View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000946Main CAcert Websitemiscpublic2011-05-25 10:272013-01-15 17:20
ReporterUli60 Assigned ToUli60  
PrioritynormalSeverityblockReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version2011 Q2 
Summary0000946: class3 subroot resign procedure - rollout
Descriptionpages that includes class3 subroot fingerprint needs to be changed
class3 subroot needs to be changed for download

affected source code:
# /pages/index/3.php
# /pages/index/16.php
# /www/coapnew.php (to remove or to replace)
# /www/capnew.php (to remove or to replace)
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0000950 closedNEOatNHNG test.cacert.org capnew.php TCPDF error, logo missing 
child of 0000665 closedUli60 Main CAcert Website Intermediate level-3 certificate is MD5-signed 

Activities

2011-05-26 10:24

 

3.php (3,460 bytes)

2011-05-26 10:26

 

16.php (3,460 bytes)

Uli60

2011-05-26 10:27

updater   ~0002007

sha1: openssl x509 -noout -fingerprint -in CAcert-class3.pem
md5: openssl x509 -md5 -in CAcert-class3.pem -noout -fingerprint
of https://lists.cacert.org/wws/arc/cacert-board/2011-05/msg00096.html
attached subroot

2011-05-26 10:33

 

cap.html.php (13,750 bytes)

2011-05-26 10:40

 

capnew.php (78,913 bytes)

Uli60

2011-05-26 10:42

updater   ~0002008

Last edited: 2011-05-26 10:47

 also
/www/cap.html.php
/www/capnew.php
/www/coap.html.php
/www/coapnew.php

2011-05-26 10:44

 

coap.html.php (14,519 bytes)

2011-05-26 10:47

 

coapnew.php (78,766 bytes)

NEOatNHNG

2011-06-07 22:41

administrator   ~0002014

Added to git under branch bug-946 (commit ID 72701e2100de42f6c07d88e55edce3cb2db0e9e2)

New certificate also added.

Reviewed by me, another review needed. Testing not needed I think.

NEOatNHNG

2011-06-07 23:28

administrator   ~0002015

Update: Link to list of old certs added (same branch commit ID 9b225158408e0dd011cf4b0ff69c55e9b6064f59).

Now also testable on http://cacert1.it-sls.de

Uli60

2011-06-07 23:32

updater   ~0002016

https://secure1.it-sls.de/index.php?id=3 ok
https://secure1.it-sls.de/index.php?id=16 ok
https://secure1.it-sls.de/cap.html.php ok
https://secure1.it-sls.de/capnew.php ok
https://secure1.it-sls.de/coap.html.php ok
https://secure1.it-sls.de/coapnew.php ok

INOPIAE

2011-06-07 23:40

updater   ~0002017

https://secure1.it-sls.de/index.php?id=3 [^] ok
https://secure1.it-sls.de/index.php?id=16 [^] ok
https://secure1.it-sls.de/cap.html.php [^] ok
https://secure1.it-sls.de/capnew.php [^] ok
https://secure1.it-sls.de/coap.html.php [^] ok
https://secure1.it-sls.de/coapnew.php [^] ok

Uli60

2011-06-08 02:00

updater   ~0002022

has to undergo testing and 2nd review

Uli60

2011-06-08 02:05

updater   ~0002023

patches written, checked in, needs testing and 2nd review

Ted

2011-06-08 14:26

administrator   ~0002024

I did a code review of the changes in git branch bug-946 between commits 9b225158408e0dd011cf4b0ff69c55e9b6064f59 (bug-946) and a3d7949c04a06539a8a0982968f711b7832d8672 (release).

- no probems found in code
- class 3 SHA fingerprint is the same in all changes
- did noch check MD5 fingerprint, IMHO it is obsolete anyway
- the modified certificate files have the same fingerprint (checked with openssl)

Change is OK from my analysis.

NEOatNHNG

2011-06-08 15:22

administrator   ~0002025

Mail sent to critical admin team

Ted

2011-06-13 21:11

administrator   ~0002029

Mail from wytze:

The patch has been installed on the production system. I looked at the entry
on https://bugs.cacert.org/view.php?id=946 and wanted to add a note to say
the same thing, but somehow the status of this bug is such than I am not
allowed to do so? There is no "Add Note" shown in my view of the bug entry.
So it's up to you to close out the entry ...

wytze

2011-06-16 08:53

developer   ~0002045

Patch has been applied to production server on June 10, 2011.
See https://lists.cacert.org/wws/arc/cacert-systemlog/2011-06/msg00004.html

Uli60

2011-06-30 10:30

updater   ~0002077

project finished in June 14th, 2011
by Software-Assessment project team meeting
https://wiki.cacert.org/Software/Assessment/20110614-S-A-MiniTOP

see project documentation
https://wiki.cacert.org/Roots/Class3ResignProcedure/Migration
https://wiki.cacert.org/Roots/Class3ResignProcedure
and the rollout
2011-06-10 class3 subroot rollout day
http://blog.cacert.org/2011/06/518.html

Issue History

Date Modified Username Field Change
2011-05-25 10:27 Uli60 New Issue
2011-05-26 10:24 Uli60 File Added: 3.php
2011-05-26 10:26 Uli60 File Added: 16.php
2011-05-26 10:27 Uli60 Note Added: 0002007
2011-05-26 10:33 Uli60 File Added: cap.html.php
2011-05-26 10:40 Uli60 File Added: capnew.php
2011-05-26 10:42 Uli60 Note Added: 0002008
2011-05-26 10:44 Uli60 Note Edited: 0002008
2011-05-26 10:44 Uli60 File Added: coap.html.php
2011-05-26 10:47 Uli60 Note Edited: 0002008
2011-05-26 10:47 Uli60 File Added: coapnew.php
2011-06-07 22:41 NEOatNHNG Note Added: 0002014
2011-06-07 23:28 NEOatNHNG Note Added: 0002015
2011-06-07 23:32 Uli60 Note Added: 0002016
2011-06-07 23:40 INOPIAE Note Added: 0002017
2011-06-08 01:15 Uli60 Relationship added related to 0000950
2011-06-08 01:59 Uli60 Status new => needs work
2011-06-08 01:59 Uli60 Assigned To => Uli60
2011-06-08 02:00 Uli60 Note Added: 0002022
2011-06-08 02:00 Uli60 Status needs work => confirmed
2011-06-08 02:05 Uli60 Note Added: 0002023
2011-06-08 02:05 Uli60 Status confirmed => solved?
2011-06-08 14:26 Ted Note Added: 0002024
2011-06-08 15:22 NEOatNHNG Note Added: 0002025
2011-06-13 21:11 Ted Note Added: 0002029
2011-06-16 08:53 wytze Note Added: 0002045
2011-06-16 08:53 wytze Status solved? => closed
2011-06-16 08:53 wytze Resolution open => fixed
2011-06-19 16:46 NEOatNHNG Source_changeset_attached => cacert-devel release 403fb7c3
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 403fb7c3
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 9b225158
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 72701e21
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel release 503b4e3a
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master bd4f6cc0
2011-06-21 23:57 NEOatNHNG Source_changeset_attached => cacert-devel master 50f998a6
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 403fb7c3
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 9b225158
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 72701e21
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel release 503b4e3a
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master bd4f6cc0
2011-06-22 00:09 NEOatNHNG Source_changeset_attached => cacert-devel master 50f998a6
2011-06-30 10:12 Uli60 Relationship added child of 0000665
2011-06-30 10:30 Uli60 Note Added: 0002077
2013-01-15 17:20 Werner Dworak Fixed in Version => 2011 Q2