Hi,
in our environment Internet Explorer users repeatedly
used to get a really strange error message: "Error copying File or
Folder" - "Cannot copy file: Cannot read from the source file or
disk". This does not happen for Mozilla or other browsers for the
same certificate, so we figured it must be an IE bug.
J�rg Schneider found it yesterday by tracing the communication between
browser and web server:
The 'sendcert' command uses the certificate common name (CN) to construct
a filename that is proposed to the client when choosing DER download.
If the cert CN contains a colon (':') then the filename leading portion of
the filename seems to be misinterpreted by IE as a drive letter.
(I almost can smell another lurking security problem in IE...)
Really took us a while to find out what was going on.
I fixed it by only allowing alphanumeric characters and the '.'
character in the proposed filename. All other characters are replaced
by an underscore.
Fix committed in CVS head and 0.9.2 branch.
cheers
Martin
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
