View Issue Details

IDProjectCategoryView StatusLast Update
0000448Main CAcert Websitecertificate issuingpublic2014-06-29 10:22
Reportercardoe Assigned ToNEOatNHNG  
PrioritylowSeveritytweakReproducibilityalways
Status closedResolutionfixed 
Product Version2007 
Target Version2014 Q1Fixed in Version2014 Q1 
Summary0000448: when revoking a certificate, confusing info is given to the user
DescriptionI talked with sourcerer on IRC about this.

Basically when you revoke a certificate, it's revoked immediately but not added to the CRL. This in between time results in 1970-01-01 10:00:01 being displayed as the date/time for the revoke. This is technically incorrect and if the user gets the CRL at this time it doesn't include the just revoked certs. So it's confusing to the user since there is no indication as to what's going on..

sourcerer suggested and I think it would help if the following was changed.

<sourcerer> Yes, changing the message from "The certificate has been revoked" to "The certificate has been revoked. It will be added to the CertificateRevocationList (CRL) soon."

Also on the web interface possibly changing the 1970 date/time to "pending".
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructions

Relationships

related to 0001113 needs workBenBE Change english textes according to the wiki page https://wiki.cacert.org/Software/TranslationMisspelling 
related to 0001026 needs workUli60 Server Certificate was revoked but not by the user 

Activities

Werner Dworak

2013-01-10 14:45

updater   ~0003635

Last edited: 2013-01-10 14:55

View 2 revisions

Has been entered in list of bug 1113 in https://wiki.cacert.org/Software/TranslationMisspelling.

INOPIAE

2014-01-26 16:53

updater   ~0004538

I pushed a fix to https://github.com/INOPIAE/CAcert/tree/bug-448

test scenario:
Just revoke all kind of certificates and look at the success message.

Eva

2014-01-28 22:26

updater   ~0004549

I revoked a valid client certificate and got:

"Now revoking the following certificates:
Certificate for 'KatziAdmin@cacert.org' with the serial no '4E9A' has been revoked.

All listed certificates will be added to the Certificate Revocation List (CRL) soon."
-> ok

I revoked an expired client certificate and got the same kind of message.
-> ok

Both certificates were marked as revoked in the certificate list afterwards.
-> ok

I revoked an expired server certificate and got the same kind of message. It was displayed as revoked in the certificate list afterwards.
-> ok

I revoked an expired org server certificate and got the same kind of message. It was displayed as revoked in the certificate list afterwards.
-> ok

I revoked an expired org client certificate and got the same kind of message. It was displayed as revoked in the certificate list afterwards.
-> ok

=> ok

MartinGummi

2014-02-18 21:42

updater   ~0004590

I revoked a valid client certificate and got:

Die folgenden Zertifikate werden jetzt widerrufen:
Certificate for 'obelix@acme.com' with the serial no '4EAC' has been revoked.

All listed certificates will be added to the Certificate Revocation List (CRL) soon.

-> ok

expired client certificate same kind of message

-> ok

Both certificates were marked as revoked in the certificate list afterwards.
-> ok


-> ok

INOPIAE

2014-02-18 22:00

updater   ~0004591

As there areat least two successful tests please review.

NEOatNHNG

2014-02-25 22:24

administrator   ~0004608

Minor change: inlined static string instead of mangling it through printf(). Please make a short test and second review.

Eva

2014-02-25 22:34

updater   ~0004609

I did the same tests as above again. There was no change in the behavior compared to above test.

=> ok

NEOatNHNG

2014-03-11 22:15

administrator   ~0004628

Follow up patch from BenBE for XSS prevention. Still OK. Please test.

BenBE

2014-03-11 22:17

updater   ~0004629

Some minor issue in the patch had to be fixed. Otherwise the patch was OK.

Review OK.

Eva

2014-03-11 22:34

updater   ~0004631

I tried it again with client certificates, with the same result.

Since the last changes should not affect anything visible did not test the others, again.

=> ok

INOPIAE

2014-03-18 22:55

updater   ~0004657

I revoked 3 certificates at the same time.
For each certificates the information email address and serial no were given.
=> ok

INOPIAE

2014-03-18 22:56

updater   ~0004658

At least two tester tested successful. Ready to deploy.

NEOatNHNG

2014-03-21 18:12

administrator   ~0004672

Mail sent to critical admins.

wytze

2014-03-24 11:46

developer   ~0004681

The fix has been installed on the production server on March 24, 2014. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2014-03/msg00012.html

Issue History

Date Modified Username Field Change
2007-08-20 18:23 cardoe New Issue
2007-10-24 04:13 evaldo Priority normal => low
2007-10-24 04:13 evaldo Status new => confirmed
2007-10-24 04:13 evaldo Projection none => tweak
2012-12-22 20:54 Werner Dworak Relationship added related to 0001026
2013-01-10 14:45 Werner Dworak Note Added: 0003635
2013-01-10 14:45 Werner Dworak Status confirmed => needs work
2013-01-10 14:45 Werner Dworak Relationship added related to 0001113
2013-01-10 14:55 Werner Dworak Note Edited: 0003635 View Revisions
2014-01-26 16:53 INOPIAE Note Added: 0004538
2014-01-26 16:53 INOPIAE Assigned To => BenBE
2014-01-26 16:53 INOPIAE Status needs work => fix available
2014-01-28 20:27 BenBE Reviewed by => BenBE
2014-01-28 20:27 BenBE Assigned To BenBE => NEOatNHNG
2014-01-28 20:27 BenBE Status fix available => needs review & testing
2014-01-28 20:27 BenBE Product Version => 2007
2014-01-28 20:27 BenBE Target Version => 2014 Q1
2014-01-28 20:50 BenBE Source_changeset_attached => cacert-devel testserver-stable e6ed6581
2014-01-28 20:50 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 0a3e593b
2014-01-28 22:26 Eva Note Added: 0004549
2014-02-18 21:42 MartinGummi Note Added: 0004590
2014-02-18 22:00 INOPIAE Note Added: 0004591
2014-02-18 22:00 INOPIAE Status needs review & testing => needs review
2014-02-25 22:15 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable 2bc1cb6a
2014-02-25 22:15 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable aad62613
2014-02-25 22:24 NEOatNHNG Reviewed by BenBE => NEOatNHNG
2014-02-25 22:24 NEOatNHNG Note Added: 0004608
2014-02-25 22:24 NEOatNHNG Status needs review => needs review & testing
2014-02-25 22:34 Eva Note Added: 0004609
2014-03-11 22:15 NEOatNHNG Source_changeset_attached => cacert-devel testserver-stable c19594ae
2014-03-11 22:15 BenBE Source_changeset_attached => cacert-devel testserver-stable 8ac27d6e
2014-03-11 22:15 NEOatNHNG Note Added: 0004628
2014-03-11 22:17 BenBE Note Added: 0004629
2014-03-11 22:18 BenBE Reviewed by NEOatNHNG => NEOatNHNG, BenBE
2014-03-11 22:18 BenBE Status needs review & testing => needs testing
2014-03-11 22:34 Eva Note Added: 0004631
2014-03-18 22:55 INOPIAE Note Added: 0004657
2014-03-18 22:56 INOPIAE Note Added: 0004658
2014-03-18 22:56 INOPIAE Status needs testing => ready to deploy
2014-03-21 18:12 NEOatNHNG Note Added: 0004672
2014-03-21 18:15 NEOatNHNG Source_changeset_attached => cacert-devel release 0d791f45
2014-03-24 11:46 wytze Note Added: 0004681
2014-03-24 11:46 wytze Status ready to deploy => solved?
2014-03-24 11:46 wytze Fixed in Version => 2014 Q1
2014-03-24 11:46 wytze Resolution open => fixed
2014-06-29 10:22 INOPIAE Status solved? => closed