View Issue Details

IDProjectCategoryView StatusLast Update
0000657Main CAcert Websitecertificate issuingpublic2015-07-31 05:32
ReporterteusAssigned ToBenBE 
PriorityhighSeveritymajorReproducibilityalways
Status needs workResolutionopen 
Product Version2008 
Target Version2014 Q2Fixed in Version 
Summary0000657: server cert issued with country field takes first two letters of country
Descriptionissued server certificate with country field has a copy of first two letter of country name

or on organisation assurance only the country code should be accepted.
Additional Informationexample:
organisation country is named by the organisation assurer as: the Netherlands, the server certificate will show as country: "th"
TagsNo tags attached.
Reviewed by
Test Instructionshttps://bugs.cacert.org/view.php?id=657#c5150

Relationships

related to 0001382 needs reviewBenBE Missing name entries if organisation name contains special characters on Organisation overview 
related to 0001148 needs workBenBE Length of organization name limited by openssl / RFC not checked 

Activities

INOPIAE

2014-03-15 17:40

updater   ~0004641

Length of the fields according to RFC 5280
-- Upper Bounds
ub-name INTEGER ::= 32768
ub-common-name INTEGER ::= 64
ub-locality-name INTEGER ::= 128
ub-state-name INTEGER ::= 128
ub-organization-name INTEGER ::= 64
ub-organizational-unit-name INTEGER ::= 64
ub-title INTEGER ::= 64
ub-serial-number INTEGER ::= 64
ub-match INTEGER ::= 128
ub-emailaddress-length INTEGER ::= 255
ub-common-name-length INTEGER ::= 64
ub-country-name-alpha-length INTEGER ::= 2
ub-country-name-numeric-length INTEGER ::= 3
ub-domain-defined-attributes INTEGER ::= 4
ub-domain-defined-attribute-type-length INTEGER ::= 8
ub-domain-defined-attribute-value-length INTEGER ::= 128
ub-domain-name-length INTEGER ::= 16
ub-extension-attributes INTEGER ::= 256
ub-e163-4-number-length INTEGER ::= 15
ub-e163-4-sub-address-length INTEGER ::= 40
ub-generation-qualifier-length INTEGER ::= 3
ub-given-name-length INTEGER ::= 16
ub-initials-length INTEGER ::= 5
ub-integer-options INTEGER ::= 256
ub-numeric-user-id-length INTEGER ::= 32
ub-organization-name-length INTEGER ::= 64
ub-organizational-unit-name-length INTEGER ::= 32
ub-organizational-units INTEGER ::= 4
ub-pds-name-length INTEGER ::= 16
ub-pds-parameter-length INTEGER ::= 30
ub-pds-physical-address-lines INTEGER ::= 6
ub-postal-code-length INTEGER ::= 16
ub-pseudonym INTEGER ::= 128
ub-surname-length INTEGER ::= 40
ub-terminal-id-length INTEGER ::= 24
ub-unformatted-address-length INTEGER ::= 180
ub-x121-address-length INTEGER ::= 16

INOPIAE

2014-03-15 20:34

updater   ~0004642

I pushed a fix to https://github.com/INOPIAE/CAcert/tree/bug-657

INOPIAE

2014-06-08 09:54

updater   ~0004806

I merged the branch with the recent release and testserver-stable branches.
The fix is avilable under https://github.com/INOPIAE/CAcert/tree/bug-657 [^]

BenBE

2014-06-15 18:01

updater   ~0004842

Current patch lacking server-side validation and reporting (e.g. warning) when violating the restrictions.

felixd

2014-12-02 21:00

updater   ~0005150

Last edited: 2014-12-02 21:00

View 2 revisions

Test instructions:

Verify that there is information about the length limits in the "new-org-form"
Verify that a lowercase country code gets converted to upper case before being inserted into the DB
Verify that strange characters ( < > " & ... ) in Org name, Contact mail, town, state and country are correctly escaped when editing the organisation.
Verify that there is an "Edit Organisation" button while editing an organisation
 and there is a "New Organisation" button while creating a new one

Eva

2014-12-02 21:47

updater   ~0005153

Last edited: 2014-12-02 21:50

View 2 revisions

I added the organisation "Gallien" as new organisation.

There was an information about the length limit to the country code.
-> ok

Lower case country code was converted to upper case country code.
-> ok

I added <"&%@> after the normal entries into Org name, Town, State and Comment (forgot email)
-> in the organisation overview they get displayed as I had enterd them
-> when trying to edit the organisation this characters are gone
-> I'm not sure how this should look like, but it should be the same for both


The "Edit Organisation" button is called "Update" the "New Organisation" buttion is called "Next"

=> Not OK. At least the visualisation of the escaping needs more work.

Issue History

Date Modified Username Field Change
2008-12-09 11:23 teus New Issue
2014-03-15 17:40 INOPIAE Note Added: 0004641
2014-03-15 20:01 INOPIAE Assigned To => INOPIAE
2014-03-15 20:34 INOPIAE Note Added: 0004642
2014-03-15 20:34 INOPIAE Assigned To INOPIAE => BenBE
2014-03-15 20:34 INOPIAE Status new => fix available
2014-06-08 09:54 INOPIAE Note Added: 0004806
2014-06-15 17:45 BenBE Source_changeset_attached => cacert-devel testserver-stable b6b67f82
2014-06-15 17:45 BenBE Source_changeset_attached => cacert-devel testserver-stable f50ec866
2014-06-15 17:45 BenBE Source_changeset_attached => cacert-devel testserver-stable eb482e86
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable ba462bd6
2014-06-15 17:45 BenBE Source_changeset_attached => cacert-devel testserver-stable c80cd13b
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 5b725c22
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable b86110f3
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable ba4e4e64
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 014b2bc7
2014-06-15 17:45 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 1fe48d41
2014-06-15 17:47 BenBE Status fix available => needs review & testing
2014-06-15 17:47 BenBE Product Version => 2008
2014-06-15 17:47 BenBE Target Version => 2014 Q2
2014-06-15 18:01 BenBE Note Added: 0004842
2014-12-02 21:00 felixd Note Added: 0005150
2014-12-02 21:00 felixd Note Edited: 0005150 View Revisions
2014-12-02 21:01 felixd Test Instructions => https://bugs.cacert.org/view.php?id=657#c5150
2014-12-02 21:47 Eva Note Added: 0005153
2014-12-02 21:50 Eva Note Edited: 0005153 View Revisions
2014-12-23 20:29 Eva Status needs review & testing => needs work
2015-07-30 11:05 INOPIAE Relationship added related to 0001382
2015-07-31 05:32 INOPIAE Relationship added related to 0001148