http://www.cacert.org');
define('WIKI','http://wiki.cacert.org/wiki');
define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@@ -311,9 +311,13 @@ define('ARBIT', WIKI.'/ArbitrationForum');
define('CCA', 'CAcertCommunityAgreement'); // default policy to print
define('POLICY','policy/'); // default polciy doc directory
define('EXT','.html'); // default polciy doc extention, should be html
+/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
+define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
+define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
+/* finger print CAcert Root Key */ // not to use since 2019
/* finger print CAcert Root Key */ // should obtain this automatically
-define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
-define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
+define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
+define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
// next two are not used on the form
define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@@ -387,7 +391,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class CAPPDF extends TCPDF {
- // do cap form version numbering automatically '$Revision: 1.4 $'
+ // do cap form version numbering automatically '$Revision: 1.5 $'
/*public*/ function Version() {
strtok(REV, ' ');
return(strtok(' '));
@@ -918,7 +922,7 @@ class CAPPDF extends TCPDF {
$this->SetXY($savex,$savey);
// sha1 fingerprint CAcert rootkeys class 1 and class 3
- $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ', class 1: '. CLASS1_SHA1 . ', class 3: ' . CLASS3_SHA1;
+ $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints (since 2019)") ) . ', class 1: '. CLASS1_SHA256 . ', class 3: ' . CLASS3_SHA256;
$this->Ln(3); $this->SetX($this->lMargin);
$this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
$this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);
diff --git a/www/certs/class3_X0E.crt b/www/certs/class3_X0E.crt
new file mode 100644
index 0000000..d358c12
--- /dev/null
+++ b/www/certs/class3_X0E.crt
@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0xMTA1MjMxNzQ4MDJaFw0yMTA1MjAxNzQ4MDJaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4IBiDCCAYQwHQYDVR0OBBYEFHWocWBMiBPweNmJd7VtxYnfvLF6MA8G
+A1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMGCCsGAQUFBzABhhdodHRw
+Oi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYcaHR0cDovL3d3dy5DQWNl
+cnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUH
+AgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwNAYJYIZI
+AYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAw
+UAYJYIZIAYb4QgENBEMWQVRvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
+RlJFRSwgZ28gdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMB8GA1UdIwQYMBaAFBa1
+MhvUx/Pg5o7zvdKwOu6yORjRMA0GCSqGSIb3DQEBCwUAA4ICAQBakBbQNiNWZJWJ
+vI+spCDJJoqp81TkQBg/SstDxpt2CebKVKeMlAuSaNZZuxeXe2nqrdRM4SlbKBWP
+3Rn0lVknlxjbjwm5fXh6yLBCVrXq616xJtCXE74FHIbhNAUVsQa92jzQE2OEbTWU
+0D6Zghih+j+cN0eFiuDuc3iC1GuZMb/Zw21AXbkVxzZ4ipaL0YQgsSt1P22ipb69
+6OLkrURctgY2cHS4pI62VpRgkwJ/Lw2n+C9vtukozMhrlPSTA0OhNEGiGp2hRpWa
+hiG+HGcIYfAV9v7og3dO9TnS0XDbbk1RqXPpc/DtrJWzmZN0O4KIx0OtLJJWG9zp
+9JrJyO6USIFYgar0U8HHHoTccth+8vJirz7Aw4DlCujo27OoIksg3OzgX/DkvWYl
+0J8EMlXoH0iTv3qcroQItOUFsgilbjRba86Q5kLhnCxjdW2CbbNSp8vlZn0uFxd8
+spxQcXs0CIn19uvcQIo4Z4uQ+00Lg9xI9YFV9S2MbSanlNUlvbB4UvHkel0p6bGt
+Amp1dJBSkZOFm0Z6ek+G7w7R1aTifjGJrdw032O+VIKwCgu8DdskR0w0B68ydZn0
+ATnMnr5ExvcWkZBtCgQa2NvSKrcQnlaqo9icEF4XevI/VTezlb1LjYMWHVd5R6C2
+p4wTyVBIM8hjrLcKiChF43GRJtne7w==
+-----END CERTIFICATE-----
diff --git a/www/certs/class3_X0E.der b/www/certs/class3_X0E.der
new file mode 100644
index 0000000..417b714
--- /dev/null
+++ b/www/certs/class3_X0E.der
Binary files differ
diff --git a/www/certs/class3_X0E.txt b/www/certs/class3_X0E.txt
new file mode 100644
index 0000000..de63961
--- /dev/null
+++ b/www/certs/class3_X0E.txt
@@ -0,0 +1,139 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 14 (0xe)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+ Validity
+ Not Before: May 23 17:48:02 2011 GMT
+ Not After : May 20 17:48:02 2021 GMT
+ Subject: O=CAcert Inc., OU=http://www.CAcert.org, CN=CAcert Class 3 Root
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:ab:49:35:11:48:7c:d2:26:7e:53:94:cf:43:a9:
+ dd:28:d7:42:2a:8b:f3:87:78:19:58:7c:0f:9e:da:
+ 89:7d:e1:fb:eb:72:90:0d:74:a1:96:64:ab:9f:a0:
+ 24:99:73:da:e2:55:76:c7:17:7b:f5:04:ac:46:b8:
+ c3:be:7f:64:8d:10:6c:24:f3:61:9c:c0:f2:90:fa:
+ 51:e6:f5:69:01:63:c3:0f:56:e2:4a:42:cf:e2:44:
+ 8c:25:28:a8:c5:79:09:7d:46:b9:8a:f3:e9:f3:34:
+ 29:08:45:e4:1c:9f:cb:94:04:1c:81:a8:14:b3:98:
+ 65:c4:43:ec:4e:82:8d:09:d1:bd:aa:5b:8d:92:d0:
+ ec:de:90:c5:7f:0a:c2:e3:eb:e6:31:5a:5e:74:3e:
+ 97:33:59:e8:c3:03:3d:60:33:bf:f7:d1:6f:47:c4:
+ cd:ee:62:83:52:6e:2e:08:9a:a4:d9:15:18:91:a6:
+ 85:92:47:b0:ae:48:eb:6d:b7:21:ec:85:1a:68:72:
+ 35:ab:ff:f0:10:5d:c0:f4:94:a7:6a:d5:3b:92:7e:
+ 4c:90:05:7e:93:c1:2c:8b:a4:8e:62:74:15:71:6e:
+ 0b:71:03:ea:af:15:38:9a:d4:d2:05:72:6f:8c:f9:
+ 2b:eb:5a:72:25:f9:39:46:e3:72:1b:3e:04:c3:64:
+ 27:22:10:2a:8a:4f:58:a7:03:ad:be:b4:2e:13:ed:
+ 5d:aa:48:d7:d5:7d:d4:2a:7b:5c:fa:46:04:50:e4:
+ cc:0e:42:5b:8c:ed:db:f2:cf:fc:96:93:e0:db:11:
+ 36:54:62:34:38:8f:0c:60:9b:3b:97:56:38:ad:f3:
+ d2:5b:8b:a0:5b:ea:4e:96:b8:7c:d7:d5:a0:86:70:
+ 40:d3:91:29:b7:a2:3c:ad:f5:8c:bb:cf:1a:92:8a:
+ e4:34:7b:c0:d8:6c:5f:e9:0a:c2:c3:a7:20:9a:5a:
+ df:2c:5d:52:5c:ba:47:d5:9b:ef:24:28:70:38:20:
+ 2f:d5:7f:29:c0:b2:41:03:68:92:cc:e0:9c:cc:97:
+ 4b:45:ef:3a:10:0a:ab:70:3a:98:95:70:ad:35:b1:
+ ea:85:2b:a4:1c:80:21:31:a9:ae:60:7a:80:26:48:
+ 00:b8:01:c0:93:63:55:22:91:3c:56:e7:af:db:3a:
+ 25:f3:8f:31:54:ea:26:8b:81:59:f9:a1:d1:53:11:
+ c5:7b:9d:03:f6:74:11:e0:6d:b1:2c:3f:2c:86:91:
+ 99:71:9a:a6:77:8b:34:60:d1:14:b4:2c:ac:9d:af:
+ 8c:10:d3:9f:c4:6a:f8:6f:13:fc:73:59:f7:66:42:
+ 74:1e:8a:e3:f8:dc:d2:6f:98:9c:cb:47:98:95:40:
+ 05:fb:e9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 75:A8:71:60:4C:88:13:F0:78:D9:89:77:B5:6D:C5:89:DF:BC:B1:7A
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Authority Information Access:
+ OCSP - URI:http://ocsp.CAcert.org/
+ CA Issuers - URI:http://www.CAcert.org/ca.crt
+
+ X509v3 Certificate Policies:
+ Policy: 1.3.6.1.4.1.18506
+ CPS: http://www.CAcert.org/index.php?id=10
+
+ Netscape CA Policy Url:
+ http://www.CAcert.org/index.php?id=10
+ Netscape Comment:
+ To get your own certificate for FREE, go to http://www.CAcert.org
+ X509v3 Authority Key Identifier:
+ keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 5a:90:16:d0:36:23:56:64:95:89:bc:8f:ac:a4:20:c9:26:8a:
+ a9:f3:54:e4:40:18:3f:4a:cb:43:c6:9b:76:09:e6:ca:54:a7:
+ 8c:94:0b:92:68:d6:59:bb:17:97:7b:69:ea:ad:d4:4c:e1:29:
+ 5b:28:15:8f:dd:19:f4:95:59:27:97:18:db:8f:09:b9:7d:78:
+ 7a:c8:b0:42:56:b5:ea:eb:5e:b1:26:d0:97:13:be:05:1c:86:
+ e1:34:05:15:b1:06:bd:da:3c:d0:13:63:84:6d:35:94:d0:3e:
+ 99:82:18:a1:fa:3f:9c:37:47:85:8a:e0:ee:73:78:82:d4:6b:
+ 99:31:bf:d9:c3:6d:40:5d:b9:15:c7:36:78:8a:96:8b:d1:84:
+ 20:b1:2b:75:3f:6d:a2:a5:be:bd:e8:e2:e4:ad:44:5c:b6:06:
+ 36:70:74:b8:a4:8e:b6:56:94:60:93:02:7f:2f:0d:a7:f8:2f:
+ 6f:b6:e9:28:cc:c8:6b:94:f4:93:03:43:a1:34:41:a2:1a:9d:
+ a1:46:95:9a:86:21:be:1c:67:08:61:f0:15:f6:fe:e8:83:77:
+ 4e:f5:39:d2:d1:70:db:6e:4d:51:a9:73:e9:73:f0:ed:ac:95:
+ b3:99:93:74:3b:82:88:c7:43:ad:2c:92:56:1b:dc:e9:f4:9a:
+ c9:c8:ee:94:48:81:58:81:aa:f4:53:c1:c7:1e:84:dc:72:d8:
+ 7e:f2:f2:62:af:3e:c0:c3:80:e5:0a:e8:e8:db:b3:a8:22:4b:
+ 20:dc:ec:e0:5f:f0:e4:bd:66:25:d0:9f:04:32:55:e8:1f:48:
+ 93:bf:7a:9c:ae:84:08:b4:e5:05:b2:08:a5:6e:34:5b:6b:ce:
+ 90:e6:42:e1:9c:2c:63:75:6d:82:6d:b3:52:a7:cb:e5:66:7d:
+ 2e:17:17:7c:b2:9c:50:71:7b:34:08:89:f5:f6:eb:dc:40:8a:
+ 38:67:8b:90:fb:4d:0b:83:dc:48:f5:81:55:f5:2d:8c:6d:26:
+ a7:94:d5:25:bd:b0:78:52:f1:e4:7a:5d:29:e9:b1:ad:02:6a:
+ 75:74:90:52:91:93:85:9b:46:7a:7a:4f:86:ef:0e:d1:d5:a4:
+ e2:7e:31:89:ad:dc:34:df:63:be:54:82:b0:0a:0b:bc:0d:db:
+ 24:47:4c:34:07:af:32:75:99:f4:01:39:cc:9e:be:44:c6:f7:
+ 16:91:90:6d:0a:04:1a:d8:db:d2:2a:b7:10:9e:56:aa:a3:d8:
+ 9c:10:5e:17:7a:f2:3f:55:37:b3:95:bd:4b:8d:83:16:1d:57:
+ 79:47:a0:b6:a7:8c:13:c9:50:48:33:c8:63:ac:b7:0a:88:28:
+ 45:e3:71:91:26:d9:de:ef
+-----BEGIN CERTIFICATE-----
+MIIG0jCCBLqgAwIBAgIBDjANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0xMTA1MjMxNzQ4MDJaFw0yMTA1MjAxNzQ4MDJaMFQxFDAS
+BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v
+cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9
+4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB
+Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J
+0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ
+FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx
+bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q
+SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb
+6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV
+m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g
+eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG
+kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7
+6QIDAQABo4IBiDCCAYQwHQYDVR0OBBYEFHWocWBMiBPweNmJd7VtxYnfvLF6MA8G
+A1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMGCCsGAQUFBzABhhdodHRw
+Oi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYcaHR0cDovL3d3dy5DQWNl
+cnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUH
+AgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwNAYJYIZI
+AYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAw
+UAYJYIZIAYb4QgENBEMWQVRvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
+RlJFRSwgZ28gdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMB8GA1UdIwQYMBaAFBa1
+MhvUx/Pg5o7zvdKwOu6yORjRMA0GCSqGSIb3DQEBCwUAA4ICAQBakBbQNiNWZJWJ
+vI+spCDJJoqp81TkQBg/SstDxpt2CebKVKeMlAuSaNZZuxeXe2nqrdRM4SlbKBWP
+3Rn0lVknlxjbjwm5fXh6yLBCVrXq616xJtCXE74FHIbhNAUVsQa92jzQE2OEbTWU
+0D6Zghih+j+cN0eFiuDuc3iC1GuZMb/Zw21AXbkVxzZ4ipaL0YQgsSt1P22ipb69
+6OLkrURctgY2cHS4pI62VpRgkwJ/Lw2n+C9vtukozMhrlPSTA0OhNEGiGp2hRpWa
+hiG+HGcIYfAV9v7og3dO9TnS0XDbbk1RqXPpc/DtrJWzmZN0O4KIx0OtLJJWG9zp
+9JrJyO6USIFYgar0U8HHHoTccth+8vJirz7Aw4DlCujo27OoIksg3OzgX/DkvWYl
+0J8EMlXoH0iTv3qcroQItOUFsgilbjRba86Q5kLhnCxjdW2CbbNSp8vlZn0uFxd8
+spxQcXs0CIn19uvcQIo4Z4uQ+00Lg9xI9YFV9S2MbSanlNUlvbB4UvHkel0p6bGt
+Amp1dJBSkZOFm0Z6ek+G7w7R1aTifjGJrdw032O+VIKwCgu8DdskR0w0B68ydZn0
+ATnMnr5ExvcWkZBtCgQa2NvSKrcQnlaqo9icEF4XevI/VTezlb1LjYMWHVd5R6C2
+p4wTyVBIM8hjrLcKiChF43GRJtne7w==
+-----END CERTIFICATE-----
diff --git a/www/certs/root_X0F.crt b/www/certs/root_X0F.crt
new file mode 100644
index 0000000..8ef0716
--- /dev/null
+++ b/www/certs/root_X0F.crt
@@ -0,0 +1,40 @@
+-----BEGIN CERTIFICATE-----
+MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8w
+ggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTAD
+AQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
+cGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlm
+aWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9y
+ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tl
+LmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9y
+ZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
+c3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TAN
+BgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0q
+Ih1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtja
+JQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad9
+4SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6
+cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9i
+vmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe
++0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/h
+JCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmx
+XdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eN
+aQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n
+1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVr
+Gwc=
+-----END CERTIFICATE-----
diff --git a/www/certs/root_X0F.der b/www/certs/root_X0F.der
new file mode 100644
index 0000000..e827487
--- /dev/null
+++ b/www/certs/root_X0F.der
Binary files differ
diff --git a/www/certs/root_X0F.txt b/www/certs/root_X0F.txt
new file mode 100644
index 0000000..428e0bc
--- /dev/null
+++ b/www/certs/root_X0F.txt
@@ -0,0 +1,142 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 15 (0xf)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+ Validity
+ Not Before: Mar 30 12:29:49 2003 GMT
+ Not After : Mar 29 12:29:49 2033 GMT
+ Subject: O=Root CA, OU=http://www.cacert.org, CN=CA Cert Signing Authority/emailAddress=support@cacert.org
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (4096 bit)
+ Modulus:
+ 00:ce:22:c0:e2:46:7d:ec:36:28:07:50:96:f2:a0:
+ 33:40:8c:4b:f1:3b:66:3f:31:e5:6b:02:36:db:d6:
+ 7c:f6:f1:88:8f:4e:77:36:05:41:95:f9:09:f0:12:
+ cf:46:86:73:60:b7:6e:7e:e8:c0:58:64:ae:cd:b0:
+ ad:45:17:0c:63:fa:67:0a:e8:d6:d2:bf:3e:e7:98:
+ c4:f0:4c:fa:e0:03:bb:35:5d:6c:21:de:9e:20:d9:
+ ba:cd:66:32:37:72:fa:f7:08:f5:c7:cd:58:c9:8e:
+ e7:0e:5e:ea:3e:fe:1c:a1:14:0a:15:6c:86:84:5b:
+ 64:66:2a:7a:a9:4b:53:79:f5:88:a2:7b:ee:2f:0a:
+ 61:2b:8d:b2:7e:4d:56:a5:13:ec:ea:da:92:9e:ac:
+ 44:41:1e:58:60:65:05:66:f8:c0:44:bd:cb:94:f7:
+ 42:7e:0b:f7:65:68:98:51:05:f0:f3:05:91:04:1d:
+ 1b:17:82:ec:c8:57:bb:c3:6b:7a:88:f1:b0:72:cc:
+ 25:5b:20:91:ec:16:02:12:8f:32:e9:17:18:48:d0:
+ c7:05:2e:02:30:42:b8:25:9c:05:6b:3f:aa:3a:a7:
+ eb:53:48:f7:e8:d2:b6:07:98:dc:1b:c6:34:7f:7f:
+ c9:1c:82:7a:05:58:2b:08:5b:f3:38:a2:ab:17:5d:
+ 66:c9:98:d7:9e:10:8b:a2:d2:dd:74:9a:f7:71:0c:
+ 72:60:df:cd:6f:98:33:9d:96:34:76:3e:24:7a:92:
+ b0:0e:95:1e:6f:e6:a0:45:38:47:aa:d7:41:ed:4a:
+ b7:12:f6:d7:1b:83:8a:0f:2e:d8:09:b6:59:d7:aa:
+ 04:ff:d2:93:7d:68:2e:dd:8b:4b:ab:58:ba:2f:8d:
+ ea:95:a7:a0:c3:54:89:a5:fb:db:8b:51:22:9d:b2:
+ c3:be:11:be:2c:91:86:8b:96:78:ad:20:d3:8a:2f:
+ 1a:3f:c6:d0:51:65:87:21:b1:19:01:65:7f:45:1c:
+ 87:f5:7c:d0:41:4c:4f:29:98:21:fd:33:1f:75:0c:
+ 04:51:fa:19:77:db:d4:14:1c:ee:81:c3:1d:f5:98:
+ b7:69:06:91:22:dd:00:50:cc:81:31:ac:12:07:7b:
+ 38:da:68:5b:e6:2b:d4:7e:c9:5f:ad:e8:eb:72:4c:
+ f3:01:e5:4b:20:bf:9a:a6:57:ca:91:00:01:8b:a1:
+ 75:21:37:b5:63:0d:67:3e:46:4f:70:20:67:ce:c5:
+ d6:59:db:02:e0:f0:d2:cb:cd:ba:62:b7:90:41:e8:
+ dd:20:e4:29:bc:64:29:42:c8:22:dc:78:9a:ff:43:
+ ec:98:1b:09:51:4b:5a:5a:c2:71:f1:c4:cb:73:a9:
+ e5:a1:0b
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ Netscape CA Policy Url:
+ http://www.cacert.org/index.php?id=10
+ Netscape Comment:
+ To get your own certificate for FREE head over to http://www.cacert.org
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://crl.cacert.org/revoke.crl
+
+ Netscape CA Revocation Url:
+ URI:http://crl.cacert.org/revoke.crl
+ Authority Information Access:
+ OCSP - URI:http://ocsp.cacert.org
+
+ X509v3 Authority Key Identifier:
+ keyid:16:B5:32:1B:D4:C7:F3:E0:E6:8E:F3:BD:D2:B0:3A:EE:B2:39:18:D1
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 47:9c:d7:b3:a2:17:d3:52:53:b7:b4:6a:dd:bf:9b:35:15:21:
+ 6c:ef:6f:18:13:20:81:cc:e8:ed:1d:2a:22:1d:64:76:14:ba:
+ 5b:37:2b:0e:83:ba:3e:4a:6e:46:0d:0b:de:a3:3b:61:00:7a:
+ a7:0d:95:fa:e6:f3:17:bc:65:e0:2d:07:5a:5b:5f:cc:f4:db:
+ cc:01:dd:26:d8:da:25:0c:3b:41:a0:65:98:06:29:37:60:8b:
+ 07:a2:5e:83:ca:bf:d5:7a:60:77:0f:fe:20:fd:46:47:07:60:
+ ef:15:29:45:e5:00:e3:cd:a5:e0:c1:f5:91:fd:16:d1:a7:7d:
+ e1:2b:88:7c:d5:90:1d:c7:4b:02:99:a7:a3:f4:94:87:56:e9:
+ 67:27:96:ac:c9:e5:86:41:8d:0c:a3:31:08:24:17:43:7e:b4:
+ 4f:01:47:73:c7:5f:10:06:aa:e6:bc:ba:71:9c:e6:d6:87:ad:
+ ae:44:af:88:4d:aa:a1:fc:6f:bf:55:45:89:0f:bd:4d:7d:ff:
+ ce:41:02:0a:c5:01:fc:48:cf:33:49:71:14:19:ae:f5:3e:48:
+ 87:e1:2a:9e:cf:62:be:6a:c4:21:00:ef:f6:d3:72:24:7b:8b:
+ b0:33:6a:6d:40:5a:97:b3:a8:88:f6:67:5e:4f:4b:1f:ea:9b:
+ fa:92:df:d6:87:ef:e6:7a:32:e6:f5:f6:6b:93:8a:79:b1:de:
+ fb:41:31:fc:0e:de:f8:6f:c7:b8:e8:d5:36:a8:59:f6:3e:4d:
+ 8a:ca:5f:ab:dc:cd:c8:e1:c6:58:3f:28:7e:3f:03:1f:00:79:
+ d0:bd:57:87:91:fe:11:b2:28:81:af:e1:24:24:27:46:dc:56:
+ 90:73:fa:f7:d4:f5:26:92:c5:63:06:a9:82:99:62:bc:5e:13:
+ 16:fe:1f:aa:9d:27:1d:32:82:d7:1f:60:1a:b2:20:be:e6:09:
+ 97:5b:71:20:a9:b1:5d:d7:c9:ce:0b:1c:33:3a:a9:69:b8:6d:
+ 1c:e3:17:3a:2c:10:06:95:b3:c8:99:28:7c:5f:f0:e7:97:b4:
+ 2e:db:59:0c:19:04:b2:29:55:fe:f5:b4:08:9b:0f:b3:77:8d:
+ 69:01:7e:88:c5:ac:70:63:a4:80:b1:65:5a:c0:12:dc:7c:32:
+ 89:82:cd:26:8d:ba:6a:ac:96:3d:a2:1d:73:c1:38:72:4e:d2:
+ 93:4f:16:ac:5a:c7:20:ad:c4:1e:be:27:d4:56:70:98:ba:45:
+ 02:fb:9c:2a:a8:25:d2:1a:fe:da:3c:a9:ca:1e:69:b8:0d:ca:
+ 92:c1:c5:dc:2b:14:ce:33:14:bf:3c:4c:87:29:21:f7:3a:cc:
+ c5:00:07:2c:15:6b:1b:07
+-----BEGIN CERTIFICATE-----
+MIIG7jCCBNagAwIBAgIBDzANBgkqhkiG9w0BAQsFADB5MRAwDgYDVQQKEwdSb290
+IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
+IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
+Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
+BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
+MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
+ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
+8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
+zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
+fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
+w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
+G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
+epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
+laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
+QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
+fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
+YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAX8w
+ggF7MB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TAPBgNVHRMBAf8EBTAD
+AQH/MDQGCWCGSAGG+EIBCAQnFiVodHRwOi8vd3d3LmNhY2VydC5vcmcvaW5kZXgu
+cGhwP2lkPTEwMFYGCWCGSAGG+EIBDQRJFkdUbyBnZXQgeW91ciBvd24gY2VydGlm
+aWNhdGUgZm9yIEZSRUUgaGVhZCBvdmVyIHRvIGh0dHA6Ly93d3cuY2FjZXJ0Lm9y
+ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tl
+LmNybDAzBglghkgBhvhCAQQEJhYkVVJJOmh0dHA6Ly9jcmwuY2FjZXJ0Lm9yZy9y
+ZXZva2UuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
+c3AuY2FjZXJ0Lm9yZzAfBgNVHSMEGDAWgBQWtTIb1Mfz4OaO873SsDrusjkY0TAN
+BgkqhkiG9w0BAQsFAAOCAgEAR5zXs6IX01JTt7Rq3b+bNRUhbO9vGBMggczo7R0q
+Ih1kdhS6WzcrDoO6PkpuRg0L3qM7YQB6pw2V+ubzF7xl4C0HWltfzPTbzAHdJtja
+JQw7QaBlmAYpN2CLB6Jeg8q/1Xpgdw/+IP1GRwdg7xUpReUA482l4MH1kf0W0ad9
+4SuIfNWQHcdLApmno/SUh1bpZyeWrMnlhkGNDKMxCCQXQ360TwFHc8dfEAaq5ry6
+cZzm1oetrkSviE2qofxvv1VFiQ+9TX3/zkECCsUB/EjPM0lxFBmu9T5Ih+Eqns9i
+vmrEIQDv9tNyJHuLsDNqbUBal7OoiPZnXk9LH+qb+pLf1ofv5noy5vX2a5OKebHe
++0Ex/A7e+G/HuOjVNqhZ9j5Nispfq9zNyOHGWD8ofj8DHwB50L1Xh5H+EbIoga/h
+JCQnRtxWkHP699T1JpLFYwapgplivF4TFv4fqp0nHTKC1x9gGrIgvuYJl1txIKmx
+XdfJzgscMzqpabhtHOMXOiwQBpWzyJkofF/w55e0LttZDBkEsilV/vW0CJsPs3eN
+aQF+iMWscGOkgLFlWsAS3HwyiYLNJo26aqyWPaIdc8E4ck7Sk08WrFrHIK3EHr4n
+1FZwmLpFAvucKqgl0hr+2jypyh5puA3KksHF3CsUzjMUvzxMhykh9zrMxQAHLBVr
+Gwc=
+-----END CERTIFICATE-----
diff --git a/www/coap.html.php b/www/coap.html.php
index 6291ea2..8cdb0eb 100644
--- a/www/coap.html.php
+++ b/www/coap.html.php
@@ -14,7 +14,7 @@
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Version: $Id: coap.html.php,v 1.2 2011-06-10 18:30:41 wytze Exp $
+ Version: $Id: coap.html.php,v 1.3 2015/01/08 15:02:41 wytze Exp $
*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
@@ -49,19 +49,19 @@ table#TAB1 td { border: 0 }
echo '<big><big><span style="font-weight: bold;">'._("Organisation Information (COAP) form").'</span></big></big><br>', "\n";
?>
</div>
-<div style="text-align: right;">CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia - <a href="http://www.cacert.org/">http://www.cacert.org</a><br></div>
+<div style="text-align: right;">Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia - <a href="http://www.cacert.org/">http://www.cacert.org</a><br></div>
<br>
<table style="border-bottom: solid; border-color: rgb(17, 86, 140)" cellspacing="0" cellpadding="0" width="100%">
<tbody>
<tr>
<?php
- echo ' <td border=0 align="left"><font size=-7>'._("CAcert's Root Certificate sha1 fingerprints").'</font></td>', "\n";
+ echo ' <td border=0 align="left"><font size=-7>'._("CAcert's Root Certificate sha256 fingerprints (since 2019)").'</font></td>', "\n";
?>
- <td border=0 align="right"><font size=-7>class 1: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33</font></td>
+ <td border=0 align="right"><font size=-7>class 1: 07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5</font></td>
</tr>
<tr>
<td border=0></td>
- <td border=0 align="right"><font size=-7>class 3: AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE</font></td>
+ <td border=0 align="right"><font size=-7>class 3: F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544</font></td>
<tr>
</font>
</td>
diff --git a/www/coapnew.php b/www/coapnew.php
index 5a161b4..866067f 100644
--- a/www/coapnew.php
+++ b/www/coapnew.php
@@ -17,8 +17,8 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-// $Id: coapnew.php,v 1.4 2012-01-24 14:26:05 root Exp $
-define('REV', '$Revision: 1.4 $');
+// $Id: coapnew.php,v 1.5 2015/01/08 15:02:41 wytze Exp $
+define('REV', '$Revision: 1.5 $');
/*
** Created from old cap.php 2003, which used the now obsoleted ftpdf package
@@ -332,7 +332,7 @@ define('LLBLUE','#D6E2EB'); // lighhter blue RGB 173 197 215
define('LIME', '#C7FF00'); // RGB 199 255 0
define('GREEN', '#00BE00'); // 0 190 0
-define('POBOX','CAcert Inc. - P.O. Box 4107 - Denistone East NSW 2112 - Australia');
+define('POBOX','Hangar 10 Airfield Avenue, Murwillumbah NSW 2484, New South Wales, (Commonwealth of) Australia ');
define('WEB', 'http://www.cacert.org');
define('WIKI','http://wiki.cacert.org/wiki');
define('ROOTKEYS','http://www.cacert.org/index.php?id=3');
@@ -346,9 +346,13 @@ define('ARBIT', WIKI."/ArbitrationForum");
define('CCA', "CAcertCommunityAgreement"); // default policy to print
define('POLICY','policy/'); // default polciy doc directory
define('EXT','.html'); // default polciy doc extention, should be html
+/* finger print CAcert Root Key SHA256 since 2019*/ // should obtain this automatically
+define('CLASS1_SHA256','07ED BD82 4A49 88CF EF42 15DA 20D4 8C2B 41D7 1529 D7C9 00F5 7092 6F27 7CC2 30C5');
+define('CLASS3_SHA256','F687 3D70 D675 96C2 ACBA 3440 1E69 738B 5270 1DD6 AB06 B497 49BC 5515 0936 D544');
+/* finger print CAcert Root Key */ // not to use since 2019
/* finger print CAcert Root Key */ // should obtain this automatically
-define('CLASS1_SHA1','135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33');
-define('CLASS3_SHA1','AD7C 3F64 FC44 39FE F4E9 0BE8 F47C 6CFA 8AAD FDCE');
+define('CLASS1_SHA1','DDFC DA54 1E75 77AD DCA8 7E88 27A9 8A50 6032 52A5');
+define('CLASS3_SHA1','A7C4 8FBE 6B02 6DBD 0EC1 B465 B88D D813 EE1D EFA0');
// next two are not used on the form
define('CLASS1_MD5','A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B');
define('CLASS3_MD5','F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42');
@@ -422,7 +426,7 @@ function utf8_is_ascii_ctrl($str) {
// extend TCPF with custom functions
class COAPPDF extends TCPDF {
- // do cap form version numbering automatically "$Revision: 1.4 $"
+ // do cap form version numbering automatically "$Revision: 1.5 $"
/*public*/ function Version() {
strtok(REV, " ");
return(strtok(" "));
@@ -935,7 +939,7 @@ class COAPPDF extends TCPDF {
$this->SetXY($savex,$savey);
// sha1 fingerprint CAcert rootkeys class 1 and class 3
- $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha1 fingerprints") ) . ", class 1: ". CLASS1_SHA1 . ", class 3: " . CLASS3_SHA1;
+ $strg = $this->unhtmlentities( _("CAcert's Root Certificate sha256 fingerprints") ) . ", class 1: ". CLASS1_SHA256 . ", class 3: " . CLASS3_SHA256;
$this->Ln(3); $this->SetX($this->lMargin);
$this->SetFont(FONT,'',F_SIZE * $this->colwidth / ($this->GetStringWidth($strg) +1));
$this->Cell($this->colwidth,10, $strg,0,0,'C',0,NULL);
diff --git a/www/index.php b/www/index.php
index e6fc06a..8c5560c 100644
--- a/www/index.php
+++ b/www/index.php
@@ -191,7 +191,9 @@ require_once('../includes/notary.inc.php');
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=1 and `deleted`=0 and `locked`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) > 0)
+ $query = "SELECT 1 FROM `users` WHERE `email`='$email' and (UNIX_TIMESTAMP(`lastLoginAttempt`) < UNIX_TIMESTAMP(CURRENT_TIMESTAMP) - 5 or `lastLoginAttempt` is NULL)" ;
+ $rateLimit = mysql_num_rows(mysql_query($query)) > 0;
+ if(mysql_num_rows($res) > 0 && $rateLimit)
{
$_SESSION['profile'] = "";
unset($_SESSION['profile']);
@@ -231,14 +233,16 @@ require_once('../includes/notary.inc.php');
header("location: https://".$_SERVER['HTTP_HOST']."/account.php");
}
exit;
+ } else if($rateLimit){
+ $query = "update `users` set `lastLoginAttempt`=CURRENT_TIMESTAMP WHERE `email`='$email'";
+ mysql_query($query);
}
$query = "select * from `users` where `email`='$email' and (`password`=old_password('$pword') or `password`=sha1('$pword') or
`password`=password('$pword')) and `verified`=0 and `deleted`=0";
$res = mysql_query($query);
- if(mysql_num_rows($res) <= 0)
- {
- $_SESSION['_config']['errmsg'] = _("Incorrect email address and/or Pass Phrase.");
+ if(!$rateLimit || mysql_num_rows($res) <= 0) {
+ $_SESSION['_config']['errmsg'] = _("Login failed due to incorrect email address, wrong passphrase or because the rate limit of one login per 5 seconds was hit.");
} else {
$_SESSION['_config']['errmsg'] = _("Your account has not been verified yet, please check your email account for the signup messages.");
}
diff --git a/www/policy/NRPDisclaimerAndLicence.php b/www/policy/NRPDisclaimerAndLicence.php
new file mode 100644
index 0000000..bee8f26
--- /dev/null
+++ b/www/policy/NRPDisclaimerAndLicence.php
@@ -0,0 +1,14 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head><title>NRP-DAL was replaced by the Root Distribution License</title></head>
+<body>
+<table border="1" bgcolor="#EEEEEE"><tr><td>
+
+The document "Non Related Persons - Disclaimer And Licence" was replaced by the Root Distribution Licence, which can be found <a href="/policy/RootDistributionLicense.php">here</a>.
+
+</td>
+</tr>
+</table>
+</body>
+</html>