Re: [OpenCA-Devel] [Fwd: XSRF Security Patch Error ?]

Tue, 01 Apr 2008 22:08:46 -0700 

Hi Ralf, all,

I already patched the current version in the CVS. I am testing it and adding
some new features. I want the release to be out very soon, but I am always
fixing some details and adding some new items/support.. It is my intention
to release the 1.0.0 version by the end of the week.. or the next, if I'll
add the CRMF support.

We can discuss the changes you made. Can you be more specific about the them ?

Later,
Max


Ralf Hornik Mailings wrote:

Thank you,


Sounds unproblematic to me. In principle, anything without side-effects
(i.e. anything that does not change something on the server side) could
be added to @not_vulnerable_commands.


Would that be a good idea to include this into the openca source or do
users need to create their own modifications? Btw I wrote a patch for
openca that does some changes to the openca interface which I would like
to discuss with openca developers:

- change download link in emails to point to the cert prefs
- change the "get requested certificate" link also to the cert prefs
  (current by searching via cert serial only)
- add extension for ocsp certificates
- strip public menu to remove the possibility to browse all certs
 (my customers wouldn't like this) ;-)

Tha patch is availlable here:

http://www.ralf-hornik.de/scripts/0.9.3-rc1.patch

However, the modification in AC.pm to add viewCert in
@not_vulnerable_commands is not yet included, because I don't know wether
it will be done in future. You should currently add it by hand.



--

Best Regards,

        Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            [EMAIL PROTECTED]
                                                 [EMAIL PROTECTED]

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to