0001054: Review the code regarding the new point calculation in ./includes/general.php

ID	Project	Category	View Status	Date Submitted	Last Update

0001054	Main CAcert Website	source code	public	2012-05-31 04:01	2021-08-25 13:37

Reporter	INOPIAE	Assigned To	Ted
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	needs review & testing	Resolution	open

Summary	0001054: Review the code regarding the new point calculation in ./includes/general.php
Description	Check if the point calculation is adjusted according to the new points calculation.
Tags	No tags attached.

Reviewed by
Test Instructions

related to	0000872	needs work	INOPIAE	Main CAcert Website	PoJAM restricitions to apply to production system (several restrictions) PoJAM 3.3,, 4.1, 4.2
related to	0001096	closed		Main CAcert Website	Assurance over Locked-Account shall be impossible
related to	0000835	closed	Ted	test.cacert.org	Assurer challenge and ssl certificat
related to	0001098	solved?	Ted	test.cacert.org	logout from cats testserver under ca-mgr1 results in weak link
related to	0000440	closed	NEOatNHNG	Main CAcert Website	Problem with subjectAltName
related to	0001017	closed	NEOatNHNG	Main CAcert Website	Chrome certificate enrollement
related to	0001035	closed		Main CAcert Website	CN gets deleted from subjectAltName on cert renewal
related to	0000827	closed	egal	Main CAcert Website	Tverify points to be deprecated
related to	0000114	closed		Main CAcert Website	Revocation Reason
related to	0001208	closed	BenBE	Main CAcert Website	Improve readability of "Assure someone" page
parent of	0000301	closed		Main CAcert Website	Modification of the assurance system to track deletions
related to	0001101	needs work	TimoAHummel	Main CAcert Website	general rewrite of get info from csr routine in includes/general.php
related to	0001042	needs review & testing	Eva	Main CAcert Website	Review the code regarding the new point calculation
related to	0001134	closed	NEOatNHNG	Main CAcert Website	Delete the board flag thourougly in all parts of our software
related to	0001216	new		Main CAcert Website	Assure Someone Page Broken; TTP Assurer is pushed to make a false statement, assurance clashes regarding F2F confirmation
related to	0001177	closed	BenBE	Main CAcert Website	Combine wot.inc.php, notary.inc.php and temp-function.php
related to	0000769	needs work	Ted	Main CAcert Website	Client certificate broken with unicode

NEOatNHNG 2012-08-27 13:35 administrator ~0003161	Dirk has done some changes which are available on the test server. Are they complete?

Uli60 2012-08-28 10:40 updater ~0003163	potential test scenarios affected by source code changes: pages/wot/15.php my details - my points - new calculation pages/wot/6.php assure someone, methods F2F and TTP includes/general.php www.cacert.org and secure.cacert.org switch language detection switch "locked accounts" loadem section account.php?x index.php?y secure pwd validation (points regarding strong passwords) check on name parts, email address, dictionary cert subjectAltname routine, Common Name check on CSR's subjAltnames check, OU check on Org certs maxpoints routine, returns points you can issue check on points + assurer challenge levels and age of assurer (eg lt 18?) ping tests adding to pinglog table \|\| why is philipp@c.o as rcpt added in line 642 ?!? \|\| -> use function-alias eg support or sysadmin get-assurer-status checks: cats test passed, maxpoints, assurer-blocked no-assurer text switch is_assurer() using get-assurer-status generate-cert-path: client certs, server certs, org client certs, org server certs switch includes/notary.inc.php get_number_of_assurances() get_number_of_assurees() get_top_assurer_position() get_top_assuree_position() get_given_assurances() get_received_assurances() get_given_assurances_summary() get_received_assurances_summary() get_cats_state() calc_experience() calc_assurances() show_user_link() name="" -> "System" or "Deleted account" get_assurer_ranking() get_assuree_ranking() output_ranking() general: output member mypoints (new calculation) and admin console new calculation check_date_limit(age) eg. PoJAM case calculation calc_points() max_points() output_summary_content() tested age limits 18, 14 AssureMethodLine() eg assure someone with addtl. flags eg TTP, and potential others

INOPIAE 2012-08-28 20:46 updater ~0003166 Last edited: 2012-08-28 21:21	u14.1054@acme.com DOB 1.1.2000 assured with 35 points => no assurer => ok added 70 points via batch => no assurer => OK added CATS => shows assuer with 10 points => false added 1 assurance added => assurance possible => false u18.1054@acme.com DOB 1.1.1996 assured with 35 points => no assurer => ok added 70 points via batch => no assurer => OK added CATS added 1 assurance =>ok added 5 assurances via batch All assurance show 10 points => ok account has now 6 assurances wot.id 15 show you can grant up to 15 points => should show 10 points added new assurance with 20 points Points reduced to 10 points according to PoJAM my admin account Added TTP assurance to oa.reinhard@acme.com with 35 points. => ok

Uli60 2012-08-28 22:03 updater ~0003171	test 1054.2.1 3 users 1054.2.1.user1@w.d 1054.2.1.admin1@w.d 1054.2.1.ttpadmin1@w.d login 1054.2.1.admin1@w.d set ttpadmin flag on 1054.2.1.ttpadmin1@w.d => ok login 1054.2.1.ttpadmin1@w.d assure someone 1054.2.1.user1@w.d 3 checkboxes F2F TTP A + - I certify that bug1004 userb4 has appeared in person "Only tick the next box if the Assurance was face to face." for TTP assurance this sentence is wrong B + + I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. I accept that the CAcert Arbitrator may call upon me to provide evidence in any dispute, and I may be held responsible. original documentation? F2F - cap form TTP - ttpcap documentation C + + I have read and understood the Assurance Policy and the Assurance Handbook and am making this Assurance subject to and in compliance with the policy and handbook. => ok, except the "Only tick the next box if the Assurance was face to face." new points: for TTP assurance no experience points counted => ok for F2F assurance 2 experience points counted => ok f2f assurance A not set => passes relates to points removal, reapply thawte patch 1023 or so B set => ok C set => ok

Uli60 2012-08-28 22:52 updater ~0003172	assure someone user f2f only method line no longer appears => ok update 56ca0c87 assure someone user ttpadmin, make ttp method line, ttp selected checkboxes A, B not set, C set => ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert I have explicitly set checkbox B in TTP assurance too but this conflicts with line of info text: "Only tick the next box if the Assurance was face to face."

Uli60 2012-08-28 23:03 updater ~0003173	release: 307f995b assure someone user f2f only method line no longer appears => ok "Only tick the next box if the Assurance was face to face." line no longer appears => ok assure someone user ttpadmin, make ttp method line, ttp selected "Only tick the next box if the Assurance was face to face." line no longer appears => ok checkboxes A not set, B + C set => ok

NEOatNHNG 2012-08-28 23:14 administrator ~0003174	I have ported changes that were present in the now deleted wot.inc.php and also did some minor improvements.

Uli60 2012-09-04 21:54 updater ~0003175	created new user 1054.2.1.user2@w.d login 1054.2.1.ttpadmin1@w.d assure someone: 1054.2.1.user2@w.d F2F assurance no checkboxes set ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok all 3 set passed => ok new points calc display 261751 2012-09-04 Bug1054.2.1 User2 35 F2F of ttpadmin with selection F2F Face to Face Meeting 2 => ok created new user 1054.2.1.user3@w.d login 1054.2.1.ttpadmin1@w.d assure someone: 1054.2.1.user3@w.d TTP-assisted-assurance no checkboxes set ERROR: You failed to check all boxes to validate your adherence to the rules and policies of CAcert => ok checkboxes set: I certify that Bug1054.2.1 User3 has appeared in person => No I believe that the assertion of identity I am making is correct, complete and verifiable. I have seen original documentation attesting to this identity. => yes I have read and understood AP => yes passed => ok new points calc display 261752 2012-09-04 Bug1054.2.1 User3 35 TTP assurance, req ID [], req from 2012-08-28, TTP 2012-08-28 Trusted Third Parties <> (empty points field) => ok Summary: new points: for TTP assurance no experience points counted => ok for F2F assurance 2 experience points counted => ok checkboxes F2F TTP i certify + - i believe + + i have read + + all ok

Uli60 2012-09-04 22:00 updater ~0003176 Last edited: 2012-09-04 22:02	1054.1.1 new points calculation display (15.php) summary of tables points given, points received moved 2 columns to the right => fail (10.php is ok)

Uli60 2012-09-04 22:04 updater ~0003177	1054.3.7 maxpoints routine, returns points you can issue new points calc display (15.php) max 35 => ok assure someone: max 35 => ok

Uli60 2012-09-04 22:10 updater ~0003178	1054.4.1 get_number_of_assurances() Assurer Ranking You have made 30 assurances which ranks you as the 0000030 top assurer. manual counted 35 assurances total 30 assurances F2F 5 assurances TTP => ok proposal: You have made 30 assurances which ranks you as the 0000030 top assurer. ) ) note: F2F assurances only

Uli60 2012-09-04 22:13 updater ~0003179	1054.4.3 get_top_assurer_position() 1054.4.4 get_top_assuree_position() Assurer Ranking You have made 30 assurances which ranks you as the 0000030 top assurer. You have received 3 assurances which ranks you as the 0000204 top assuree. 0000030 assurer => ok 0000204 assuree => ok

Uli60 2012-09-04 22:26 updater ~0003180	1054.1.1 column prob reviewed own points 15.php Total Assurance Points: (3 columns) => ok login as admin, search user: assurances user got - new calc (43.php) Total Assurance Points: (5 columns) => ok assurances user gave - new calc (43.php) Total Points Issued: (5 columns) => ok

Uli60 2012-09-04 23:07 updater ~0003182 Last edited: 2012-09-11 21:02	scenario: 1054.3.3 new user 1054.3.3.user1@w.d 100 assurance points assurer challenge passed 5 batch assurances set flags: lock account try to login 1054.3.3.user1@w.d wrong email or wrong password => error message is misleading, but ok login admin search user 1054.3.3.user1@w.d state: account locked Account State Account inconsistency: Users record locked set code: 4 Account inconsistency can cause problems in daily account operations and needs to be fixed manually through arbitration/critical team. login assurer assure someone 1054.3.3.user1@w.d assurance is possible, passed 261767 2012-09-05 Bug1054.3.3 User1 35 test to locked account user Face to Face Meeting 2 => mmh, but ok filed as separate bug assurance over potential weak user account ?!? read https://bugs.cacert.org/view.php?id=1096

Uli60 2012-09-11 21:10 updater ~0003185	1054.3.1 (a) cacert / (b) secure switch test (a) http://cacert1.it-sls.de/index.php?id=13 (Donations footer link) http://cacert1.it-sls.de/index.php?id=51 (mission statement footer link) http://cacert1.it-sls.de/index.php?id=11 (contact us footer link) login to useraccount ... results in https://cacert1.it-sls.de link using cert login cert login to another user account results in: https://secure1.it-sls.de link (b) https://secure1.it-sls.de/account.php?id=38 (donations secure footer link) mission statement under secure link still don't exist https://secure1.it-sls.de/account.php?id=40 (contact us secure footer link) (a) cacert / (b) secure switch test works => Ok

Uli60 2012-09-11 21:28 updater ~0003186	1054.3.5 secure pwd validation (points regarding strong passwords) check on name parts, email address, dictionary testing pwd changes with 1054.2.1.user3@w.d shortest known Pwd: Failure: Pass Phrase not Changed The Pass Phrase you submitted was too short. => ok using email alias Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 1 points out of 6. => ok using name Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok using 2 english known words (from dictionary) Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 2 points out of 6. => ok old Fred pwd Failure: Pass Phrase not Changed The Pass Phrase you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. Only scored 0 points out of 6. => ok using strong pwd Pass Phrase Changed Successfully Your Pass Phrase has been updated and your primary email account has been notified of the change. => ok

INOPIAE 2012-09-11 21:55 updater ~0003188	Test 1054.3.2 On Test Ssytem open homepage change translation language to Spanish Login into account with account language English => shows English If use go home switch back to Spanish Login again English Logout => stays English On Productive Ssytem open homepage change translation language to Spanish Login into account with account language English => shows English If use go home switch back to Spanish Login again English Logout => stays English Both systems show same behavior

Uli60 2012-09-11 23:37 updater ~0003189	1054.3.8 age limits (a) < 14 Bug1054.3.8.UserLT14 1.1.2000, 100 AP, passed CATS (b) 14 < 18 Bug1054.3.8.UserIs15 1.1.1997, 100 AP, (c) > 18 Bug1054.3.8.UserGT18 1.1.1990, 100 AP test I receive assurances test II give assurances test III pass cats test testmatrix a b c rcvd assurance pass x1), x2) pass x1) x4) pass x6) give assurances requires III requires III requires III pass cats unknown x3) unknown x5) unknown x7) x1) in theory, this is a PoJAM assurance that needs an extra line: parental consent established but is not yet implemented in production x2) new calculation 15.php Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x3) logged-in (<14 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate passed CATS test, needs transfer to cacert1 => ted, michael with request to response for re-check the result cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ x4) Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x5) logged-in (15 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ x6) Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You have to pass the CAcert Assurer Challenge (CATS-Test) to be an Assurer x7) logged-in (GT 18 years old) https://cacert1.it-sls.de/wot.php?id=2 "Becoming an Assurer" link exist includes link to https://cats.cacert.org/ cats test on testserver link is: https://cats1.it-sls.de first create client cert for user with Enable certificate login with this certificate cats passed logout from cats server (testserver ca-mgr1) results in link: https://cats1.it-sls.de//index.php? ^^ cannot continue with this test series until the CATS tests made on the CATS test testserver are transfered to cacert1.it-sls.de

Uli60 2012-09-12 00:51 updater ~0003191	1054.4.12 show_user_link() name="" -> "System" or "Deleted account" create 2 user accounts, with 100 AP and passed CATS each where to find "System" ? doing assurances ... experience points issued under My Points 10.php: Your Assurance Points ID Date Who Points Location Method 261780 2012-09-12 02:08:58 John 0 Doe 35 CAcert Test Manager Face to Face Meeting 261781 2012-09-12 02:08:58 John 1 Doe 35 CAcert Test Manager Face to Face Meeting 261782 2012-09-12 02:08:58 John 2 Doe 30 CAcert Test Manager Face to Face Meeting 261787 2012-09-12 Bug1054.4.12 User1 2 @home, CCA+ Administrative Increase 261789 2012-09-12 Bug1054.4.12 User1 2 @home, PoJAM+, CCA+ Administrative Increase Total Points: 104 Assurance Points You Issued ID Date Who Points Location Method 261786 2012-09-12 Bug1054.4.12 User2 0 @home, CCA+ Face to Face Meeting 261788 2012-09-12 Bug1054.3.8 UserIs15 0 @home, PoJAM+, CCA+ Face to Face Meeting Total Points Issued: 0 under My Points 15.php: Summary of your Points Description Points Countable Points Remark Assurance Points you received 100 100 Total Experience Points by Assurance 4 4 Total Experience Points (other ways) 0 0 Total Points 104 You may issue up to 10 points Assurance Points You Issued ID Date Who Points Location Method Experience Points 261786 2012-09-12 Bug1054.4.12 User2 10 @home, CCA+ Face to Face Meeting 2 261788 2012-09-12 Bug1054.3.8 UserIs15 10 @home, PoJAM+, CCA+ Face to Face Meeting 2 Total Points Issued: 20 Total Experience Points: 4 Your Assurance Points ID Date Who Points Location Method Experience Points 261780 2012-09-12 02:08:58 John 0 Doe 35 CAcert Test Manager Face to Face Meeting 0 261781 2012-09-12 02:08:58 John 1 Doe 35 CAcert Test Manager Face to Face Meeting 0 261782 2012-09-12 02:08:58 John 2 Doe 30 CAcert Test Manager Face to Face Meeting 0 Total Assurance Points: 100 Total Experience Points: 0 "System" doesn't show up 10.php lists "Bug1054.4.12 User1" (own name) under listed administrative increase experience points User2: login Admin (SE permissions) search Bug1054.4.12.User2@w.d walk through: https://wiki.cacert.org/Arbitrations/Training/Lesson20/DeleteAccountProcSEv3 procedure (not yet deleted) under other users account, assurance is listed as: a1054.4.12.1 a1054.4.12.1 under 15.php same, except the experience points are not listed as individual administrative increases but as assurance record, counted with 2 experience pts each assurance relogin Admin account search user a1054.4.12.1@w.d delete account() results in message: "I'm sorry, the user you were looking for seems to have disappeared! Bad things are a foot!" relogin to user account that assured deleted user new calculation 15.php shows: assurance over: a1054.4.12.1 a1054.4.12.1 "Deleted Account" doesn't show up "Deleted Account" probably is displayed once the user created the account, but still hasn't confirmed it and an assurer has passed an assurance over this still unverified user account. After 24/48 hours, the cleanup routine kills this user account and probably the assurer reads "Deleted Account" create new test user account 0000003 login to assurer #1 assure someone -> Bug1054.4.12.user3@w.d results in: ERROR: User is not yet verified. Please try again in 24 hours! Test scenario cannot pass

Uli60 2012-09-12 16:24 updater ~0003194	1054.3.8 age limits (cont.) (a) < 14 Bug1054.3.8.UserLT14 1.1.2000, 100 AP, passed CATS (b) 14 < 18 Bug1054.3.8.UserIs15 1.1.1997, 100 AP, passed CATS (c) > 18 Bug1054.3.8.UserGT18 1.1.1990, 100 AP, passed CATS test I receive assurances test II give assurances test III pass cats test testmatrix ................... a ............. b ............. c ......... rcvd assurance ... pass .......... pass .......... pass give assurances .. avail, fail x1) pass ok, x2) .. pass ok, x3) pass cats ........ pass .......... pass .......... pass verification step III (a) Bug1054.3.8.UserLT14 Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ => not ok assure someone link is available => not ok x1) u14 isn't allowed to do assurances as this is the current state of the software, this isn't a bug here to follow PoJAM policy a separate bug is filed https://bugs.cacert.org/view.php?id=872 expected: new calculation 15.php you've passed CATS test, however you disqualify as an assurer by PoJAM restrictions (b) Bug1054.3.8.UserIs15 Summary of your Points Description Points Countable Points Remark Assurance Points you received 145 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points => ok assure someone link is available => ok x2) between age of 14 and 18, an assurer can issue upto max 10 assurance points no matter of experiences doing 5 assurances 10 AP each => ok doing more then 5 assurances max 10 AP each (limited) => ok Assurance Points You Issued ID Date Who Points Location Method Experience Points 261791 2012-09-12 bug1004 userb4 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261793 2012-09-12 Bug1070 User 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261795 2012-09-12 bug1004 userb5 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261797 2012-09-12 Bug1004 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261799 2012-09-12 bug1004 userb3 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261801 2012-09-12 Bug 846 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 261803 2012-09-12 Bug922 User2 10 PoJAM assurer, CCA+ Face to Face Meeting 2 Total Points Issued: 70 Total Experience Points: 14 => ok (c) Bug1054.3.8.UserGT18 Summary of your Points Description Points Countable Points Remark Assurance Points you received 135 100 Limit reached Total Experience Points by Assurance 0 0 Total Experience Points (other ways) 0 0 Total Points 100 You may issue up to 10 points => ok assure someone link is available => ok x3) over 18, assurer follows regular experience levels first 5 assurances -> max 10 AP 2nd set of 5 assurances -> max 15 AP and so forth doing 5 assurances 10 AP each => ok doing assurances 6-10, 15 AP each => ok doing assurances 11-15, 20 AP each => ok doing assurances 16-20, 25 AP each => ok doing assurances 21-25, 30 AP each => ok doing assurances 25 and more, max 35 AP each => ok

Uli60 2012-09-18 21:24 updater ~0003200	1054.3.9 write PingLog entries in SA project team meeting, NEO checked PingLog table last entries from last weeks Tuesdays meeting of bug1054 test users => ok

Uli60 2012-09-19 00:21 updater ~0003201	1054.4.19 "how many points an assurer can award at max" checked in several tests 1054.4.20 output_summary_content() tested age limits 18, 14 (see also 1054.3.8) tested under 1054.3.8 1054.3.4 loadem routine, several tests doesn't disclose a problem in switching between different pages (different id=x pages) 1054.4.19 max_points() how many points an assurer can award at max tested under 1054.4.19 1054.4.9 get_cats_state() newpoints 15.php several times checked, ok 1054.4.10 calc_experience() calculate EP points summarize, no anomaly detected in tests, ok 1054.4.11 calc_assurances() calculate AP points summarize, no anomaly detected in tests, ok 1054.4.13 get_assurer_ranking() stats for 15.php, no anomaly detected in tests, ok 1054.4.14 get_assuree_ranking() stats for 15.php no anomaly detected in tests, ok 1054.4.15 output_ranking(), tested under 1054.4.13 + 1054.4.14 1054.3.10 get-assurer-status< > checks: cats test passed, maxpoints, assurer-blocked. cats passed tested, maxpoints tested, assurer-blocked not yet tested 1054.3.11 no-assurer text switch, checked, ok 1054.3.12 is_assurer() using get-assurer-status, checked, ok 1054.3.13 generate-cert-path: client certs, server certs, org client certs, org server certs switch, several certs created, signed certs received, so procedure works as expected, low level check impossible for software testers. ok

Uli60 2012-09-19 00:50 updater ~0003202 Last edited: 2012-09-19 00:57	scenario 1054.3.10 new user 1054.3.10.user1@w.d setting 100 AP, assurer challenge, 50 EP login 1054.3.10.user1@w.d assure someone: 1054.2.1.user1@w.d max points (0) enter points: 35 15.php: 0 pts awarded -NEO did some changes- again: assure someone: Bug1054.2.1 User3 max points (35) enter points: 35 15.php: 35 pts awarded setting block assurer flag login user: 1054.3.10.user1@w.d assure someone "ERROR: Sorry, you are not allowed to be an Assurer. Please contact cacert-support@lists.cacert.org if you feel that this is not corect." ^^ correct with two "r" => ok unblock assurer test again assure someone: Bug1054.3.8 UserGT18 max points: (35) enter points: 35 15.php: 35 pts awarded => ok setting block assurer flag Assure someone: -> error message (see above) 15.php summary: Summary of your Points Description Points Countable Points Remark Assurance Points you received 100 100 Total Experience Points by Assurance 56 50 Limit reached Total Experience Points (other ways) 0 0 Total Points 150 You may issue up to 35 points ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ wrong message: shall be "assurer status blocked" or similar message => not ok in 15.php

Uli60 2012-09-20 21:54 updater ~0003204	1054.3.6 part I test #1 - client certs variations using bug 0000440 test account, 150pts assurer similar to test https://bugs.cacert.org/view.php?id=440#c2833 re-test create client cert a) email 1 class1 no name enable cert login create client cert install client cert x1) Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 serno: 115c displ.name: CAcert WoT User -> ok valid from/to: 20.09.2012 23:04:00 / 20.10.2012 23:04:00 -> ok owner: E = certs.test@w.d, CN = CAcert WoT User -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok b) email 1 class3 no name enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D6 Not Revoked 2012-10-20 21:14:31 serno: 10D6 displ.name: CAcert WoT User -> ok valid from/to: 20.09.2012 23:14:31 / 20.10.2012 23:14:31 -> ok owner: E = certs.test@w.d, CN = CAcert WoT User -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok c) email 1 class1 "Certs Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 115D Not Revoked 2012-10-20 21:26:44 serno: 115d displ.name: Certs Test -> ok owner: E = certs.test@w.d, CN = Certs Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> => all ok d) email 1 class3 "Certs Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D7 Not Revoked 2012-10-20 21:32:52 serno: 10d7 displ.name: Certs Test -> ok owner: E = certs.test@w.d, CN = Certs Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok => all ok e) email 1 class1 "Certs Sub Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 115E Not Revoked 2012-10-20 21:37:02 serno: 115e displ.name: Certs Sub Test -> ok owner: E = certs.test@w.d, CN = Certs Sub Test -> ok extended key usage -> ok cert alternate name: Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok => all ok f) email 1 class3 "Certs Sub Test" enable cert login create client cert install client cert x1) Valid certs.test@w.d 10D8 Not Revoked 2012-10-20 21:46:32 serno: 10d8 displ.name: Certs Sub Test -> ok owner: E = certs.test@w.d, CN = Certs Sub Test -> ok extended key usage: Nicht kritisch E-Mail-Schutz (1.3.6.1.5.5.7.3.4) TLS-Web-Client-Authentifikation (1.3.6.1.5.5.7.3.2) Microsoft-Dateisystemverschlüsselung (1.3.6.1.4.1.311.10.3.4) Microsoft servergesperrte Kryptographie (1.3.6.1.4.1.311.10.3.3) Netscape servergesperrte Kryptographie (2.16.840.1.113730.4.1) certs alternate name Nicht kritisch E-Mail-Adresse: certs.test@w.d => all ok x1) runs into fix https://bugs.cacert.org/view.php?id=1017 /account.php?id=6 list 3 options a. Install the certificate into your browser b. Download the certificate in PEM format c. Download the certificate in DER format using a. with FF see also https://bugs.cacert.org/view.php?id=440#c3203

Uli60 2012-09-21 12:52 updater ~0003207	1054.3.6 part II test 0000002 - server certs variations similar to test https://bugs.cacert.org/view.php?id=440#c2839 re-test using prev account from bug#440 testing using prev used domain under bug#440 testing openssl genrsa -out test1-avintec-com-512.key 512 openssl req -new -key test1-avintec-com-512.key -out test1-avintec-com-512.csr paste csr sign class1 <paste> submit error/warning "The keys that you use are very small and therefore insecure. Please generate stronger keys. More information about this issue can be found in the wiki" => ok openssl genrsa -out test1-avintec-com-1024.key 1024 openssl req -new -key test1-avintec-com-1024.key -out test1-avintec-com-1024.csr sign class1 <paste> submit Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit returns: Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- new file test1-avintec-com-1024-signed-c1.key <paste> key in list: Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 openssl x509 -text -in test1-avintec-com-1024-signed-c1.key -noout .................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4447 (0x115f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:19:20 2012 GMT Not After : Oct 21 12:19:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .................................................................... => ok openssl genrsa -out test1-avintec-com-2048.key 2048 openssl req -new -key test1-avintec-com-2048.key -out test1-avintec-com-2048.csr sign class1 <paste> submit Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit returns: Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- new file test1-avintec-com-2048-signed-c1.key <paste> key in list: Valid test1.avintec.com 1160 Not Revoked 2012-10-21 12:43:39 openssl x509 -text -in test1-avintec-com-2048-signed-c1.key -noout ...................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4448 (0x1160) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:43:39 2012 GMT Not After : Oct 21 12:43:39 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ...................................................... => ok see also https://bugs.cacert.org/view.php?id=440#c3206

Uli60 2012-09-21 13:12 updater ~0003208	1054.3.6 part III test 0000003 - client certs variations, multiple emails in cert using prev account from bug#440 testing adding 2 more email addresses to test account old 1. certs.test@w.d add 2. bug1054.3.6.3.user1@w.d add 3. bug1054.3.6.3.user2@w.d email accounts - view: prim Verified N/A certs.test@w.d sec1 Verified bug1054.3.6.3.user1@w.d sec2 Verified bug1054.3.6.3.user2@w.d => ok client cert - new selecting email 1-3 class 1 Include 'Certs Sub Test' enable cert login Next Create Cert Request (High) Install the certificate into your browser cert has been installed .... client certs - view: addtl. key: Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 Name: Certs Sub Test -> ok Valid from/to: 21.09.2012 15:02:39 / 21.10.2012 15:02:39 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test -> ok cert alternate name(s): Nicht kritisch E-Mail-Adresse: certs.test@w.d E-Mail-Adresse: bug1054.3.6.3.user1@w.d E-Mail-Adresse: bug1054.3.6.3.user2@w.d -> ok openssl x509 -text -in client-cert-CertsSubTest-c1-3addr.pem -noout .............................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4449 (0x1161) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 13:02:39 2012 GMT Not After : Oct 21 13:02:39 2012 GMT Subject: CN=Certs Sub Test/emailAddress=certs.test@w.d/emailAddre ss=bug1054.3.6.3.user1@w.d /emailAddress=bug1054.3.6.3.user2@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE Netscape Comment: To get your own certificate for FREE head over to http://www.CAc ert.org X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: E-mail Protection, TLS Web Client Authentication, Microsoft Encr ypted File System, Microsoft Server Gated Crypto, Netscape Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: email:certs.test@w.d, email:bug1054.3.6.3.user1@w.d, email:bug1054.3.6.3.user2@w.d Signature Algorithm: sha1WithRSAEncryption [...] .............................................................. => seems to be ok

Uli60 2012-09-21 14:47 updater ~0003211	1054.3.6 part IV test 0000004 server cert variation multiple servernames in one csr openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -key test2-avintec-com-2048.key -out test2-avintec-com-2048.csr using: Common Name (e.g. server FQDN or YOUR name) []:test1.avintec.com,mail.avintec.co m,www.avintec.com,www.fra.avintec.com,mx.avintec.com,support.avintec.com string is too long, it needs to be less than 64 bytes long Common Name (e.g. server FQDN or YOUR name) []:test1.avintec.com ok, again ... how to enter multiple hostnames into an csr request ? see http://apetec.com/support/GenerateSAN-CSR.htm copy openssl.cnf to openssl-san.cfg edit openssl-san.cfg adding: ............................................................ [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = test1.avintec.com DNS.2 = mail.avintec.com DNS.3 = www.avintec.com DNS.4 = www.fra.avintec.com DNS.5 = mx.avintec.com DNS.6 = support.avintec.com ............................................................ starting script: openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -out test2-avintec-com-2048.csr -key test2-avintec-com-2048.key -config openssl-san.cfg copy content of test2-avintec-com-2048.csr as server signing request Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit Below is your Server Certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- output to file test2-avintec-com-2048-signed-c1.key openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4450 (0x1162) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 13:50:27 2012 GMT Not After : Oct 21 13:50:27 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => fail subjAltNames not transfered :-P procedural problem ?!? verifying csr request: openssl req -text -noout -in test2-avintec-com-2048.csr ................................................................. Certificate Request: Data: Version: 0 (0x0) Subject: C=DE, ST=Germany, L=Frankfurt/Main, O=AVINTEC, OU=IT, CN=test1. avintec.com/emailAddress=certs.test@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. no SAN's :-P correct conf file has been used as some parameters has been changed to other default values, shown in the interactive openssl keygen process probably the conf parameter [req] req_extensions = v3_req was missing, retrying .... openssl genrsa -out test2-avintec-com-2048.key 2048 openssl req -new -out test2-avintec-com-2048.csr -key test2-avintec-com-2048.key -config openssl-san.cfg testing csr: openssl req -text -noout -in test2-avintec-com-2048.csr ................................................................. Certificate Request: Data: Version: 0 (0x0) Subject: C=DE, ST=Germany, L=Frankfurt/Main, O=AVINTEC, OU=IT, CN=test1. avintec.com/emailAddress=certs.test@w.d Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) Attributes: Requested Extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:test1.avintec.com, DNS:mail.avintec.com, DNS:www.avintec.com , DNS:www.fra.avintec.com, DNS:mx.avintec.com, DNS:support.avintec.com Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => seems to be ok until this state copy & paste content of test2-avintec-com-2048.csr to the signing request results in: Please make sure the following details are correct before proceeding any further. CommonName: test1.avintec.com subjectAltName: DNS:test1.avintec.com subjectAltName: DNS:mail.avintec.com subjectAltName: DNS:www.avintec.com subjectAltName: DNS:www.fra.avintec.com subjectAltName: DNS:mx.avintec.com subjectAltName: DNS:support.avintec.com No additional information will be included on certificates because it can not be automatically checked by the system. submit Below is your Server Certificate -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- copy & paste into new file test2-avintec-com-2048-signed-c1.key testing key openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ....................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4451 (0x1163) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 14:41:43 2012 GMT Not After : Oct 21 14:41:43 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ....................................................................... => seems to be ok see also https://bugs.cacert.org/view.php?id=440#c3210

Uli60 2012-09-21 21:48 updater ~0003212	1054.3.6 part V client certs variation renewal of cert 1. Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 Now renewing the following certificates: Certificate for 'certs.test@w.d' has been renewed. Click here to install your certificate. (next page) x1) Install your certificate Install the certificate into your browser new cert Valid certs.test@w.d 1164 Not Revoked 2012-10-21 21:26:44 (next cert after Serial Number: 4449 (0x1161) -> 1164) cert serno 115c no longer in list view all certs, 115c listed: Valid certs.test@w.d 115C Not Revoked 2012-10-20 21:04:00 cert serno 1164 details: not yet visible in FF cert store ok, retrying to save new key in FF cert store Install the certificate into your browser https://cacert1.it-sls.de/account.php?id=6&cert=259099&install result: cert stored in cert store ... (or similar msg) now cert is visible in FF cert store Serno: 11:64 valid from/to: 21.09.2012 23:26:44 / 21.10.2012 23:26:44 owner: E = certs.test@w.d CN = CAcert WoT User -> ok cert-alternate-name Nicht kritisch E-Mail-Adresse: certs.test@w.d -> ok 2. renew key ------------------------------------------------------------- Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 Name: Certs Sub Test -> ok Valid from/to: 21.09.2012 15:02:39 / 21.10.2012 15:02:39 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test ------------------------------------------------------------- Now renewing the following certificates: Certificate for 'certs.test@w.d' has been renewed. Click here to install your certificate. https://cacert1.it-sls.de/account.php?id=6&cert=259100 x1) link opens new window/tab ... -> problem Install your certificate Install the certificate into your browser https://cacert1.it-sls.de/account.php?id=6&cert=259100&install cert saved to cert store new cert in list: Valid certs.test@w.d 1165 Not Revoked 2012-10-21 21:41:56 prev cert not in main list view all certs (cert still there) Valid certs.test@w.d 1161 Not Revoked 2012-10-21 13:02:39 cert 1165 details serno: 11:65 valid from/to: 21.09.2012 23:41:56 / 21.10.2012 23:41:56 -> ok owner: E = bug1054.3.6.3.user2@w.d E = bug1054.3.6.3.user1@w.d E = certs.test@w.d CN = Certs Sub Test -> ok externded keyusage -> ok cert-alternate-name: Nicht kritisch E-Mail-Adresse: certs.test@w.d E-Mail-Adresse: bug1054.3.6.3.user1@w.d E-Mail-Adresse: bug1054.3.6.3.user2@w.d -> ok => all ok except problem of https://bugs.cacert.org/view.php?id=1017 routine x1) runs into fix https://bugs.cacert.org/view.php?id=1017 [^] /account.php?id=6 list 3 options a. Install the certificate into your browser b. Download the certificate in PEM format c. Download the certificate in DER format using a. with FF

Uli60 2012-09-21 22:23 updater ~0003215	1054.3.6 part VI server certs variation renewal of cert 1. Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 details original cert openssl x509 -text -in test1-avintec-com-1024-signed-c1.key -noout .................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4447 (0x115f) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^] .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 12:19:20 2012 GMT Not After : Oct 21 12:19:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ [^] X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl [^] X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption .................................................................... => ok starting renewal: Now renewing the following certificates: Processing request 302035: Renewing: test1.avintec.com -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- content saved to test1-renewal-115f-signed-c1.key new key after renewal: Valid test1.avintec.com 1166 Not Revoked 2012-10-21 22:06:42 old key 115f not visible in main server certs list view all certs (shows in the list) Valid test1.avintec.com 115F Not Revoked 2012-10-21 12:19:20 details of server cert 0001166 openssl x509 -text -in test1-renewal-115f-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4454 (0x1166) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 22:06:42 2012 GMT Not After : Oct 21 22:06:42 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => ok 2. Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43 details original cert openssl x509 -text -in test2-avintec-com-2048-signed-c1.key -noout ....................................................................... Certificate: Data: Version: 3 (0x2) Serial Number: 4451 (0x1163) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 [^] .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 14:41:43 2012 GMT Not After : Oct 21 14:41:43 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ [^] X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl [^] X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption ....................................................................... => ok starting renewal: Now renewing the following certificates: Processing request 302038: Renewing: test1.avintec.com -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- content saved to test2-renewal-1163-signed-c1.key new key after renewal: Valid test1.avintec.com 1167 Not Revoked 2012-10-21 22:17:20 old key 1163 not visible in main server certs list view all certs (shows in the list) Valid test1.avintec.com 1163 Not Revoked 2012-10-21 14:41:43 details of server cert 0001166 openssl x509 -text -in test2-renewal-1163-signed-c1.key -noout ................................................................. Certificate: Data: Version: 3 (0x2) Serial Number: 4455 (0x1167) Signature Algorithm: sha1WithRSAEncryption Issuer: C=AU, ST=New South Wales, O=CAcert Testserver, OU=http://cacert1 .it-sls.de, CN=CAcert Testserver Root Validity Not Before: Sep 21 22:17:20 2012 GMT Not After : Oct 21 22:17:20 2012 GMT Subject: CN=test1.avintec.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): [...] Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Key Encipherment, Key Agreement X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web Server Authentication, Ne tscape Server Gated Crypto, Microsoft Server Gated Crypto Authority Information Access: OCSP - URI:http://ocsp.cacert.org/ X509v3 CRL Distribution Points: URI:http://crl.cacert.org/revoke.crl X509v3 Subject Alternative Name: DNS:test1.avintec.com, othername:<unsupported>, DNS:mail.avintec .com, othername:<unsupported>, DNS:www.avintec.com, othername:<unsupported>, DNS :www.fra.avintec.com, othername:<unsupported>, DNS:mx.avintec.com, othername:<un supported>, DNS:support.avintec.com, othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption [...] ................................................................. => ok => all ok

Uli60 2012-09-21 23:48 updater ~0003218 Last edited: 2012-09-21 23:50	1054.4.12 show_user_link() name="" -> "System" or "Deleted account" under user account ulrich@c.o admin console Show Assurances the user gave (New calculation) ^^^^^^^^^^^^^^^ assurance id: 255093 255093 11.08.2010 2010-08-11 01:00:44 Deleted account <=== 1 Testserver, -CCA Face to Face Meeting 2 => ok

Uli60 2012-09-21 23:53 updater ~0003219	1054.4.16 login to an "old" account with several "buggy" notary table entries eg empty assurance method lines, tverify points, TTP points, "yellow" lines check new points calculation 15.php login to admin account search user in admin interface show member user received / gave new calculation compare both tables 10.php old calculations mixed methods: Face to Face Meeting, Administrative Increase, CT Magazine - Germany, "Project-Id-Version: CAcert Production Report-Msgid-Bugs-To: translations-admin@cacert.org POT-Creation-Date: 2012-09-17 10:51+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: en MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Generator: Translate Toolkit 1.9.0 " (!!!) Thawte Points Transfer assurance points rcvd total: 200 assurances given: methods: Face to Face Meeting, <empty> (was several TTP assurance), Thawte Points Transfer assurance points given total: 2342 15.php Summary of your Points Description Points Countable Points Remark Assurance Points you received 719 100 Limit reached Total Experience Points by Assurance 270 50 Limit reached Total Experience Points (other ways) 173 0 Limit reached Total Points 150 You may issue up to 35 points assurance pts given: Face to Face Meeting, <empty> (was several TTP assurance), Thawte Points Transfer assurance points given total: 6024, EPs 270 assurance pts rcvd: methods: Face to Face Meeting, Thawte Points Transfer, <empty> (was TTP), Administrative Increase, CT Magazine - Germany total pts: 719, EP 173 admin console Show Assurances the user got (New calculation) ^^^^^^^^^^^^^^^ methods: Face to Face Meeting, Thawte Points Transfer, <empty> (was TTP), Administrative Increase, CT Magazine - Germany total pts: 719, EP 173 Show Assurances the user gave (New calculation) ^^^^^^^^^^^^^^^ methods: Face to Face Meeting, <empty> (was TTP), Thawte Points Transfer, total points issued: 6024, EP 270

Uli60 2012-09-22 00:36 updater ~0003220 Last edited: 2012-09-22 00:38	1054.4.18 + 1054.4.21 using outputs from 1054.4.16 print to pdf for better compare inspect 0 records under 10.php inspect different assurance methods and their results compare to related records (use assurance id) under 15.php tables switched between 10.php and 15.php, table points rcvd is top in 10.php is bottom in 15.php table points given is bottom in 10.php is top in 15.php eg 10: 183546 / 2010-08-04 13:34:54 / John 5 Doe / 0 / CAcert Test Manager / F2F 15: 183546 / 2010-08-04 13:34:54 / John 5 Doe / 30 / CAcert Test Manager / F2F / 0 -> ok 10: 183324 / 2010-07-05 / Andreas Baess / 5 / Im Testsystem vertraue ich jedem :-) / F2F 15: 183324 / 2010-07-05 / Andreas Baess / 5 / Im Testsystem vertraue ich jedem :-) / F2F / 0 -> ok 10: 183502 / 04.08.2010 / Ulrich Schroeter / 2 / Testsystem, +CCA / Administrative Increase 15: not found -> ok 10: 255390 / 2010-09-01 22:40:22 / Mario Lipinski / 0 / CT / CT Magazine 15: 255390 / 2010-09-01 22:40:22 / Mario Lipinski / Revoked / CT / CT Magazine / 0 -> ok 10: 255389 / 2010-09-01 22:39:14 / Mario Lipinski / 0 / Admin Incr. / Admin Incr. 15: 255389 / 2010-09-01 22:39:14 / Mario Lipinski / 9 / Admin Incr. / Admin Incr. / 0 -> ok 10: 255388 / 2010-09-01 22:37:23 / Mario Lipinski / 0 / TTP / x1) 15: 255388 / 2010-09-01 22:37:23 / Mario Lipinski / 100 / TTP / <empty> / 23 -> ok 10: 255383 / 2010-08-25 10:37:47 / Mario Lipinski / 50 / 38102 / Thawte Points Transfer 15: 255383 / 2010-08-25 10:37:47 / Mario Lipinski / Revoked / 38102 / Thawte Points Transfer / 0 -> ok => all ok x1) Full text is: Project-Id-Version: CAcert Production Report-Msgid- Bugs-To: translationsadmin@ cacert.org POT-Creation-Date: 2012-09-17 10:51+0200 PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE Last-Translator: FULL NAME Language-Team: LANGUAGE Language: en MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content- Transfer-Encoding: 8bit X-Generator: Translate Toolkit 1.9.0

Uli60 2012-10-16 13:36 updater ~0003253	see report http://bugs.cacert.org/view.php?id=1101#c3252

Uli60 2012-10-23 22:39 updater ~0003268	1054.5.1 test scenario --------- created new account Bug1054.5.1.user1@w.d verified set flags board, tverify on an admin user login assure someone Bug1054.5.1.User1@w.d only f2f or ttp available as selection no tverify https://cacert1.it-sls.de/tverify/index.php file not found => ok

felixd 2015-04-07 20:08 updater ~0005368	A patch is here: (including www/index.php) https://github.com/yellowant/cacert-devel/commits/bug-1054

Date Modified	Username	Field	Change
2012-05-31 04:01	INOPIAE	New Issue
2012-05-31 04:01	INOPIAE	Assigned To	=> egal
2012-08-27 13:25	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 563ebf3e
2012-08-27 13:25		Source_changeset_attached	=> cacert-devel testserver e2a8b5de
2012-08-27 13:35	NEOatNHNG	Note Added: 0003161
2012-08-27 13:35	NEOatNHNG	Status	new => needs work
2012-08-28 10:02	Uli60	Relationship added	related to 0000948
2012-08-28 10:40	Uli60	Note Added: 0003163
2012-08-28 12:11	NEOatNHNG	Relationship deleted	related to 0000948
2012-08-28 20:46	INOPIAE	Note Added: 0003166
2012-08-28 20:46	INOPIAE	Note Edited: 0003166
2012-08-28 20:54	INOPIAE	Note Edited: 0003166
2012-08-28 20:57	Uli60	Relationship added	related to 0000872
2012-08-28 21:21	INOPIAE	Note Edited: 0003166
2012-08-28 22:03	Uli60	Note Added: 0003171
2012-08-28 22:40	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver fedae61c
2012-08-28 22:40	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 56ca0c87
2012-08-28 22:52	Uli60	Note Added: 0003172
2012-08-28 23:00	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 65e95932
2012-08-28 23:00	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver b11f8e96
2012-08-28 23:00	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 6aa33870
2012-08-28 23:00	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 307f995b
2012-08-28 23:03	Uli60	Note Added: 0003173
2012-08-28 23:14	NEOatNHNG	Note Added: 0003174
2012-09-04 21:54	Uli60	Note Added: 0003175
2012-09-04 22:00	Uli60	Note Added: 0003176
2012-09-04 22:02	Uli60	Note Edited: 0003176
2012-09-04 22:04	Uli60	Note Added: 0003177
2012-09-04 22:10	Uli60	Note Added: 0003178
2012-09-04 22:13	Uli60	Note Added: 0003179
2012-09-04 22:20	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 6f09dcf2
2012-09-04 22:20		Source_changeset_attached	=> cacert-devel testserver e1a89f57
2012-09-04 22:20		Source_changeset_attached	=> cacert-devel testserver cdf9692d
2012-09-04 22:26	Uli60	Note Added: 0003180
2012-09-04 23:07	Uli60	Note Added: 0003182
2012-09-11 21:02	Uli60	Note Edited: 0003182
2012-09-11 21:03	Uli60	Relationship added	related to 0001096
2012-09-11 21:10	Uli60	Note Added: 0003185
2012-09-11 21:28	Uli60	Note Added: 0003186
2012-09-11 21:55	INOPIAE	Note Added: 0003188
2012-09-11 23:37	Uli60	Note Added: 0003189
2012-09-11 23:38	Uli60	Assigned To	egal => Ted
2012-09-11 23:39	Uli60	Relationship added	related to 0000835
2012-09-11 23:40	Uli60	Relationship added	related to 0001098
2012-09-12 00:51	Uli60	Note Added: 0003191
2012-09-12 16:24	Uli60	Note Added: 0003194
2012-09-18 21:24	Uli60	Note Added: 0003200
2012-09-18 21:40	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 5fcbbb05
2012-09-18 21:40		Source_changeset_attached	=> cacert-devel testserver 4a3440f3
2012-09-18 22:35	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 2d62ec44
2012-09-18 22:35		Source_changeset_attached	=> cacert-devel testserver 90765f64
2012-09-18 22:35		Source_changeset_attached	=> cacert-devel testserver 155844fd
2012-09-18 22:35		Source_changeset_attached	=> cacert-devel testserver d2d4a360
2012-09-19 00:21	Uli60	Note Added: 0003201
2012-09-19 00:45	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver d0d9d817
2012-09-19 00:45	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 25a2c1ba
2012-09-19 00:50	Uli60	Note Added: 0003202
2012-09-19 00:54	Uli60	Note Edited: 0003202
2012-09-19 00:57	Uli60	Note Edited: 0003202
2012-09-19 10:36	Uli60	Relationship added	related to 0000440
2012-09-20 21:54	Uli60	Note Added: 0003204
2012-09-21 12:52	Uli60	Note Added: 0003207
2012-09-21 13:12	Uli60	Note Added: 0003208
2012-09-21 14:47	Uli60	Note Added: 0003211
2012-09-21 21:48	Uli60	Note Added: 0003212
2012-09-21 21:53	Uli60	Relationship added	related to 0001017
2012-09-21 21:57	Uli60	Relationship added	related to 0001035
2012-09-21 22:23	Uli60	Note Added: 0003215
2012-09-21 23:48	Uli60	Note Added: 0003218
2012-09-21 23:50	Uli60	Note Edited: 0003218
2012-09-21 23:53	Uli60	Note Added: 0003219
2012-09-22 00:36	Uli60	Note Added: 0003220
2012-09-22 00:38	Uli60	Note Edited: 0003220
2012-09-23 11:23	Uli60	Relationship added	related to 0001101
2012-10-02 23:45	NEOatNHNG	Source_changeset_attached	=> cacert-devel testserver 8cd72df5
2012-10-02 23:45		Source_changeset_attached	=> cacert-devel testserver 80850ba4
2012-10-16 13:36	Uli60	Note Added: 0003253
2012-10-23 22:39	Uli60	Note Added: 0003268
2012-11-07 00:40	BenBE	Source_changeset_attached	=> cacert-devel testserver 94e1086e
2012-11-07 00:40		Source_changeset_attached	=> cacert-devel testserver 826556f8
2012-12-20 19:09	Werner Dworak	Relationship added	parent of 0000301
2012-12-27 06:20	Werner Dworak	Relationship added	related to 0001042
2012-12-27 06:33	Werner Dworak	Relationship added	related to 0000827
2013-01-07 15:01	Werner Dworak	Relationship added	related to 0000114
2013-01-09 04:04	Werner Dworak	Relationship added	related to 0001134
2013-05-14 21:29	INOPIAE	Relationship added	related to 0001177
2013-05-14 21:29	INOPIAE	Relationship deleted	related to 0001177
2013-05-14 21:30	INOPIAE	Relationship added	child of 0001177
2013-10-24 13:18	Uli60	Relationship added	related to 0001208
2013-10-24 13:36	Uli60	Relationship added	related to 0001216
2014-09-02 20:52	INOPIAE	Relationship deleted	child of 0001177
2014-09-02 20:52	INOPIAE	Relationship added	related to 0001177
2015-04-07 20:08	felixd	Note Added: 0005368
2015-04-07 20:08	felixd	Status	needs work => fix available
2015-05-05 22:01	BenBE	Status	fix available => needs review & testing
2021-08-25 13:37	bdmc	Relationship added	related to 0000769

View Issue Details

Relationships

Activities

Issue History