View Issue Details

IDProjectCategoryView StatusLast Update
0000794Main CAcert Websiteaccount administrationpublic2013-01-15 14:27
Reporteriang Assigned Toegal  
PriorityhighSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2012 Q1 
Summary0000794: visibility over certificates for sysadm in account administration
DescriptionFor system admin flag, want to be able to see all certificates ever issued on an account.
Additional InformationThere are two primary motives for this

1. account removal: We need to know whether there were ANY certificates EVER issued. If so, this becomes a more complicated case and probably has to be handed back to Arbitrator.

If there were no certificates ever issued, and no Assurance Points issued, then it may be possible to optimise the work flow, and have the SE deal with early processing (under some Arbitrator blanket ruling). Currently however, we cannot do this because to see the certificates on issue, we have to capture the account, which definitely requires Arbitrator authority.

1.a So to meet this requirement, information should be added to (for example) count the total number of certs ever issued.

If there are some certificates issued, then we need the information on those. We need to see each certificate, its type, expiry and current status (expired, revoked, active). This is so that the Arbitrator can make a judgement call over whether there is a reliance issue or not.

1.b For this, link could be added to the bottom saying "Show the certificates that the Member has." This link could be EXOR-display with the other "Show" links at the bottom.

2. The second motivation is general user support (as opposed to account termination).

2.a A lot of it would be satisfied by 1.b above.

2.b For full satisfaction and extra ice-cream, we would like a [REVOKE] button added to each line of an active certificate.

3. Also fine if this were separated into "Show Client Certs" and "Show Server Certs" and ditto for Org certs.

4. It's probably not sufficient to show zero current certificates, because reliance carries on, so Arbitrator must decide over past reliance.
TagsNo tags attached.
Reviewed byTed, NEOatNHNG
Test Instructions

Relationships

related to 0000882 closedUli60 display Assurance when field in list of assurances received, assurances given by a user in admin console interface 
related to 0000975 closedUli60 report potential database inconsistency in SE console (debug infos) 
related to 0000859 needs workNEOatNHNG feature request: show activity on an account in the admin interface. 
related to 0000089 needs workSourcerer GPG Revokation Escrow Service 
related to 0001079 needs work GPG key can not be revoked 

Activities

edgarwahn

2009-11-30 09:59

developer   ~0001524

As far as I understand you request *read only* insight into another account? Would it be ok if there was a page displaying all *relevant* (needs to be defined what is relevant, though) data of another persons account, i.e. like the stats page displays an overview of registered users, issued certs and so on?

Can someone of the live admins provide an sql dump of an admin's account user data (with blanked real name and password, of course)? Or is it just setting an admin flags and be done (need to enable this on the test system to see what I'm doing)?

iang

2009-12-08 20:55

developer   ~0001530

At this stage, SEs would be very happy with *read only* access into the member's account. This would help us solve a common problem which is that the Arbitrator demands to know what certificates the member has issued (all of them, even expired and revoked are important).

Later on a button to revoke might be good too. But that sort of write access is also bound up in a total control over the account so we can use the existing methods to do that, and we can defer that to another day.

iang

2009-12-09 12:17

developer   ~0001531

according to 'bug' 794 i added a little bit code between line 203 and 204 in 43.php:

-------------------------- bite here -----------------
<?
  $query = "select * from `domains` inner join `domaincerts` on `domaincerts`.`domid` = `domains`.`id` where
`memid`='".intval($row['id'])."' ";
  $dres = mysql_query($query);
  if(mysql_num_rows($dres) > 0) {
    $rc = mysql_num_rows($dres);
?>
  <tr>
    <td class="DataTD"><?=_("Total domain-certificates")?>:</td>
    <td class="DataTD"><?=$rc ?></td>
  </tr>
<? }?>
<?
  $query = "select * from `emailcerts` where
`memid`='".intval($row['id'])."' ";
  $dres = mysql_query($query);
  if(mysql_num_rows($dres) > 0) {
    $rc = mysql_num_rows($dres);
?>
  <tr>
    <td class="DataTD"><?=_("Total email-certificates")?>:</td>
    <td class="DataTD"><?=$rc ?></td>
  </tr>
<? }?>
<?
  $query = "select * from `gpg` where `memid`='".intval($row['id'])."' ";
  $dres = mysql_query($query);
  if(mysql_num_rows($dres) > 0) {
    $rc = mysql_num_rows($dres);
?>
-------------------------- bite here -----------------

i added this patch after a request from ian (in the case of support officer) to do a quick-check of cacert-users, who want their account to be removed.

hint: if they did not issue certificates, did not sign pgp-keys and did not assure somebody, now arbitration should be needed for deleting an account (as far as i got the point).

future patches will show, if the user has revoked/expired certificates ...

iang

2009-12-09 12:18

developer   ~0001532

Previous note written by Dirk, not iang.

Sourcerer

2009-12-10 18:56

administrator   ~0001533

The patch is missing the last part, which closes the opened block:
  <tr>
    <td class="DataTD"><?=_("Total GPG keys")?>:</td>
    <td class="DataTD"><?=$rc ?></td>
  </tr>
  <? }?>

iang

2009-12-10 19:05

developer   ~0001534

Last edited: 2009-12-10 19:07

I have reviewed this patch, and it looks security-clean to me. c.f., it only prints out total numbers, it only does selects from relevant tables to subject matter, and it sanitises the $row['id'] for SQL Injection. Latter on prodding...

Sourcerer

2009-12-10 19:22

administrator   ~0001535

The patch does a SELECT * , and then only uses the mysql_num_rows() from the resulting table of all certificates. This is needlessly quite expensive, database-wise.

aphexer

2010-01-03 00:30

reporter   ~0001543

In case it's of help, replying to the above comment about SELECT *:

you can use SELECT COUNT(*) to increase performance. Using mysql_num_rows() should be minimized. Getting the count can always be done in SQL language, and hence enables the mysql optimizer to do it's job better.

JSteijlen

2010-09-04 07:22

reporter   ~0001703

Is the amount of certificates interesting? In my opinion no.

It is a yes/no question "Are there currently non-expired non-revoked certificates active?".
So an "yes/no", "true/false" or "last_expiry_date/none" indicator on the admin interface should suffice.
I'd prefer the last.

JSteijlen

2010-09-04 07:23

reporter   ~0001704

By the way.

What if the user has used the option to sign his GPG key using CAcert?

law

2010-11-03 01:02

administrator   ~0001778

Is there already a patch which was submitted to Software Assessment?
Can you attach this completely?

I would like to have a look at it, since I am working on many delete account requests currently and the patch might reduce workload for support a lot.

Uli60

2011-08-23 14:16

updater  

43.php (18,790 bytes)

Uli60

2011-08-23 14:19

updater   ~0002330

/pages/account/43.php

fix that incorporates notes made so far
https://bugs.cacert.org/view.php?id=794#c1531
https://bugs.cacert.org/view.php?id=794#c1533
https://bugs.cacert.org/view.php?id=794#c1543
https://bugs.cacert.org/view.php?id=794#c1703

Ted

2011-08-23 21:12

administrator   ~0002333

Created git branch bug-794 and transferred to testserver

Ted

2011-08-23 21:12

administrator   ~0002334

First review ok

Ted

2011-08-23 21:22

administrator   ~0002335

IMHO this fix is not very helpful, the only use case I can imagin is the "quick account deletion" procedure (No certs exist at all ==> quick deletion possible).

I'd propose to add the following columns for domain and client certs to the list:
- number of total certificates
- number of valid (non expired, non-revoked) certs
- latest expiry date of valid certificates
- latest expiry date of all certificates (that is, including revoked certs)

For GPG keys the same information (if applicable) would be nice.

INOPIAE

2011-08-23 22:45

updater   ~0002340

Login in as SE
Find user
Table for certificates is visible
The wording should be changed from Total certs to Certs available to match the boolean wording

Uli60

2011-08-26 10:19

updater  

43_794_110826.php (23,061 bytes)

Uli60

2011-08-26 10:21

updater   ~0002352

re-distribute 0000794 patches
code based on cacert
commit ce4bfbaf0c2babb5bba2568d3b8712e1615aa651

Uli60

2011-08-26 10:55

updater  

43-794-diff-20110826.diff (6,723 bytes)   
320a321,480
> <? //  Begin - Debug infos
> 
>   // ---  bug-794 begin ---
> 
>   // list total, expired, deleted, latest_expire_date  ?
> 
>  $query = "select COUNT(domaincerts.id) as countdomaincerts  from `domains` inner join `domaincerts` on `domaincerts`.`domid` = `domains`.`id` where `memid`='".intval($row['id'])."' ";
>   $dres = mysql_query($query);
>   $drow = mysql_fetch_assoc($dres);
>   $rctotal = $drow['countdomaincerts'];
>   if($rctotal > 0) {
>     // select domid's
>     $query = "select id as domids from `domains` where `memid`='".intval($row['id'])."' ";
>     $dres = mysql_query($query);
>     $rcexpired = 0;
>     $rcrevoked = 0;
>     $rcexpiremax = "0000-00-00 00:00:00";    
>     while ($drow = mysql_fetch_assoc($dres)) {
>       $ndomid = intval($drow['domids']); 
> 
>       $query2 = "select COUNT(id) as dexpired  from `domaincerts` where `domid`='".$ndomid."' and revoked = '0000-00-00 00:00:00' and expire < now() ";
>       $dres2  = mysql_query($query2);
>       $drow2  = mysql_fetch_assoc($dres2);
>       $rcexpired += intval($drow2['dexpired']);
> 
>       $query2 = "select COUNT(id) as drevoked  from `domaincerts` where `domid`='".$ndomid."' and revoked != '0000-00-00 00:00:00' ";
>       $dres2  = mysql_query($query2);
>       $drow2  = mysql_fetch_assoc($dres2);
>       $rcrevoked += intval($drow2['drevoked']);
> 
>       $query2 = "select expire as mexpire  from `domaincerts` where `domid`='".$ndomid."' and revoked = '0000-00-00 00:00:00' order by expire desc ";
>       $dres2  = mysql_query($query2);
>       $drow2  = mysql_fetch_assoc($dres2);
>       $rcexpiremax = max($rcexpiremax,$drow2['mexpire']);      
> 
>       $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);
>     }
>   }    
> ?>
> <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
>   <tr>
>     <td colspan="6" class="title"><?=_("Total Certificates State")?></td>
>   </tr>
> 
>   <tr>
>     <td class="DataTD"><?=_("Certificates")?>:</td>
>     <td class="DataTD"><?=_("Total")?></td>
>     <td class="DataTD"><?=_("Active")?></td>
>     <td class="DataTD"><?=_("Expired")?></td>
>     <td class="DataTD"><?=_("Revoked")?></td>
>     <td class="DataTD"><?=_("Latest Expire")?></td>
>   </tr>
> 
>   <tr>
>     <td class="DataTD"><?=_("Total domain-certificates")?>:</td>
> <?
>   if($rctotal > 0) {
> ?>
>     <td class="DataTD"><?=intval($rctotal)?></td>
>     <td class="DataTD"><?=intval($rcactive)?></td>
>     <td class="DataTD"><?=intval($rcexpired)?></td>
>     <td class="DataTD"><?=intval($rcrevoked)?></td>
>     <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>            
>   </tr>
> <? } else { ?>
>     <td colspan="5" class="DataTD"><?=_("None")?></td>
>   </tr>
> <? }
> 
>   $query = "select COUNT(id) as countemailcerts from `emailcerts` where `memid`='".intval($row['id'])."' ";
>   $dres = mysql_query($query);
>   $drow = mysql_fetch_assoc($dres);
>   $rctotal = $drow['countemailcerts'];
>   if($rctotal > 0) {
>     $rcexpired = 0;
>     $rcrevoked = 0;
>     $rcexpiremax = "0000-00-00 00:00:00";    
> 
>     $query2 = "select COUNT(id) as eexpired  from `emailcerts` where `memid`='".intval($row['id'])."' and revoked = '0000-00-00 00:00:00' and expire < now() ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcexpired = intval($drow2['dexpired']);
> 
>     $query2 = "select COUNT(id) as erevoked  from `emailcerts` where `memid`='".intval($row['id'])."' and revoked != '0000-00-00 00:00:00' ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcrevoked = intval($drow2['erevoked']);
> 
>     $query2 = "select expire as eexpire  from `emailcerts` where `memid`='".intval($row['id'])."' and revoked = '0000-00-00 00:00:00' order by expire desc ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcexpiremax = $drow2['eexpire'];
>     
>     $rcactive = intval($rctotal)-intval($rcexpired)-intval($rcrevoked);      
> 
> ?>
>   <tr>
>     <td class="DataTD"><?=_("Total email-certificates")?>:</td>
>     <td class="DataTD"><?=intval($rctotal)?></td>
>     <td class="DataTD"><?=intval($rcactive)?></td>
>     <td class="DataTD"><?=intval($rcexpired)?></td>
>     <td class="DataTD"><?=intval($rcrevoked)?></td>
>     <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
>   </tr>
> <? } else { ?>
>   <tr>
>     <td class="DataTD"><?=_("Total email-certificates")?>:</td>
>     <td colspan="5" class="DataTD"><?=_("None")?></td>
>   </tr>
> <? }
>   $query = "select COUNT(id) as countgpgcerts from `gpg` where `memid`='".intval($row['id'])."' ";
>   $dres = mysql_query($query);
>   $drow = mysql_fetch_assoc($dres);  
>   $rctotal = $drow['countgpgcerts'];
>   if($rctotal > 0) {
>     $rcexpired = 0;
>     $rcexpiremax = "0000-00-00 00:00:00";    
> 
>     $query2 = "select COUNT(id) as gexpired  from `gpg` where `memid`='".intval($row['id'])."' and expire < now() ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcexpired = intval($drow2['gexpired']);
> 
> /*
>     $query2 = "select COUNT(id) as erevoked  from `gpg` where `memid`='".intval($row['id'])."' and revoked != '0000-00-00 00:00:00' ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcrevoked = intval($drow2['erevoked']);
>  */
>  
>     $query2 = "select expire as gexpire  from `gpg` where `memid`='".intval($row['id'])."' order by expire desc ";
>     $dres2  = mysql_query($query2);
>     $drow2  = mysql_fetch_assoc($dres2);
>     $rcexpiremax = $drow2['gexpire'];
>     
>     $rcactive = intval($rctotal)-intval($rcexpired);      
> ?>    
>  <tr>
>     <td class="DataTD"><?=_("Total GPG keys")?>:</td>
>     <td class="DataTD"><?=intval($rctotal)?></td>
>     <td class="DataTD"><?=intval($rcactive)?></td>
>     <td class="DataTD"><?=intval($rcexpired)?></td>
>     <td class="DataTD">&nbsp;</td>
>     <td class="DataTD"><?=($rcexpiremax!="0000-00-00 00:00:00")?substr($rcexpiremax,0,10):(($rcactive>0)?"Pending":"&nbsp;") ?></td>
>   </tr>
> <? } else { ?> 
>  <tr>
>     <td class="DataTD"><?=_("Total GPG keys")?>:</td>
>     <td colspan="5" class="DataTD"><?=_("None")?></td>
>   </tr>
> <? } ?>
> </table>
> <br>
> <?
>   // ---  bug-794 end ---
> ?>
> <?    
>  //  End - Debug infos
> ?>
> 
43-794-diff-20110826.diff (6,723 bytes)   

Ted

2011-09-19 20:55

administrator   ~0002465

Imported new patch to bug-794, merged into master, installed on testsystem

Ted

2011-09-19 21:36

administrator   ~0002466

Done review:

- Added backticks to non-keywords
- For "Last Expire" the dates of revoked certs are also relevant

Otherwise changes are acceptable.

Ted

2011-09-19 21:51

administrator   ~0002467

Done some testing:

Checked account ted@convey.de, numbers are correct. ==> OK
Checked accunt charly@brown.com, numbers are correct ==> OK
Checked account switch1@convey.de, expired cert is shown (after bugfix) ==> OK

Overall tests succeeded

INOPIAE

2011-09-21 19:00

updater   ~0002483

The table looks good to me.
The accounts that I can check are calculated correct. => OK

Uli60

2011-09-23 08:15

updater   ~0002496

checked ulrich@cacert.org, numbers, latest expires are correct ==> ok
checked wolfgang@wiamail.de, numbers, latest expires are correct ==> ok
checked orgadmin@wiamail.de, numbers, latest expires are correct
  relating user certs ==> ok
  org client, org server certs missing ==> not ok

Uli60

2011-09-23 23:52

updater   ~0002497

Last edited: 2011-09-24 09:52

View 5 revisions

addtl. patch regarding org certs (email + server certs)
linked thru org (while working as orgadmin) to users account
/pages/account/43.php diff file has only addtl. lines in it
replace line 639 with the full diff code
(probably its line 639, retrieved from current cacert-devel state)
to insert to existing 43.php fix before table closes
(-> 43-diff-20110923.php)

addtl. proposal, to add one more if/else around the new fix
count id as tempcount from org where org.memid=row['id']
if row['tempcount'] > 0 // account is linked to org(s)
  add patch diff
else
  tr td "org certs" /td td "none" /td /tr
see 43-diff-20110924.php

for the latter patch:
login with orgadmin1 -> displays 6 org client certs for org1
login with orgadmin2 -> displays 6 org client certs for org1
as orgadmin1 and orgadmin2 are selected orgadmins for org1
so therefor under useraccount of orgadmin1 and under useraccount orgadmin2
the org client certs needs to be counted (same with org server certs)

earlier patch from today had some problems that I've discovered later, mysql_fetch_assoc() supplied arg is not a valid MySQL result resource in lines 506,556,561, now fixed

Uli60

2011-09-24 09:50

updater  

43-diff-20110924.php (5,413 bytes)

Ted

2011-09-24 19:32

administrator   ~0002500

Changes added to branch bug-794, merged into master and installed on testserver.

Ted

2011-09-24 19:58

administrator   ~0002502

Last edited: 2011-09-24 19:59

View 2 revisions

I'm not sure it it makes much sense to list Org certificates in the user account.

There may be multiple admins per org and multiple orgs per admin, so IMHO the significance of the sum of Org certificates per user is doubtful...

Otherwise I've done the first review and did some (successful) testing.

Uli60

2011-09-25 00:06

updater   ~0002509

comment to https://bugs.cacert.org/view.php?id=794#c2502
by default user info is listed as Org Certs -> None
In case of Arbitration delete account requests, the quick info gives an overview about the user that needs to be handled under arbitration.
If an OrgAdmin requests a delete account, every different result then Org Certs -> None means, that the arbitrator has to do deeper research, as this user is not only a regular user, he is OrgAdmin too.
Maybe, the Org may have several OrgAdmins, then its not a problem, but maybe the Org has only one admin, the Org runs into a problem if the only one OrgAdmin requested a delete account. So further steps needs to be introduced by the arbitrator. In most cases (Org Certs -> None), the request can pass without further investigations into the Org Assurance area.
The addtl. info "Org Certs -> None" can be seen as the completed pre info about an users account under arbitration. Otherwise the Arbitrator has to request from SE to hijack the users account and to check Org Certs for Org Client certs and for Org Server certs to receive this info.

I did a quick review for orgadmin@ test account:
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: 1 1 0 0 2013-04-30
Total email-certificates: 3 3 0 0 2013-04-30
Total GPG keys: None
Total org-domain-certificates: 2 1 0 1 2013-04-30
Total org-email-certificates: 13 11 0 2 2012-09-21

This admin console result reflects the similiar view as under the users account
individual view for org client certs and org server certs
with 1 revoked and 1 active org domain certs and 2 revoked and 11 active org server certs. In the test scenario, two orgadmins both relates to two orgs.
So if one orgadmin is closed, the other still can handle the certs. In case its the only orgadmin for the domains/orgs, the org is in trouble. An arbitrator has to inspect the case with a deeper research.

With this result the https://bugs.cacert.org/view.php?id=794#c2496 test is now also finished successful. => ok

Uli60

2011-09-25 00:09

updater   ~0002510

re-test:
checked ulrich@cacert.org, numbers, latest expires are correct, no org certs
 ==> ok
checked wolfgang@wiamail.de, numbers, latest expires are correct, no org certs
 ==> ok
checked orgadmin@wiamail.de, numbers, latest expires are correct, org certs listed correct
 ==> ok

Uli60

2011-09-25 16:45

updater   ~0002515

regarding https://bugs.cacert.org/view.php?id=968 tests, 2 more test accounts to check:
login with admin account
admin - find user -> bug968.user1@wiamail.de
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: 8 6 0 2 2013-09-24
Total email-certificates: 7 6 0 1 2013-09-24
Total GPG keys: 1 1 0 2012-09-25
Org certificates: None
=> ok

admin - find user -> bug968.user2@wiamail.de
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: None
Total email-certificates: None
Total GPG keys: None
Total org-domain-certificates: 10 8 0 2 2013-09-24
Total org-email-certificates: 10 8 0 2 2012-09-24
=> ok

INOPIAE

2011-09-27 08:08

updater   ~0002528

admin - find user -> m.maengel@inopiae.com
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: None
Total email-certificates: 7 7 0 0 2013-09-25
Total GPG keys: None
Total org-domain-certificates: None
Total org-email-certificates: 2 2 0 0 2012-08-25
=> ok

revoked one email-certificate
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: None
Total email-certificates: 7 6 0 1 2013-09-25
Total GPG keys: None
Total org-domain-certificates: None
Total org-email-certificates: 2 2 0 0 2012-08-25
=> ok

Uli60

2011-09-27 18:35

updater   ~0002535

tested by 3, test finished
needs 2nd review + deploy

NEOatNHNG

2011-10-12 13:29

administrator   ~0002593

I have reviewed the changes. They are not pretty, IMHO you should not loop through all domains but let SQL figure it out, for the finding out the biggest value don't sort and then extract the first entry, use the SQL MAX() function instead and so on. Also more or less guessing the number of pending/active certificates instead of explicitly querying for them is not very good style (the calculation may be wrong because a certificate could be revoked _and_ expired which would also give a wrong sense of valid certificates. Problem is testing this case as we would have to wait half a year until the error shows.

So it's a reject from me.

NEOatNHNG

2011-12-06 17:55

administrator   ~0002735

I have rewritten the patch. Please review and test it.

INOPIAE

2011-12-06 21:41

updater   ~0002736

Last edited: 2011-12-06 21:51

View 3 revisions

login with admin account
admin - find user -> bug968.user1@wiamail.de
recheck with old data
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: 8 6 0 2 2013-09-24
Total email-certificates: 7 6 0 1 2013-09-24
Total GPG keys: 1 1 0 2012-09-25
Org certificates: None
=> ok

admin - find user -> bug968.user2@wiamail.de
recheck with old data
Total Certificates Status
Certificates: Total Active Expired Revoked Latest Expire
Total domain-certificates: None
Total email-certificates: None
Total GPG keys: None
Total org-domain-certificates: 10 8 0 2 2013-09-24
Total org-email-certificates: 10 8 0 2 2012-09-24
=> ok

admin - find user -> m.maengel@inopiae.com
check of actual data
Certificates: Total Active Expired Revoked Latest Expire
Server: None
Client: 10 8 0 2 2013-11-30
GPG: None
Org Server: None
Org Client: 5 5 0 0 2012-10-22

revoked two

Cert Type: Total G├╝ltig Abgelaufen Widerrufen Latest Expire
Server: None
Client: 10 8 0 2 2013-11-30
GPG: None
Org Server: None
Org Client: 5 3 0 2 2012-10-22
=>ok

Uli60

2011-12-06 23:04

updater   ~0002737

login with admin account
find user -> bug968.user1@wiamail.de
Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: 8 6 0 2 2013-09-24
Client: 7 6 0 1 2013-09-24
GPG: 1 1 0 2012-09-25
Org Server: None
Org Client: None
=> ok
identical to https://bugs.cacert.org/view.php?id=794#c2515 report

find user -> bug968.user2@wiamail.de
Certificates
Cert Type: Total Valid Expired Revoked Latest Expire
Server: None
Client: None
GPG: None
Org Server: 10 8 0 2 2013-09-24
Org Client: 10 8 0 2 2012-09-24
=> ok
identical to https://bugs.cacert.org/view.php?id=794#c2515 report

Uli60

2011-12-13 16:47

updater   ~0002744

after update 2011-12-06, tested, needs 2nd review and transfer to critical team

Ted

2012-01-05 16:56

administrator   ~0002762

Did second review, changes are OK.

Sent patch request to Critical Admins.

Merged into release branch

wytze

2012-01-05 21:07

developer   ~0002764

The fix has been installed on the production server on January 5, 2012. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2012-01/msg00000.html

Werner Dworak

2012-12-21 04:55

updater   ~0003504

More than 3 month fixed and no complaints

Issue History

Date Modified Username Field Change
2009-11-27 13:09 iang New Issue
2009-11-30 09:59 edgarwahn Note Added: 0001524
2009-12-08 20:55 iang Note Added: 0001530
2009-12-09 12:17 iang Note Added: 0001531
2009-12-09 12:18 iang Note Added: 0001532
2009-12-10 18:56 Sourcerer Note Added: 0001533
2009-12-10 19:05 iang Note Added: 0001534
2009-12-10 19:05 iang Note Edited: 0001534
2009-12-10 19:07 iang Note Edited: 0001534
2009-12-10 19:18 iang Description Updated
2009-12-10 19:18 iang Additional Information Updated
2009-12-10 19:22 Sourcerer Note Added: 0001535
2009-12-10 19:24 iang Additional Information Updated
2009-12-10 19:28 iang Status new => needs work
2009-12-10 19:28 iang Assigned To => iang
2010-01-03 00:30 aphexer Note Added: 0001543
2010-09-04 07:22 JSteijlen Note Added: 0001703
2010-09-04 07:23 JSteijlen Note Added: 0001704
2010-11-03 01:02 law Note Added: 0001778
2011-08-23 13:00 Uli60 Relationship added related to 0000975
2011-08-23 13:00 Uli60 Relationship added related to 0000859
2011-08-23 14:16 Uli60 File Added: 43.php
2011-08-23 14:18 Uli60 Assigned To iang => Uli60
2011-08-23 14:19 Uli60 Note Added: 0002330
2011-08-23 14:19 Uli60 Status needs work => fix available
2011-08-23 21:07 Ted Assigned To Uli60 => Ted
2011-08-23 21:12 Ted Note Added: 0002333
2011-08-23 21:12 Ted Status fix available => needs review & testing
2011-08-23 21:12 Ted Reviewed by => Ted
2011-08-23 21:12 Ted Note Added: 0002334
2011-08-23 21:15 Ted Source_changeset_attached => cacert-devel master 114d6a8a
2011-08-23 21:22 Ted Note Added: 0002335
2011-08-23 22:45 INOPIAE Note Added: 0002340
2011-08-26 10:19 Uli60 File Added: 43_794_110826.php
2011-08-26 10:20 Uli60 Relationship added related to 0000882
2011-08-26 10:21 Uli60 Note Added: 0002352
2011-08-26 10:21 Uli60 Status needs review & testing => fix available
2011-08-26 10:55 Uli60 File Added: 43-794-diff-20110826.diff
2011-09-19 20:55 Ted Source_changeset_attached => cacert-devel master 8d08726d
2011-09-19 20:55 Ted Note Added: 0002465
2011-09-19 20:55 Ted Status fix available => needs review & testing
2011-09-19 21:10 Ted Source_changeset_attached => cacert-devel master 47900bc7
2011-09-19 21:35 Ted Source_changeset_attached => cacert-devel master bd5d7647
2011-09-19 21:36 Ted Note Added: 0002466
2011-09-19 21:50 Ted Source_changeset_attached => cacert-devel master cb2bc551
2011-09-19 21:51 Ted Note Added: 0002467
2011-09-21 19:00 INOPIAE Note Added: 0002483
2011-09-23 08:15 Uli60 Note Added: 0002496
2011-09-23 23:49 Uli60 File Added: 43-diff-20110923.php
2011-09-23 23:52 Uli60 Note Added: 0002497
2011-09-23 23:52 Uli60 Assigned To Ted => Uli60
2011-09-23 23:52 Uli60 Status needs review & testing => fix available
2011-09-23 23:54 Uli60 Note Edited: 0002497 View Revisions
2011-09-24 00:01 Uli60 Note Edited: 0002497 View Revisions
2011-09-24 08:42 Uli60 File Added: 43-diff-20110924.php
2011-09-24 08:45 Uli60 Note Edited: 0002497 View Revisions
2011-09-24 09:49 Uli60 File Deleted: 43-diff-20110924.php
2011-09-24 09:49 Uli60 File Deleted: 43-diff-20110923.php
2011-09-24 09:50 Uli60 File Added: 43-diff-20110924.php
2011-09-24 09:52 Uli60 Note Edited: 0002497 View Revisions
2011-09-24 19:30 Source_changeset_attached => cacert-devel master 4ce73dfd
2011-09-24 19:32 Ted Note Added: 0002500
2011-09-24 19:32 Ted Status fix available => needs review & testing
2011-09-24 19:58 Ted Note Added: 0002502
2011-09-24 19:59 Ted Note Edited: 0002502 View Revisions
2011-09-25 00:06 Uli60 Note Added: 0002509
2011-09-25 00:09 Uli60 Note Added: 0002510
2011-09-25 16:45 Uli60 Note Added: 0002515
2011-09-27 08:08 INOPIAE Note Added: 0002528
2011-09-27 18:35 Uli60 Note Added: 0002535
2011-09-27 18:35 Uli60 Status needs review & testing => ready to deploy
2011-09-27 23:12 NEOatNHNG Source_changeset_attached => cacert-devel testserver 964fa7e4
2011-10-08 12:07 Ted Status ready to deploy => needs review
2011-10-11 23:46 Uli60 Priority normal => high
2011-10-12 13:29 NEOatNHNG Note Added: 0002593
2011-10-12 13:29 NEOatNHNG Status needs review => needs work
2011-11-29 21:49 NEOatNHNG Assigned To Uli60 => NEOatNHNG
2011-12-06 17:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 7018142b
2011-12-06 17:50 NEOatNHNG Source_changeset_attached => cacert-devel testserver 7df3644a
2011-12-06 17:55 NEOatNHNG Note Added: 0002735
2011-12-06 17:55 NEOatNHNG Status needs work => needs review & testing
2011-12-06 21:41 INOPIAE Note Added: 0002736
2011-12-06 21:45 INOPIAE Note Edited: 0002736 View Revisions
2011-12-06 21:51 INOPIAE Note Edited: 0002736 View Revisions
2011-12-06 23:04 Uli60 Note Added: 0002737
2011-12-07 00:04 NEOatNHNG Reviewed by Ted => NEOatNHNG
2011-12-07 12:50 NEOatNHNG Assigned To NEOatNHNG => egal
2011-12-13 16:47 Uli60 Note Added: 0002744
2011-12-13 16:47 Uli60 Status needs review & testing => needs review
2012-01-05 16:45 Ted Source_changeset_attached => cacert-devel release c8d80cee
2012-01-05 16:45 Ted Source_changeset_attached => cacert-devel release 833fa287
2012-01-05 16:56 Ted Reviewed by NEOatNHNG => Ted, NEOatNHNG
2012-01-05 16:56 Ted Note Added: 0002762
2012-01-05 16:56 Ted Status needs review => ready to deploy
2012-01-05 21:07 wytze Note Added: 0002764
2012-01-05 21:07 wytze Status ready to deploy => solved?
2012-01-05 21:07 wytze Resolution open => fixed
2012-12-20 07:58 Werner Dworak Relationship added related to 0000089
2012-12-20 08:34 Werner Dworak Relationship added related to 0001079
2012-12-21 04:55 Werner Dworak Note Added: 0003504
2012-12-21 04:55 Werner Dworak Status solved? => closed
2013-01-15 14:27 Werner Dworak Fixed in Version => 2012 Q1