Hi OpenCA Developers,
OpenCA 1.5.1 now supports email verification, but in some situations one
might want to issue a certificate even if the email address was not
verified (e.g. when the server-admin is sitting in the office next door
and has not yet set up all his mailing lists, but requests a server
certificate in advance)... I have added a menu point in our ca interface
and patched the commands dealing with the requests.
I'm not sure if I have caught all the places where the status of the
requests is checked. I'd propose to add this in future releases.
Comments and suggestions for improvements welcome.
best regards,
Martin
diff -ru openca-base-1.5.1.orig/src/common/lib/cmds/listCSR openca-base-1.5.1/src/common/lib/cmds/listCSR
--- openca-base-1.5.1.orig/src/common/lib/cmds/listCSR 2013-12-17 17:32:53.856814681 +0100
+++ openca-base-1.5.1/src/common/lib/cmds/listCSR 2013-12-17 19:04:44.143478737 +0100
@@ -55,6 +55,14 @@
$item_list->{HEAD}->[$colNum++] = gettext ("Submitted On");
$item_list->{HEAD}->[$colNum++] = gettext ("Role");
$item_list->{HEAD}->[$colNum++] = gettext ("LOA");
+ } elsif( $dataType eq "TEMPNEW_REQUEST" ) {
+ $name = "New Certificate Signing Requests";
+ $item_list->{HEAD}->[$colNum++] = gettext ("Sel");;
+ $item_list->{HEAD}->[$colNum++] = gettext ("Serial");
+ $item_list->{HEAD}->[$colNum++] = gettext ("Submit Name");
+ $item_list->{HEAD}->[$colNum++] = gettext ("Submitted On");
+ $item_list->{HEAD}->[$colNum++] = gettext ("Role");
+ $item_list->{HEAD}->[$colNum++] = gettext ("LOA");
} elsif ( $dataType eq "RENEW_REQUEST" ) {
$name = "Renewed Certificate Signing Requests";
$item_list->{HEAD}->[$colNum++] = gettext ("Sel");;
diff -ru openca-base-1.5.1.orig/src/common/lib/cmds/viewCSR openca-base-1.5.1/src/common/lib/cmds/viewCSR
--- openca-base-1.5.1.orig/src/common/lib/cmds/viewCSR 2013-08-03 16:56:00.000000000 +0200
+++ openca-base-1.5.1/src/common/lib/cmds/viewCSR 2013-12-17 19:04:44.143478737 +0100
@@ -70,6 +70,8 @@
$reqStatus = gettext("Waiting for Approval");
} elsif ( $dataType eq "NEW_REQUEST" ) {
$reqStatus = gettext("New Request Waiting for Approval");
+ } elsif ( $dataType eq "TEMPNEW_REQUEST" ) {
+ $reqStatus = gettext("New Unverified Request Waiting for Approval");
} elsif ( $dataType eq "RENEW_REQUEST" ) {
$reqStatus = gettext("Renewal Request Waiting for Approval");
} elsif ( $dataType eq "DELETED_REQUEST" ) {
@@ -100,6 +102,9 @@
} elsif ($db->getItem ( DATATYPE => "NEW_REQUEST", KEY => $key )) {
$dataType = "NEW_REQUEST";
$reqStatus = gettext("New Request Waiting for Approval");
+ } elsif ($db->getItem ( DATATYPE => "TEMPNEW_REQUEST", KEY => $key )) {
+ $dataType = "TEMPNEW_REQUEST";
+ $reqStatus = gettext("New Unverified Request Waiting for Approval");
} elsif ($db->getItem ( DATATYPE => "PENDING_REQUEST", KEY => $key )) {
$dataType = "PENDING_REQUEST";
$reqStatus = gettext("Waiting for Approval");
@@ -419,7 +424,7 @@
my $use_cert_serial = getRequired ('SET_CERTIFICATE_SERIAL_IN_DN');
if ( ($use_cert_serial !~ /^(Y|YES|ON)$/i) and
($use_request_serial !~ /^(Y|YES|ON)$/i) and
- ($dataType =~ /^(NEW|PENDING|SIGNED|APPROVED)_REQUEST$/i) ) {
+ ($dataType =~ /^(TEMPNEW|NEW|PENDING|SIGNED|APPROVED)_REQUEST$/i) ) {
my @list = $db->searchItems( DATATYPE=>"VALID_CERTIFICATE",
DN=>$cert_subject);
if( $#list > -1 ) {
@@ -597,7 +602,7 @@
## edit CSR
if ( $allow->{EDIT} and
- ($dataType =~ /(NEW|PENDING|RENEW)/i)) {
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW)/i)) {
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Edit the request");
$cmd_list->{BODY}->[$cmd_pos]->[1] = '<input type="submit" value="'.
gettext("Edit Request").
@@ -608,7 +613,7 @@
## generate key for header csr
if ( $allow->{GENERATE_KEY} and
($parsed_req->{HEADER}->{TYPE} =~ /HEADER/i) and
- ($dataType =~ /NEW|PENDING/i)
+ ($dataType =~ /TEMPNEW|NEW|PENDING/i)
) {
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Generate private key");
$cmd_list->{BODY}->[$cmd_pos]->[1] = '<input type="button" value="'.
@@ -622,11 +627,11 @@
## verify PIN
if ( ( $allow->{APPROVE} and
($parsed_req->{HEADER}->{TYPE} !~ /HEADER/i) and
- ($dataType =~ /(NEW|PENDING|RENEW|SIGNED)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW|SIGNED)/i)
) or
( $allow->{APPROVE_WITHOUT_SIGNING} and
($parsed_req->{HEADER}->{TYPE} !~ /HEADER/i) and
- ($dataType =~ /(NEW|PENDING|RENEW)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW)/i)
) or
( $allow->{RENEW} and
($dataType =~ /(ARCHIVED|DELETED)/i)
@@ -644,7 +649,7 @@
## approve CSR
if ( $allow->{APPROVE} and
($parsed_req->{HEADER}->{TYPE} !~ /HEADER/i) and
- ($dataType =~ /(NEW|PENDING|RENEW|SIGNED)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW|SIGNED)/i)
) {
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Approve and sign the request");
$cmd_list->{BODY}->[$cmd_pos]->[1] = '<input type="button" value="'.
@@ -657,7 +662,7 @@
## approve CSR without signing
if ( $allow->{APPROVE_WITHOUT_SIGNING} and
($parsed_req->{HEADER}->{TYPE} !~ /HEADER/i) and
- ($dataType =~ /(NEW|PENDING|RENEW)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW)/i)
) {
$cmd_list->{BODY}->[$cmd_pos]->[0] = gettext("Approve Request without Signing");
$cmd_list->{BODY}->[$cmd_pos]->[1] = '<input type="button" value="'.
@@ -670,7 +675,7 @@
## issue certificate
if ( ( $allow->{ISSUE_CERT} and
- ($dataType =~ /(NEW|PENDING|RENEW|SIGNED|APPROVED)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW|SIGNED|APPROVED)/i)
) or
( $allow->{ISSUE_CERT_NEW} and
($dataType =~ /NEW/i)
@@ -697,7 +702,7 @@
## delete pending or approved CSR
if ( ( $allow->{DELETE} and
- ($dataType =~ /(NEW|PENDING|RENEW|SIGNED|APPROVED)/i)
+ ($dataType =~ /(TEMPNEW|NEW|PENDING|RENEW|SIGNED|APPROVED)/i)
) or
( $allow->{DELETE_NEW} and
($dataType =~ /NEW/i)
diff -ru openca-base-1.5.1.orig/src/web-interfaces/ca/ca-menu.xml openca-base-1.5.1/src/web-interfaces/ca/ca-menu.xml
--- openca-base-1.5.1.orig/src/web-interfaces/ca/ca-menu.xml 2013-10-17 00:15:23.000000000 +0200
+++ openca-base-1.5.1/src/web-interfaces/ca/ca-menu.xml 2013-12-17 19:00:11.176841664 +0100
@@ -35,6 +35,7 @@
<menu name="CA Operations" img="">
<submenu name="Certification Requests" img="">
<item name="New" img="" lnk="?cmd=listCSR;dataType=NEW_REQUEST" />
+ <item name="Unverified" img="" lnk="?cmd=listCSR;dataType=TEMPNEW_REQUEST" />
<item name="Pending" img="" lnk="?cmd=listCSR;dataType=PENDING_REQUEST" />
<item />
<item name="Signing Required" img="" lnk="?cmd=listCSR;dataType=SIGNED_REQUEST"/>
diff -ru openca-base-1.5.1.orig/src/web-interfaces/ca/ca-menu.xml.in openca-base-1.5.1/src/web-interfaces/ca/ca-menu.xml.in
--- openca-base-1.5.1.orig/src/web-interfaces/ca/ca-menu.xml.in 2012-04-05 02:17:55.000000000 +0200
+++ openca-base-1.5.1/src/web-interfaces/ca/ca-menu.xml.in 2013-12-17 19:00:44.686842241 +0100
@@ -35,6 +35,7 @@
<menu name="CA Operations" img="">
<submenu name="Certification Requests" img="">
<item name="New" img="" lnk="?cmd=listCSR;dataType=NEW_REQUEST" />
+ <item name="Unverified" img="" lnk="?cmd=listCSR;dataType=TEMPNEW_REQUEST" />
<item name="Pending" img="" lnk="?cmd=listCSR;dataType=PENDING_REQUEST" />
<item />
<item name="Signing Required" img="" lnk="?cmd=listCSR;dataType=SIGNED_REQUEST"/>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
