View Issue Details

IDProjectCategoryView StatusLast Update
0001394Main CAcert Websitemy accountpublic2015-08-25 20:14
ReporterINOPIAE Assigned ToBenBE  
PrioritynormalSeverityminorReproducibilityhave not tried
Status needs review & testingResolutionopen 
Product Version2015 Q3 
Target Version2015 Q3 
Summary0001394: Fix error message when entering an IDN domain
DescriptionWhen entering an IDN domain to the system the error message is:
"Due to the possibility for punycode domain exploits we currently do not allow any certificates to sign punycode domains or email addresses."
Better:
"Due to the possibility for punycode domain exploits we currently only offer the use of IDN domains if your account has the code signing flag.
More information can be found [in our wiki][https://wiki.cacert.org/FAQ/Privileges]."
Additional Informationincludes\account.php lines 119 and 544
TagsNo tags attached.
Reviewed byBenBE
Test InstructionsTry to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. For conversion to IDN yuo can use http://mct.verisign-grs.com/

Activities

INOPIAE

2015-07-28 21:47

updater   ~0005440

I pushed a fix to https://github.com/INOPIAE/CAcert/commit/f2889a127e9c5a68a22b8accba00b32b94ce3971

StefanT

2015-08-25 20:14

updater   ~0005456

I tested with Account karl.coyote@looney.info without code-signing flag.
I tried to verify domain "körnerfutter.com" after conversion to "xn--krnerfutter-rfb.com".
The Result was "Due to the possibility for punycode domain exploits we currently only offer the use of IDN domains if your account has the code signing flag. More information can be found in our wiki."
This Error was expected => OK

The 2nd Test was with Account paul.panter@pink.org with code-signing flag.
I tried this domain to verify: xn--maraa-rta.org
The 1st Step was accepted by addressing to email root@xn--maraa-rta.org
By using the Link in the email the domain was accepted.
This domain verification was accepted => OK

Issue History

Date Modified Username Field Change
2015-07-28 20:40 INOPIAE New Issue
2015-07-28 20:51 INOPIAE Additional Information Updated
2015-07-28 21:42 INOPIAE Description Updated
2015-07-28 21:47 INOPIAE Note Added: 0005440
2015-07-28 21:47 INOPIAE Assigned To => BenBE
2015-07-28 21:47 INOPIAE Status new => fix available
2015-07-29 20:58 BenBE Status fix available => needs review & testing
2015-07-29 20:59 BenBE Reviewed by => BenBE
2015-07-29 20:59 BenBE Test Instructions => Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on.
2015-07-31 05:33 INOPIAE Test Instructions Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. => Try to create a certificate with an IDN domain name in it while the Code Signing flag is off. Verify it working if it's on. For conversion to IDN yuo can use http://mct.verisign-grs.com/
2015-08-25 20:14 StefanT Note Added: 0005456