View Issue Details

IDProjectCategoryView StatusLast Update
0001308Main CAcert Websitesource codepublic2014-10-03 07:49
ReporterINOPIAE Assigned ToBenBE  
PriorityurgentSeverityminorReproducibilityhave not tried
Status fix availableResolutionopen 
Product Version2014 Q3 
Target Version2014 Q3 
Summary0001308: Mail regarding error message sent to wrong recipient
DescriptionWhen there is a problem while generating a certificate the user gets a message displayed and a mail is to one developer.
The recipient should be support@c.o and critical admins.
Additional Informationincludes\general.php line 648
TagsNo tags attached.
Reviewed by
Test Instructionssee



2014-09-25 11:54

updater   ~0005030

I pushed the fix to


2014-09-28 14:33

updater   ~0005034

New fix with change of sender address available at:


2014-09-30 20:11

updater   ~0005036

Why should it go to critical and support? Either certificate issues are a support case (what they are not without the user asking support from my point of view) or they are a critical team issue. But why should it be both?

What will be archieved by providing both teams with this kind of sensible data automatically?


2014-09-30 20:12

updater   ~0005037

To test: the signer on the test server needs to be stopped.

Test to create and renew each type of certificate


2014-09-30 20:30

updater   ~0005039

Comment to 5036

In the discussion between criticals, support and software it was decided to send the mail to both teams (critical and support) so both teams are informed about the problem.

The data transmitted contains only the type of certificate that failed and the serial number of the certificate. This information is valuable for both teams for early diagnosis and support case handling.


2014-09-30 20:38

updater   ~0005040

I triggered a mail, and the mail got sent out to

==> OK


2014-10-01 04:57

updater   ~0005041

I do not see why support needs this information. Support should only get active when triggered by a user who mentiones a problem. The user can give support all the required information, if needed, as the user gets the mail.

I also do not see, why critical team should get such a mail, as critical team should check the log regularly, anyway.

Especially if we send unencrypted mails I do not see how we would improve the security by this, which is the only reason to send personal identifiable information like serial numbers to other members.

Issue History

Date Modified Username Field Change
2014-09-25 11:37 INOPIAE New Issue
2014-09-25 11:37 INOPIAE Assigned To => INOPIAE
2014-09-25 11:54 INOPIAE Note Added: 0005030
2014-09-25 11:54 INOPIAE Assigned To INOPIAE => BenBE
2014-09-25 11:54 INOPIAE Status new => fix available
2014-09-28 14:33 INOPIAE Note Added: 0005034
2014-09-30 20:11 Eva Note Added: 0005036
2014-09-30 20:12 INOPIAE Note Added: 0005037
2014-09-30 20:13 INOPIAE Test Instructions => see
2014-09-30 20:15 BenBE Source_changeset_attached => cacert-devel testserver-stable b6510d1f
2014-09-30 20:15 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 8df3cb21
2014-09-30 20:15 INOPIAE Source_changeset_attached => cacert-devel testserver-stable bfcd949d
2014-09-30 20:30 INOPIAE Note Added: 0005039
2014-09-30 20:38 felixd Note Added: 0005040
2014-09-30 21:25 BenBE Source_changeset_attached => cacert-devel testserver-stable d1f414b2
2014-09-30 21:25 INOPIAE Source_changeset_attached => cacert-devel testserver-stable 107e96ed
2014-10-01 04:57 Eva Note Added: 0005041