Hi everybody,
As I was trying on implement my OpenCA based PKI solution, I wasn't able to achive a revocation request by a common user from the public interface.
By analyzing the Perl source code in submit_revreq, I conclude that $head and $text are always empty variables.
So I added these lines (taken from the addCRR script) to make things work in submit_revreq at line 30
Have a nice day,
Sebastien POGGI
#------
## Strip html and \n\r code from reason
$reason =~ s/<[^\>]*>/ /g;
$reason =~ s/(\n|\r)/ /g;
$reason =~ s/^\s+//g;
$reason =~ s/[\s]+/ /g;
## load the affected cert
my $cert = $db->getItem ( DATATYPE => "CERTIFICATE", KEY => $serial );
if (not $cert) {
##// it's not good to show the user the detailed problem
my $basedoc = getRequired ('db_error');
print $tools->getFile ( $basedoc );
return undef;
}
my $parsed = $cert->getParsed();
my $last_crr = libDBGetLastItem ("CRR");
my $crr_serial = 0;
$crr_serial = $last_crr->getSerial("CRR") if ($last_crr);
$crr_serial >>= getRequired ("ModuleShift");
if (not $serial) {
##// it's not good to show the user the detailed problem
## this is a security problem here !!!
print STDERR "SECURITY ALERT BY PKI: correct CRR cannot be stored because of DB-error (certificate: $serial)\n";
configError (gettext ("A database error occurs during counting the existing CRRs!"));
}
$crr_serial++;
$crr_serial = ($crr_serial << getRequired ("ModuleShift")) | getRequired ("ModuleID");
## Set text of request
$head = "$beginHeader\n";
$head .= "TYPE = CRR\n";
$head .= "SERIAL = $crr_serial\n";
$head .= "$endHeader\n";
$text .= "SUBMIT_DATE = " . $tools->getDate() . "\n";
$text .= "REVOKE_REASON = $reason\n";
$text .= "REVOKE_CERTIFICATE_DN = " . $parsed->{DN} . "\n";
$text .= "REVOKE_CERTIFICATE_NOTBEFORE = " . $parsed->{NOTBEFORE} . "\n";
$text .= "REVOKE_CERTIFICATE_NOTAFTER = " . $parsed->{NOTAFTER} . "\n";
$text .= "REVOKE_CERTIFICATE_SERIAL = " . $cert->getSerial(). "\n";
$text .= "REVOKE_CERTIFICATE_ISSUER_DN = " . $parsed->{ISSUER} . "\n";
$text .= "REVOKE_CERTIFICATE_KEY_DIGEST = " . $parsed->{KEY_DIGEST} . "\n";
$text .= "CRIN = " . $query->param('crin') . "\n";
## To ensure compatibility with the existing script
$body = $text;
#------
- Re: [OpenCA-Devel] Unable to achive CRR by user from pub... sebastien . poggi
- Re: [OpenCA-Devel] Unable to achive CRR by user fro... Michael Bell
- Re: [OpenCA-Devel] Unable to achive CRR by user... sebastien . poggi
- Re: [OpenCA-Devel] Unable to achive CRR by ... sebastien . poggi
- Re: [OpenCA-Devel] Unable to achive CRR by ... Michael Bell
- Re: [OpenCA-Devel] Unable to achive CRR... sebastien . poggi
- Re: [OpenCA-Devel] Unable to achiv... Michael Bell
