View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001394 | Main CAcert Website | my account | public | 2015-07-28 20:40 | 2015-08-25 20:14 |
| Reporter | INOPIAE | Assigned To | BenBE | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | needs review & testing | Resolution | open | ||
| Product Version | 2015 Q3 | ||||
| Target Version | 2015 Q3 | ||||
| Summary | 0001394: Fix error message when entering an IDN domain | ||||
| Description | When entering an IDN domain to the system the error message is: "Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses." Better: "Due to the possibility for punycode domain exploits we currently only offer the use of IDN domains if your account has the code signing flag. More information can be found [in our wiki][https://wiki.cacert.org/FAQ/Privileges]." | ||||
| Additional Information | includes\account.php lines 119 and 544 | ||||
| Tags | No tags attached. | ||||
| Reviewed by | BenBE | ||||
| Test Instructions | Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. For conversion to IDN yuo can use http://mct.verisign-grs.com/ | ||||
|
|
I pushed a fix to https://github.com/INOPIAE/CAcert/commit/f2889a127e9c5a68a22b8accba00b32b94ce3971 |
|
|
I tested with Account karl.coyote@looney.info without code-signing flag. I tried to verify domain "körnerfutter.com" after conversion to "xn--krnerfutter-rfb.com". The Result was "Due to the possibility for punycode domain exploits we currently only offer the use of IDN domains if your account has the code signing flag. More information can be found in our wiki." This Error was expected => OK The 2nd Test was with Account paul.panter@pink.org with code-signing flag. I tried this domain to verify: xn--maraa-rta.org The 1st Step was accepted by addressing to email root@xn--maraa-rta.org By using the Link in the email the domain was accepted. This domain verification was accepted => OK |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-07-28 20:40 | INOPIAE | New Issue | |
| 2015-07-28 20:51 | INOPIAE | Additional Information Updated | |
| 2015-07-28 21:42 | INOPIAE | Description Updated | |
| 2015-07-28 21:47 | INOPIAE | Note Added: 0005440 | |
| 2015-07-28 21:47 | INOPIAE | Assigned To | => BenBE |
| 2015-07-28 21:47 | INOPIAE | Status | new => fix available |
| 2015-07-29 20:58 | BenBE | Status | fix available => needs review & testing |
| 2015-07-29 20:59 | BenBE | Reviewed by | => BenBE |
| 2015-07-29 20:59 | BenBE | Test Instructions | => Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. |
| 2015-07-31 05:33 | INOPIAE | Test Instructions | Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. => Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. For conversion to IDN yuo can use http://mct.verisign-grs.com/ |
| 2015-08-25 20:14 | StefanT | Note Added: 0005456 |
