View Issue Details

IDProjectCategoryView StatusLast Update
0001148Main CAcert Websitecertificate issuingpublic2015-07-31 05:32
Reporterwilm@cacert.org Assigned ToBenBE  
PriorityhighSeverityblockReproducibilityalways
Status needs workResolutionopen 
PlatformNotebook / PCOSWindowsOS Version7 Prof.
Product Version2013 Q1 
Summary0001148: Length of organization name limited by openssl / RFC not checked
DescriptionOrgAss copies company name from company register ("Handelsregister"). This will be used for csr / cert creation. Client certificate requests are generated server-side anyway. Server certificates require a client-side created csr anyway. But everything but the CN is stripped from that user csr and every field is replaced by the account data.

Web app does not check the length of the fields, at least not of the organization name. CSR with organization name length > (openssl limit) / (RFC limit) will be processed until the signer fails. User receives a message: CSR has been queued, watch the list, and in the list the csr remains Pending "forever".

There is a legal conflict behind that cannot be solved programmatically, of course. But the length should be checked <Edit>at org account creation or editing time</Edit> and the user <Edit>= the org assurer</Edit> should be informed of the type of error.
Steps To ReproduceTry to generate an openssl csr with an organization name "XXX.XXX XXXXXXXXXXXXXXXXXXXXX XXX XXXXXXXXXXX, XXXXXXX, XXXXXXXXXX XXX XXXXXXXXXXXX mbH". Set up a test org account with such an organisation name and try to create an org cert (client or server) for it.
Additional InformationCACert Support ticket s20130220.41
Tagscompany register, legal name, limit, organisation assurance, organization name
Attached Files
certs_queued_forever.7z (153,500 bytes)
Reviewed by
Test Instructions

Relationships

related to 0000657 needs workBenBE server cert issued with country field takes first two letters of country 

Activities

Issue History

Date Modified Username Field Change
2013-02-22 23:51 wilm@cacert.org New Issue
2013-02-22 23:51 wilm@cacert.org File Added: certs_queued_forever.7z
2013-02-23 21:31 wilm@cacert.org Tag Attached: company register
2013-02-23 21:31 wilm@cacert.org Tag Attached: legal name
2013-02-23 21:31 wilm@cacert.org Tag Attached: limit
2013-02-23 21:31 wilm@cacert.org Tag Attached: organisation assurance
2013-02-23 21:31 wilm@cacert.org Tag Attached: organization name
2013-02-23 21:32 wilm@cacert.org Description Updated
2013-02-25 07:24 wilm@cacert.org Description Updated
2014-01-08 09:50 Werner Dworak Assigned To => Werner Dworak
2014-01-08 09:50 Werner Dworak Status new => needs work
2014-01-08 09:56 Werner Dworak Assigned To Werner Dworak => BenBE
2015-07-31 05:32 INOPIAE Relationship added related to 0000657