CAcert Code Development list.

[Michael Tänzer <michael.taenzer AT cacert.org>]

Hi folks,

We have a fix for https://bugs.cacert.org/view.php?id=790
"Creating organisation client certs by pasted CSR"

The fix was reviewed by Benny Baumann (BenBE) and me (NEOatNHNG) and
tested by Marcus Mängel (INOPIAE), StefanT and Martin Gummi.

Diff is attached. Please also run the locale makefile so that our
translators see the new strings (if present) on
https://translations.cacert.org and new translations get imported into
the system.

Changed files:
/includes/account.php
/includes/keygen.php
/pages/account/16.php
/pages/account/17.php
/pages/account/19.php

-- 
Have a nice day,
Michael Tänzer
diff --git a/includes/account.php b/includes/account.php
index b1ab984..97d38ac 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -1570,7 +1570,12 @@ function buildSubjectFromSession() {
 			}
 			mysql_query("update `orgemailcerts` set `csr_name`='$CSRname' where `id`='$emailid'");
 		} else if($_REQUEST['keytype'] == "MS" || $_REQUEST['keytype']=="VI") {
-			$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".clean_csr($_REQUEST['CSR'])."-----END CERTIFICATE REQUEST-----\n";
+			$csr = clean_csr($_REQUEST['CSR']);
+			if(strpos($csr,"---BEGIN") === FALSE)
+			{
+				// In case the CSR is missing the ---BEGIN lines, add them automatically:
+				$csr = "-----BEGIN CERTIFICATE REQUEST-----\n".$csr."\n-----END CERTIFICATE REQUEST-----\n";
+			}
 
 			if (($weakKey = checkWeakKeyCSR($csr)) !== "")
 			{
diff --git a/includes/keygen.php b/includes/keygen.php
index 2713a81..15dee8a 100644
--- a/includes/keygen.php
+++ b/includes/keygen.php
@@ -121,7 +121,7 @@ if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_A
 			<input type="hidden" name="keytype" value="NS">
 			<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
 
-			<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+			<input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
 			<input type="hidden" name="oldid" value="<?=intval($id)?>">
 		</form>
 	</p>
diff --git a/pages/account/16.php b/pages/account/16.php
index 8783bc5..829897f 100644
--- a/pages/account/16.php
+++ b/pages/account/16.php
@@ -104,6 +104,7 @@ if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_conf
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
+<?=_("Please fill out the form, when all data is entered and you click \"Next\" you can add either a CSR (certificate signing request) or create a new key with your browser. Even in the case that a CSR is given the data from this form will be used for the certificate. Only the public key information of the CSR will be copied.")?>
 
 <script language="javascript">
 function showExpert(a)
diff --git a/pages/account/17.php b/pages/account/17.php
index 8ac8b65..0d5c2c7 100644
--- a/pages/account/17.php
+++ b/pages/account/17.php
@@ -17,3 +17,12 @@
 */
 
 require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
+
+?>
+ -- <?=_("or")?> --
+		<form method="post" action="account.php">
+			<input type="hidden" name="keytype" value="VI">
+			<textarea rows="20" cols="40" name="CSR"></textarea>
+			<input type="submit" name="submit" value="<?=_("Submit CSR")?>">
+			<input type="hidden" name="oldid" value="17">
+		</form>
diff --git a/pages/account/19.php b/pages/account/19.php
index 6a2749c..1a80418 100644
--- a/pages/account/19.php
+++ b/pages/account/19.php
@@ -52,6 +52,10 @@
 			showfooter();
 			exit;
 		}
+	} else if($row['keytype'] == "VI"){
+		showheader(_("My CAcert.org Account!"));
+		echo "<pre>".$cert."</pre>";
+		showfooter();
 	} else {
 		showheader(_("My CAcert.org Account!"));
 ?>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature