View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001148 | Main CAcert Website | certificate issuing | public | 2013-02-22 23:51 | 2015-07-31 05:32 |
Reporter | wilm@cacert.org | Assigned To | BenBE | ||
Priority | high | Severity | block | Reproducibility | always |
Status | needs work | Resolution | open | ||
Platform | Notebook / PC | OS | Windows | OS Version | 7 Prof. |
Product Version | 2013 Q1 | ||||
Summary | 0001148: Length of organization name limited by openssl / RFC not checked | ||||
Description | OrgAss copies company name from company register ("Handelsregister"). This will be used for csr / cert creation. Client certificate requests are generated server-side anyway. Server certificates require a client-side created csr anyway. But everything but the CN is stripped from that user csr and every field is replaced by the account data. Web app does not check the length of the fields, at least not of the organization name. CSR with organization name length > (openssl limit) / (RFC limit) will be processed until the signer fails. User receives a message: CSR has been queued, watch the list, and in the list the csr remains Pending "forever". There is a legal conflict behind that cannot be solved programmatically, of course. But the length should be checked <Edit>at org account creation or editing time</Edit> and the user <Edit>= the org assurer</Edit> should be informed of the type of error. | ||||
Steps To Reproduce | Try to generate an openssl csr with an organization name "XXX.XXX XXXXXXXXXXXXXXXXXXXXX XXX XXXXXXXXXXX, XXXXXXX, XXXXXXXXXX XXX XXXXXXXXXXXX mbH". Set up a test org account with such an organisation name and try to create an org cert (client or server) for it. | ||||
Additional Information | CACert Support ticket s20130220.41 | ||||
Tags | company register, legal name, limit, organisation assurance, organization name | ||||
Attached Files | |||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2013-02-22 23:51 | wilm@cacert.org | New Issue | |
2013-02-22 23:51 | wilm@cacert.org | File Added: certs_queued_forever.7z | |
2013-02-23 21:31 | wilm@cacert.org | Tag Attached: company register | |
2013-02-23 21:31 | wilm@cacert.org | Tag Attached: legal name | |
2013-02-23 21:31 | wilm@cacert.org | Tag Attached: limit | |
2013-02-23 21:31 | wilm@cacert.org | Tag Attached: organisation assurance | |
2013-02-23 21:31 | wilm@cacert.org | Tag Attached: organization name | |
2013-02-23 21:32 | wilm@cacert.org | Description Updated | |
2013-02-25 07:24 | wilm@cacert.org | Description Updated | |
2014-01-08 09:50 | Werner Dworak | Assigned To | => Werner Dworak |
2014-01-08 09:50 | Werner Dworak | Status | new => needs work |
2014-01-08 09:56 | Werner Dworak | Assigned To | Werner Dworak => BenBE |
2015-07-31 05:32 | INOPIAE | Relationship added | related to 0000657 |