Subject: CAcert Code Development list.
List archive
- From: Wytze van der Raay <wytze AT cacert.org>
- To: Michael Tänzer <michael.taenzer AT cacert.org>
- Cc: "critical-admin AT cacert.org" <critical-admin AT cacert.org>, cacert-devel AT lists.cacert.org, Benny Baumann <benbe AT cacert.org>, Ulrich Schröter CAcert <ulrich AT cacert.org>, Eva Stöwe <eva.stoewe AT cacert.org>, Martin Gummi <martin.gummi AT cacert.org>
- Subject: Re: Patch request: Bug #1218
- Date: Thu, 06 Feb 2014 17:14:39 +0100
- Organization: CAcert
Hi Michael,
On 05.02.2014 16:58, Michael Tänzer wrote:
> We have a fix for https://bugs.cacert.org/view.php?id=1218
> "client cert issued no longer exportable with private key (class3). IE10
> certs usage broken"
>
> The fix was reviewed by Benny Baumann (BenBE) and me (NEOatNHNG) and
> tested by Eva Stöwe (Eva), Ulrich Schröter (Uli60) and Martin Gummi.
>
> Diff is attached.
>
> Changed files:
> /www/keygenIE.js
The fix has been installed on the production server on February 6, 2014.
See also the attached log message wihich was sent to the cacert-systemlog
mailing list.
Regards,
-- wytze
--- Begin Message ---Fix for https://bugs.cacert.org/view.php?id=1218
- From: Wytze van der Raay <wytze AT cacert.org>
- To: cacert-systemlog AT lists.cacert.org
- Subject: Fwd: cvs.cacert.org checkin notification
- Date: Thu, 06 Feb 2014 16:57:09 +0100
- Organization: CAcert
"client cert issued no longer exportable with private key (class3). IE10
certs usage broken"
In conjunction with the attached CVS changes a new tarball has been
made available incorporating all updates. The new tarball is available
through http://www.cacert.org/src-lic.php
-- end
--- Begin Message ---
- From: "root" <root AT cvs.cacert.org>
- To: critical-admin AT cacert.org
- Subject: cvs.cacert.org checkin notification
- Date: Thu, 6 Feb 2014 16:52:57 +0100 (CET)
uid=0(root) gid=0(root) groups=0(root)
keygenIE.js 1.1 1.2
Thu Feb 6 16:52:57 CET 2014
Update of /var/lib/cvs/cacert/www
In directory webdb:/home/cacert/www/www
Modified Files:
keygenIE.js
Log Message:
Fix for https://bugs.cacert.org/view.php?id=1218
"client cert issued no longer exportable with private key (class3). IE10
certs usage broken"
===================================================================
RCS file: /var/lib/cvs/cacert/www/keygenIE.js,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- keygenIE.js 2013/02/27 10:30:49 1.1
+++ keygenIE.js 2014/02/06 15:52:57 1.2
@@ -247,6 +247,7 @@
privateKey.Algorithm = algorithmOid;
privateKey.Length = bits;
privateKey.KeyUsage = 0xffffff; //
XCN_NCRYPT_ALLOW_ALL_USAGES
+ privateKey.ExportPolicy = 0x1; //
XCN_NCRYPT_ALLOW_EXPORT_FLAG
var request =
factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
request.InitializeFromPrivateKey(
@@ -545,7 +546,8 @@
}
cenroll.GenKeyFlags = bits << 16; // keysize is
encoded in the uper 16 bits
- //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1;
//CRYPT_EXPORTABLE
+ // Allow exporting the private key
+ cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1;
//CRYPT_EXPORTABLE
generatingKeyNotice.style.display = "";
--- End Message ---Attachment: smime.p7s
Description: S/MIME Cryptographic Signature
--- End Message ---
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- Patch request: Bug #1218, Michael Tänzer, 02/05/2014
- Re: Patch request: Bug #1218, Wytze van der Raay, 02/06/2014
Archive powered by MHonArc 2.6.18.