Minutes of the MiniTOP on the 2012-09-25


The MiniTOP will be held via telco 22:00 CEST

Attendees: uli, benbe, timo, Marcus, Michael, dirk


(skip to agenda)

Action items from last meeting Meeting Action Items


Development, Deployment, Discussion

  • OAO, Ted

    bug #943 change OA admin/assurer text

    needs 2nd test -> Fabian, Marc, Alex? {g} / needs 2nd review -> Ted, rejected


    uli, Ted

    bug #824 Org User cert fix Case study

    Organisation User Certificates: Need UI improvement for proper production usage


    uli, ted

    bug #823 email address removal fix

    No warning when removing e-mail address from account that certificates will be revoked
    checked by 4, needs 2nd review, deploy



    bug #920 Join - single name only (eg Indonesian)

    details under bug number



    bug #859 admin console interface

    feature request: show activity on an account in the admin interface
    rejected, certs login doesn't modify "modified" field



    bug #540

    p20111113 CPS #7.1.2 "Certificate Extensions" adjustments - testing
    uli, marcus: needs full cert create tests
    duplicate report to bug#978
    tested by 3, 2nd review done, transfered
    Ken reported: still has problems, bug kept open


    gagern, NEO

    bug #440 Problem with subjectAltName (CSR, renew certs)

    There seems to be a problem with the subjectAltName. Dupes, missing entries, and more, rejected, needs further development



    bug #1025 Domain Dispute issue

    disputes rc and rc2 var prob
    needs work



    bug #1054 0001054: Review the code regarding the new point calculation

    Thawte patch part II
    needs further work


Software Assessors: Review 1 / add to cacert-devel, add to testserver

  • Software-Assessors task


  • Testers task


    bug #1004 Stats page improvement

    tested by 2, needs 2nd review



    Bugs #1159 it might be possible to execute commands on the signing server



    bug #1065 Wrong wording when sending mails during the assurance process



    bug #1162 calcutate (the passwords) hash in php instead of in mysql

    create test scenarios for the software testers /!\
    Full testing /!\



    bug #0028 Wrong language for you've been assured & [CAcert.org] Client Certificate emails



    bug #988 TTP cap form deployment


Software Assessors: 2nd Review, Bundle Package to Critical Team

  • Software-Assessors task


    bug #500 Get contact mail adress after resolving test

    tested by 3, requires review



    bug #1140 Show if a test is passed in learnprogress

    tested by 3, requires review



    bug #1131 Rename _all_ Policies from .php to .html and fix all links

    global policy directory maintenance and update



    bug #1010 Reorder the view on organisation certificates

    tested by 3


Software Assessors: Bundle Package to Critical Team

  • Software-Assessors task


    bug #1139 Add new fields to the database

    tests through #500 and #1140, 2nd review done, requires transfer


Awaiting Response from Critical Team

  • inopiae

    bug #411 Wrong text is made into link



1. Preface

2. DEV on bug 1023/1054 "Thawte Patch"

3. 2nd review of about again 4 remaining patches

4. Patches Overview - Testing

  1. bug #835 CATS test on testserver http://cats1.it-sls.de/

    • create client cert
    • go over to http://cats1.it-sls.de/ pass a cats test

    • inform Ted to trigger a transfer of the tests to the testserver
    • check if CATS test passed to testserver
    • test with different accounts
      1. members age GT 18
        1. member < 100 pts, pass the CATS test

        2. member >= 100 pts, pass the CATS test

      2. members age GT 14 and LT 18
        1. member < 100 pts, pass the CATS test

        2. member >= 100 pts, pass the CATS test

      3. members age LT 14
        1. member < 100 pts, pass the CATS test

        2. member >= 100 pts, pass the CATS test

    • finish and report the tests, no need to transfer to production
  2. Problem with subjectAltName: bugs: bug #440, bug #1054, test 1054.3.6, bug #1035

    • create several types of certs (client certs, server certs, org client certs, org server certs) and analyse the content of the certs -> subjectAltName and CN with single SAN and multiple SANs

    • renew the certs
  3. bug #922 missing "certificate about to expire" messages

    • you can use previous test to also check "certificate about to expire" messages
  4. bug #964 and bug #1017, relates also to bug #1054, test 1054.3.6 - Chrome certificate enrollement (relates to #964 "Black Jack")

    • create client certs, go to signing routine
    • new routine with 3 different potential signed public key download routines /account.php?id=6 list 3 options
      1. Install the certificate into your browser (tested)
      2. Download the certificate in PEM format
      3. Download the certificate in DER format
  5. bug #1054 (Thawte patch) tests passed ?

  6. Marcus Bugs list
  7. new bug #1095 "Problems with creating server sertificate where the csr is created with Java SDK Tools"

    • cmdline sample: keytool -genkey -alias test.test.net -keyalg RSA -keystore test.test.net.ks -validity 1095
    • NEO couldn't reproduce the problem using keytool, tested against production and testserver

5. New SA candidates and Coders

  1. ABC Benny - possible Itzehoe (2012-09-14), mrmcd (2012-09-08) or other events before 2012-08-10 - 2012-08-11 BarCamp kiel

  2. Heino, not yet prepared, needs first contact
  3. How to find coders? Experiences from the Gentoo project
  4. report from last board meeting - topic Arbitration

6. Long Term Projects

  1. NEO: "BlackJack" bug #964

  2. Marek's sql class project:
    • is working on charset replacement
  3. api project, Carsten continues with portal project not waiting for vendor-api to be delivered
    • vendor-api delayed
      • no coders
      • other projects
      • related to sql class project
    • portal project continues with a workaround, needs an assurer
      • arbitration case on locations database orders outsourcing of find-an-assurer asap
      • with portal function, update of data is possible vs. update of data on critical system is difficult (keep data current for assurers)
      • relation to location database
        1. website find an assurer
        2. scripted mailing for ATE invitations
      • user check that data is still valid eg every 1 year
        • notification at login upto 6 months not online
        • notification by email if not logged in within last 6 months
  4. Automated testing system

7. next meeting


  1. Preface
    1. BenBe reviewed repo changes from within last 2 weeks

      • found bug #1023 "Thawte Patch" changes
      • mysql query, bug 967 1e98bc7a
      • includes/account.php: lines 2295, 2296; related to line 2259 ?
      • new function to document (description, input parameters, output parameters)
    2. timo: signer monitoring?
    3. BenBE: 453ad50d line 77: is there a missing [=] ???
    4. scripted mailings source (with win-line-endings), can be removed after some time
    5. commit message: bug <number> text

  2. bug 1054 "Thawte Patch" testing
    • u60 stumbled over bug 440, 1017, 1035 bugs in testing
    • parse routines, get_alt, get_cn checks domains etc
  3. bug 440 review -> dirk

    • not started, not finished
  4. neo sent msi package for testing to u60, benbe
    • >openssl sha1 CAcert_Root_Certificates.msi
      SHA1(CAcert_Root_Certificates.msi)= f95043eb19828d3d1bce671dbc944c80cf41ba16
      >openssl dgst -sha256 CAcert_Root_Certificates.msi
      SHA256(CAcert_Root_Certificates.msi)= c59901773f79929e675e9ebc1ac4d723a02220fcc4465304bab4557305ba8cf4
  5. bug #922 missing "certificate about to expire" messages

    • notification expected: 1d, 15d, 30d, 45d
  6. new bug #1095 "Problems with creating server sertificate where the csr is created with Java SDK Tools"

    • cmdline sample: keytool -genkey -alias test.test.net -keyalg RSA -keystore test.test.net.ks -validity 1095
    • NEO couldn't reproduce the problem using keytool, tested against production and testserver
    • identified as weak key usage: csr used MD2 encryption, not or no longer supported by openssl
  7. NEO: "BlackJack" bug #964

    • how does bug #1017 relate to this bug?

    • NEO: "BlackJack" bug #964 testing from last week -> error codes

      • started implementing
    • cert signing routine
      • ie5 ie6 automatic storage of signed key in local keystore
      • doesn't work under vista, win7
      • msi package is to download and import the keys to the local keystore under vista, win7
      • relates to bug #1099 but is quite different

  8. next meeting
    • Tuesday, October 2nd, 2012 22:00 CEST

Fixed Action Items since last or within meeting

Action Items New

Action items: Meeting Action Items