2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2008 CAcert Inc.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
22 function showheader($title = "CAcert.org", $title2 = "")
24 global $id, $PHP_SELF;
27 if($PHP_SELF == "/wot.php")
29 if($PHP_SELF == "/gpg.php")
31 if($PHP_SELF == "/disputes.php")
33 if($PHP_SELF == "/advertising.php")
39 case 2: $expand = " explode('emailacc');"; break;
43 case 6: $expand = " explode('clicerts');"; break;
46 case 9: $expand = " explode('domains');"; break;
50 case 15: $expand = " explode('servercert');"; break;
57 case 513: $expand = " explode('mydetails');"; break;
61 case 19: $expand = " explode('clientorg');"; break;
65 case 23: $expand = " explode('serverorg');"; break;
77 case 35: $expand = " explode('orgadmin');"; break;
88 case 53: $expand = " explode('sysadmin');"; break;
99 case 512: $expand = " explode('WoT');"; break;
110 case 1010: $expand = " explode('gpg');"; break;
121 case 1510: $expand = " explode('disputes');"; break;
131 case 2009: $expand = " explode('advertising');"; break;
134 ?
><!DOCTYPE HTML
PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
137 <title
><?
=$title?
></title
>
138 <?
if(array_key_exists('header',$_SESSION) && $_SESSION['_config']['header'] != "") { ?
><?
=$_SESSION['_config']['header']?
><?
} ?
>
139 <link rel
="stylesheet" href
="/styles/default.css" type
="text/css" />
140 <meta http
-equiv
="Content-Type" content
="text/html; charset=utf-8" />
141 <script language
="JavaScript" type
="text/javascript">
142 function explode(e
) {
143 if (document
.getElementById(e
).style
.display
== 'none') {
144 document
.getElementById(e
).style
.display
= 'block';
146 document
.getElementById(e
).style
.display
= 'none';
151 var Nodes
= document
.getElementsByTagName('ul')
152 var max
= Nodes
.length
153 for(var i
= 0;i
< max
;i++
) {
154 var nodeObj
= Nodes
.item(i
)
155 if (nodeObj
.className
== "menu") {
156 nodeObj
.style
.display
= 'none';
162 <body onload
="hideall(); explode('home');<?=$expand?>">
164 <div id
="pageName"><br
>
165 <div id
="pageLogo"><a href
="http://<?=$_SESSION['_config']['normalhostname']?>"><img src
="/images/cacert4.png" border
="0" alt
="CAcert.org logo"></a
></div
>
166 <div id
="googlead"><h2
><?
=_("Free digital certificates!")?
></h2
></div
>
169 <div
class="relatedLinks">
171 <ul
class="menu" id
="home"><li
><a href
="/index.php"><?
=_("Go Home")?
></a
></li
><li
><a href
="account.php?id=logout"><?
=_("Logout")?
></a
></li
></ul
>
173 <div
class="relatedLinks">
174 <h3
class="pointer" onclick
="explode('mydetails')">+
<?
=_("My Details")?
></h3
>
175 <ul
class="menu" id
="mydetails"><li
><a href
="account.php?id=13"><?
=_("Edit")?
></a
></li
><li
><a href
="account.php?id=14"><?
=_("Change Password")?
></a
></li
><li
><a href
="account.php?id=41"><?
=_("Default Language")?
></a
></li
><li
><a href
="wot.php?id=8"><?
=_("My Listing")?
></a
></li
><li
><a href
="wot.php?id=13"><?
=_("My Location")?
></a
></li
><li
><a href
="account.php?id=36"><?
=_("My Alert Settings")?
></a
></li
><li
><a href
="wot.php?id=10"><?
=_("My Points")?
></a
></li
><?
176 if($_SESSION['profile']['id'] == 1 ||
$_SESSION['profile']['id'] == 5897)
177 echo "<li><a href='sqldump.php'>SQL Dump</a></li>";
180 <div
class="relatedLinks">
181 <h3
class="pointer" onclick
="explode('emailacc')">+
<?
=_("Email Accounts")?
></h3
>
182 <ul
class="menu" id
="emailacc"><li
><a href
="account.php?id=1"><?
=_("Add")?
></a
></li
><li
><a href
="account.php?id=2"><?
=_("View")?
></a
></li
></ul
>
184 <div
class="relatedLinks">
185 <h3
class="pointer" onclick
="explode('clicerts')">+
<?
=_("Client Certificates")?
></h3
>
186 <ul
class="menu" id
="clicerts"><li
><a href
="account.php?id=3"><?
=_("New")?
></a
></li
><li
><a href
="account.php?id=5"><?
=_("View")?
></a
></li
></ul
>
188 <?
if($_SESSION['profile']['points'] >= 50) { ?
>
189 <div
class="relatedLinks">
190 <h3
class="pointer" onclick
="explode('gpg')">+
<?
=_("GPG/PGP Keys")?
></h3
>
191 <ul
class="menu" id
="gpg"><li
><a href
="gpg.php?id=0"><?
=_("New")?
></a
></li
><li
><a href
="gpg.php?id=2"><?
=_("View")?
></a
></li
></ul
>
194 <div
class="relatedLinks">
195 <h3
class="pointer" onclick
="explode('domains')">+
<?
=_("Domains")?
></h3
>
196 <ul
class="menu" id
="domains"><li
><a href
="account.php?id=7"><?
=_("Add")?
></a
></li
><li
><a href
="account.php?id=9"><?
=_("View")?
></a
></li
></ul
>
198 <div
class="relatedLinks">
199 <h3
class="pointer" onclick
="explode('servercert')">+
<?
=_("Server Certificates")?
></h3
>
200 <ul
class="menu" id
="servercert"><li
><a href
="account.php?id=10"><?
=_("New")?
></a
></li
><li
><a href
="account.php?id=12"><?
=_("View")?
></a
></li
></ul
>
202 <?
if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."'")) > 0 ||
$_SESSION['profile']['orgadmin'] == 1) { ?
>
203 <div
class="relatedLinks">
204 <h3
class="pointer" onclick
="explode('clientorg')">+
<?
=_("Org Client Certs")?
></h3
>
205 <ul
class="menu" id
="clientorg"><li
><a href
="account.php?id=16"><?
=_("New")?
></a
></li
><li
><a href
="account.php?id=18"><?
=_("View")?
></a
></li
></ul
>
207 <div
class="relatedLinks">
208 <h3
class="pointer" onclick
="explode('serverorg')">+
<?
=_("Org Server Certs")?
></h3
>
209 <ul
class="menu" id
="serverorg"><li
><a href
="account.php?id=20"><?
=_("New")?
></a
></li
><li
><a href
="account.php?id=22"><?
=_("View")?
></a
></li
></ul
>
212 <?
if(mysql_num_rows(mysql_query("select * from `org` where `memid`='".intval($_SESSION['profile']['id'])."' and `masteracc`='1'")) > 0 ||
$_SESSION['profile']['orgadmin'] == 1) { ?
>
213 <div
class="relatedLinks">
214 <h3
class="pointer" onclick
="explode('orgadmin')">+
<?
=_("Org Admin")?
></h3
>
215 <ul
class="menu" id
="orgadmin"><?
if($_SESSION['profile']['orgadmin'] == 1) { ?
><li
><a href
="account.php?id=24"><?
=_("New Organisation")?
></a
></li
><li
><a href
="account.php?id=25"><?
=_("View Organisations")?
></a
></li
><?
} ?
><li
><a href
="account.php?id=35"><?
=_("View")?
></a
></li
></ul
>
218 <div
class="relatedLinks">
219 <h3
class="pointer" onclick
="explode('WoT')">+
<?
=_("CAcert Web of Trust")?
></h3
>
220 <ul
class="menu" id
="WoT"><li
><a href
="wot.php?id=0"><?
=_("About")?
></a
></li
><li
><a href
="wot.php?id=12"><?
=_("Find an Assurer")?
></a
></li
><li
><a href
="wot.php?id=3"><?
=_("Rules")?
></a
></li
><li
><?
if($_SESSION['profile']['assurer'] != 1) { ?
><a href
="wot.php?id=2"><?
=_("Becoming an Assurer")?
></a
><?
} else { ?
><a href
="wot.php?id=5"><?
=_("Assure Someone")?
></a
><?
} ?
></li
><li
><a href
="wot.php?id=4"><?
=_("Trusted ThirdParties")?
></a
></li
><?
if($_SESSION['profile']['points'] >= 500) { ?
><li
><a href
="wot.php?id=11"><div style
="white-space:nowrap"><?
=_("Organisation Assurance")?
></div
></a
></li
><?
} ?
><li
><a href
="account.php?id=55"><?
=_("Training")?
></a
></li
></ul
>
222 <div
class="relatedLinks">
223 <h3
class="pointer" onclick
="explode('WoTForms')">+
<?
=_("CAP Forms")?
></h3
><?
224 $name = $_SESSION['profile']['fname']." ".$_SESSION['profile']['mname']." ".$_SESSION['profile']['lname']." ".$_SESSION['profile']['suffix'];
225 while(strstr($name, " "))
226 $name = str_replace(" ", " ", $name);
227 $extra = "?name=".urlencode($name);
228 $extra .= "&dob=".urlencode($_SESSION['profile']['dob']);
229 $extra .= "&email=".urlencode($_SESSION['profile']['email']);
231 $extra2 = "?assurer=".urlencode($name)."&date=now&maxpoints=".maxpoints();
233 <ul
class="menu" id
="WoTForms">
234 <li
><a href
="/cap.php<?=$extra?>">A4
- <?
=_("WoT Form")?
></a
></li
>
235 <li
><a href
="/cap.php<?=$extra?>&format=letter">US
- <?
=_("WoT Form")?
></a
></li
>
236 <?
/* <li><div style="white-space:nowrap"><a href="/ttp.php<?=$extra?>">A4 - <?=_("TTP Form")?></a></div></li>
237 <li><div style="white-space:nowrap"><a href="/ttp.php<?=$extra?>&format=letter">US - <?=_("TTP Form")?></a></div></li> */
239 <?
if($_SESSION['profile']['points'] > 100) { ?
><li
><div style
="white-space:nowrap"><a href
="/cap.php<?=$extra2?>">A4
- <?
=_("Assurance Form")?
></a
></div
></li
>
240 <li
><div style
="white-space:nowrap"><a href
="/cap.php<?=$extra2?>&format=letter">US
- <?
=_("Assurance Form")?
></a
></div
></li
>
243 <li><div style="white-space:nowrap"><a href="/ttp.php">A4 - <?=_("Blank TTP Form")?></a></div></li>
244 <li><div style="white-space:nowrap"><a href="/ttp.php?&format=letter">US - <?=_("Blank TTP Form")?></a></div></li>
246 <li
><div style
="white-space:nowrap"><a href
="/cap.php">A4
- <?
=_("Blank CAP Form")?
></a
></div
></li
>
247 <li
><div style
="white-space:nowrap"><a href
="/cap.php?&format=letter">US
- <?
=_("Blank CAP Form")?
></a
></div
></li
></ul
>
249 <?
if($_SESSION['profile']['admin'] == 1 ||
$_SESSION['profile']['locadmin'] == 1) { ?
>
250 <div
class="relatedLinks">
251 <h3
class="pointer" onclick
="explode('sysadmin')">+
<?
=_("System Admin")?
></h3
>
252 <ul
class="menu" id
="sysadmin"><?
if($_SESSION['profile']['admin'] == 1) { ?
><li
><a href
="account.php?id=42"><?
=_("Find User")?
></a
></li
><li
><a href
="account.php?id=48"><?
=_("Find Domain")?
></a
></li
><?
} if($_SESSION['profile']['locadmin'] == 1) { ?
><li
><a href
="account.php?id=53"><?
=_("Location DB")?
></a
></li
><?
} ?
></ul
>
255 <div
class="relatedLinks">
256 <h3
class="pointer" onclick
="explode('disputes')">+
<?
=_("Disputes/Abuses")?
></h3
>
257 <ul
class="menu" id
="disputes"><li
><a href
="disputes.php?id=0"><?
=_("More Information")?
></a
></li
><li
><a href
="disputes.php?id=1"><?
=_("Email Dispute")?
></a
></li
><li
><a href
="disputes.php?id=2"><?
=_("Domain Dispute")?
></a
></li
><?
if($_SESSION['profile']['admin'] == 1) { ?
><li
><a href
="disputes.php?id=3"><?
=_("Abuses")?
></a
></li
><?
} ?
></ul
>
259 <?
if($_SESSION['profile']['adadmin'] >= 1) { ?
>
260 <div
class="relatedLinks">
261 <h3
class="pointer" onclick
="explode('advertising')">+
<?
=_("Advertising")?
></h3
>
262 <ul
class="menu" id
="advertising"><li
><a href
="advertising.php?id=1"><?
=_("New Ad")?
></a
></li
><li
><a href
="advertising.php?id=0"><?
=_("View Ads")?
></a
></li
></ul
>
268 <h3
><?
=$title2?
></h3
>
269 <?
if($_SESSION['_config']['errmsg'] != "") { ?
>
270 <p
><font color
="#ff0000" size
="+2"><?
echo $_SESSION['_config']['errmsg']; $_SESSION['_config']['errmsg'] = ""; ?
> </font
></p
>
275 function showfooter()
280 <div id
="siteInfo"><a href
="account.php?id=37"><?
=_("About Us")?
></a
> |
<a href
="account.php?id=38"><?
=_("Donations")?
></a
> |
<a href
="http://wiki.cacert.org/wiki/CAcertIncorporated"><?
=_("Association Membership")?
></a
> |
281 <a href
="account.php?id=39"><?
=_("Privacy Policy")?
></a
> |
<a href
="account.php?id=40"><?
=_("Contact Us")?
></a
>
282 |
©
;2002-<?
=date("Y")?
> <?
=_("by CAcert")?
></div
>
289 * Produces a log entry with the error message with log level E_USER_WARN
290 * and a random ID an returns a message that can be displayed to the user
291 * including the generated ID
293 * @param $errormessage string
294 * The error message that should be logged
295 * @return string containing the generated ID that can be displayed to the
298 function failWithId($errormessage) {
300 trigger_error("$errormessage. ID: $errorId", E_USER_WARNING
);
301 return sprintf(_("Something went wrong when processing your request. ".
302 "Please contact %s for help and provide them with the ".
304 "<a href='mailto:support@cacert.org?subject=System%20Error%20-%20".
305 "ID%3A%20$errorId'>support@cacert.org</a>",
310 * Checks whether the given CSR contains a vulnerable key
313 * The CSR to be checked
314 * @param $encoding string [optional]
315 * The encoding the CSR is in (for the "-inform" parameter of OpenSSL,
316 * currently only "PEM" (default) or "DER" allowed)
317 * @return string containing the reason if the key is considered weak,
318 * empty string otherwise
320 function checkWeakKeyCSR($csr, $encoding = "PEM")
322 // non-PEM-encodings may be binary so don't use echo
323 $descriptorspec = array(
324 0 => array("pipe", "r"), // STDIN for child
325 1 => array("pipe", "w"), // STDOUT for child
327 $encoding = escapeshellarg($encoding);
328 $proc = proc_open("openssl req -inform $encoding -text -noout",
329 $descriptorspec, $pipes);
331 if (is_resource($proc))
333 fwrite($pipes[0], $csr);
337 while (!feof($pipes[1]))
339 $csrText .= fread($pipes[1], 8192);
343 if (($status = proc_close($proc)) !== 0 ||
$csrText === "")
345 return _("I didn't receive a valid Certificate Request, hit ".
346 "the back button and try again.");
349 return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
353 return checkWeakKeyText($csrText);
357 * Checks whether the given X509 certificate contains a vulnerable key
359 * @param $cert string
360 * The X509 certificate to be checked
361 * @param $encoding string [optional]
362 * The encoding the certificate is in (for the "-inform" parameter of
363 * OpenSSL, currently only "PEM" (default), "DER" or "NET" allowed)
364 * @return string containing the reason if the key is considered weak,
365 * empty string otherwise
367 function checkWeakKeyX509($cert, $encoding = "PEM")
369 // non-PEM-encodings may be binary so don't use echo
370 $descriptorspec = array(
371 0 => array("pipe", "r"), // STDIN for child
372 1 => array("pipe", "w"), // STDOUT for child
374 $encoding = escapeshellarg($encoding);
375 $proc = proc_open("openssl x509 -inform $encoding -text -noout",
376 $descriptorspec, $pipes);
378 if (is_resource($proc))
380 fwrite($pipes[0], $cert);
384 while (!feof($pipes[1]))
386 $certText .= fread($pipes[1], 8192);
390 if (($status = proc_close($proc)) !== 0 ||
$certText === "")
392 return _("I didn't receive a valid Certificate Request, hit ".
393 "the back button and try again.");
396 return failWithId("checkWeakKeyCSR(): Failed to start OpenSSL");
400 return checkWeakKeyText($certText);
404 * Checks whether the given SPKAC contains a vulnerable key
406 * @param $spkac string
407 * The SPKAC to be checked
408 * @param $spkacname string [optional]
409 * The name of the variable that contains the SPKAC. The default is
411 * @return string containing the reason if the key is considered weak,
412 * empty string otherwise
414 function checkWeakKeySPKAC($spkac, $spkacname = "SPKAC")
416 /* Check for the debian OpenSSL vulnerability */
418 $spkac = escapeshellarg($spkac);
419 $spkacname = escapeshellarg($spkacname);
420 $spkacText = `
echo $spkac | openssl spkac
-spkac
$spkacname`
;
421 if ($spkacText === null
) {
422 return _("I didn't receive a valid Certificate Request, hit the ".
423 "back button and try again.");
426 return checkWeakKeyText($spkacText);
430 * Checks whether the given text representation of a CSR or a SPKAC contains
433 * @param $text string
434 * The text representation of a key as output by the
435 * "openssl <foo> -text -noout" commands
436 * @return string containing the reason if the key is considered weak,
437 * empty string otherwise
439 function checkWeakKeyText($text)
441 /* Which public key algorithm? */
442 if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
445 return failWithId("checkWeakKeyText(): Couldn't extract the ".
446 "public key algorithm used");
448 $algorithm = $algorithm[1];
452 if ($algorithm === "rsaEncryption")
454 if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
457 return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
460 $keysize = intval($keysize[1]);
465 return sprintf(_("The keys that you use are very small ".
466 "and therefore insecure. Please generate stronger ".
467 "keys. More information about this issue can be ".
468 "found in %sthe wiki%s"),
469 "<a href='//wiki.cacert.org/WeakKeys#SmallKey'>",
471 } elseif ($keysize < 2048) {
472 // not critical but log so we have some statistics about
474 trigger_error("checkWeakKeyText(): Certificate for small ".
475 "key (< 2048 bit) requested", E_USER_NOTICE
);
479 $debianVuln = checkDebianVulnerability($text, $keysize);
480 if ($debianVuln === true
)
482 return sprintf(_("The keys you use have very likely been ".
483 "generated with a vulnerable version of OpenSSL which ".
484 "was distributed by debian. Please generate new keys. ".
485 "More information about this issue can be found in ".
487 "<a href='//wiki.cacert.org/WeakKeys#DebianVulnerability'>",
489 } elseif ($debianVuln === false
) {
490 // not vulnerable => do nothing
492 return failWithId("checkWeakKeyText(): Something went wrong in".
493 "checkDebianVulnerability()");
496 if (!preg_match('/^\s*Exponent: (\d+) \(0x[0-9a-fA-F]+\)$/m', $text,
499 return failWithId("checkWeakKeyText(): Couldn't parse the RSA ".
502 $exponent = $exponent[1]; // exponent might be very big =>
503 //handle as string using bc*()
505 if (bccomp($exponent, "3") === 0)
507 return sprintf(_("The keys you use might be insecure. ".
508 "Although there is currently no known attack for ".
509 "reasonable encryption schemes, we're being ".
510 "cautious and don't allow certificates for such ".
511 "keys. Please generate stronger keys. More ".
512 "information about this issue can be found in ".
514 "<a href='//wiki.cacert.org/WeakKeys#SmallExponent'>",
516 } elseif (!(bccomp($exponent, "65537") >= 0 &&
517 (bccomp($exponent, "100000") === -1 ||
518 // speed things up if way smaller than 2^256
519 bccomp($exponent, bcpow("2", "256")) === -1) )) {
520 // 65537 <= exponent < 2^256 recommended by NIST
521 // not critical but log so we have some statistics about
523 trigger_error("checkWeakKeyText(): Certificate for ".
524 "unsuitable exponent '$exponent' requested",
530 /* No weakness found */
535 * Reimplement the functionality of the openssl-vulnkey tool
537 * @param $text string
538 * The text representation of a key as output by the
539 * "openssl <foo> -text -noout" commands
540 * @param $keysize int [optional]
541 * If the key size is already known it can be provided so it doesn't
542 * have to be parsed again. This also skips the check whether the key
543 * is an RSA key => use wisely
544 * @return TRUE if key is vulnerable, FALSE otherwise, NULL in case of error
546 function checkDebianVulnerability($text, $keysize = 0)
548 $keysize = intval($keysize);
552 /* Which public key algorithm? */
553 if (!preg_match('/^\s*Public Key Algorithm: ([^\s]+)$/m', $text,
556 trigger_error("checkDebianVulnerability(): Couldn't extract ".
557 "the public key algorithm used", E_USER_WARNING
);
560 $algorithm = $algorithm[1];
563 if ($algorithm !== "rsaEncryption") return false
;
565 /* Extract public key size */
566 if (!preg_match('/^\s*RSA Public Key: \((\d+) bit\)$/m', $text,
569 trigger_error("checkDebianVulnerability(): Couldn't parse the ".
570 "RSA key size", E_USER_WARNING
);
573 $keysize = intval($keysize[1]);
577 // $keysize has been made sure to contain an int
578 $blacklist = "/usr/share/openssl-blacklist/blacklist.RSA-$keysize";
579 if (!(is_file($blacklist) && is_readable($blacklist)))
581 if (in_array($keysize, array(512, 1024, 2048, 4096)))
583 trigger_error("checkDebianVulnerability(): Blacklist for ".
584 "$keysize bit keys not accessible. Expected at ".
585 "$blacklist", E_USER_ERROR
);
589 trigger_error("checkDebianVulnerability(): $blacklist is not ".
590 "readable. Unsupported key size?", E_USER_WARNING
);
595 /* Extract RSA modulus */
596 if (!preg_match('/^\s*Modulus \(\d+ bit\):\n'.
597 '((?:\s*[0-9a-f][0-9a-f]:(?:\n)?)+[0-9a-f][0-9a-f])$/m',
600 trigger_error("checkDebianVulnerability(): Couldn't extract the ".
601 "RSA modulus", E_USER_WARNING
);
604 $modulus = $modulus[1];
605 // strip whitespace and colon leftovers
606 $modulus = str_replace(array(" ", "\t", "\n", ":"), "", $modulus);
608 // when using "openssl xxx -text" first byte was 00 in all my test
609 // cases but 00 not present in the "openssl xxx -modulus" output
610 if ($modulus[0] === "0" && $modulus[1] === "0")
612 $modulus = substr($modulus, 2);
614 trigger_error("checkDebianVulnerability(): First byte is not ".
615 "zero", E_USER_NOTICE
);
618 $modulus = strtoupper($modulus);
622 /* calculate checksum and look it up in the blacklist */
623 $checksum = substr(sha1("Modulus=$modulus\n"), 20);
625 // $checksum and $blacklist should be safe, but just to make sure
626 $checksum = escapeshellarg($checksum);
627 $blacklist = escapeshellarg($blacklist);
628 exec("grep $checksum $blacklist", $dummy, $debianVuln);
629 if ($debianVuln === 0) // grep returned something => it is on the list
632 } elseif ($debianVuln === 1) { // grep returned nothing
635 trigger_error("checkDebianVulnerability(): Something went wrong ".
636 "when looking up the key with checksum $checksum in the ".
637 "blacklist $blacklist", E_USER_ERROR
);
641 // Should not get here