[OpenCA-Devel] OpenCA startAutoCA check role of signer bug

Mon, 23 Sep 2013 05:49:36 -0700 

Hi all!
I found the following bug in the OpenCA's startAutoCA modul.
When I use a default settings then an "Operator's role(s)"'s value is "RA Operator" and it check wrongly by the auto signature. In this case the CA machine accept every sign request (not only the RA Operator requests) and sign it automatically. 
I think the correct checking is the following or see the attached file:

   --- /opt/openca/lib/openca/cmds/startAutoCA.orig 2013-09-03
   09:11:38.000000000 +0200
   +++ /opt/openca/lib/openca/cmds/startAutoCA    2013-09-23
   12:37:55.921974650 +0200
   @@ -259,8 +259,8 @@
                 }

                 ## check role of signer
   -            if ((not ValueIsInArray("Any",$params->{*ra*})) and
   -                    (not
   ValueIsInArray($operator_cert->getParsed()->{HEADER}->{ROLE},
   $params->{*ra*})))
   +            if ((not ValueIsInArray("Any",$params->{*operator*})) and
   +                    (not
   ValueIsInArray($operator_cert->getParsed()->{HEADER}->{ROLE},
   $params->{*operator*})))
                 {
                     if ($DEBUG)
                     {


Thanks in advance,
Gabor Szigeti


--- /opt/openca/lib/openca/cmds/startAutoCA.orig	2013-09-03 09:11:38.000000000 +0200
+++ /opt/openca/lib/openca/cmds/startAutoCA	2013-09-23 12:37:55.921974650 +0200
@@ -259,8 +259,8 @@
 			}
 
 			## check role of signer
-			if ((not ValueIsInArray("Any",$params->{ra})) and 
-					(not ValueIsInArray($operator_cert->getParsed()->{HEADER}->{ROLE}, $params->{ra})))
+			if ((not ValueIsInArray("Any",$params->{operator})) and 
+					(not ValueIsInArray($operator_cert->getParsed()->{HEADER}->{ROLE}, $params->{operator})))
 			{
 				if ($DEBUG)
 				{


------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to