]>
WPIA git - gigi.git/log
Felix Dörre [Mon, 27 Feb 2017 20:03:12 +0000 (21:03 +0100)]
fix: CAA records on non-existing domains
Change-Id: Iad8984a5249595272203dbdf85590359683f1267
Felix Dörre [Mon, 27 Feb 2017 19:56:33 +0000 (20:56 +0100)]
upd: make system-keywords configurable
Change-Id: I95ac359fac48fbe8685606d5a1bd2895bdb0a4fc
Benny Baumann [Mon, 27 Feb 2017 19:31:01 +0000 (20:31 +0100)]
Merge "upd: terminology in API"
Lucas Werkmeister [Sat, 25 Feb 2017 12:31:24 +0000 (13:31 +0100)]
upd: terminology in database
The userGroup enum is updated to remove all assurance terms, and also
remove the (unused) arbitrator role entirely.
Since PostgreSQL offers no way to rename or drop enum values, we create
a new enum, migrate the table to it and then drop the old enum.
Change-Id: I200c2b0463ded9d75b2e963d5a02bfc25326b357
Lucas Werkmeister [Mon, 27 Feb 2017 16:59:11 +0000 (17:59 +0100)]
upd: terminology in API
Change-Id: I6890eaf6fbbe3317a198ca5334afa92d8afa47e6
Lucas Werkmeister [Mon, 27 Feb 2017 19:16:07 +0000 (20:16 +0100)]
Merge "fix: Somewhat sensibly split the wishlist document"
Benny Baumann [Wed, 22 Feb 2017 20:44:38 +0000 (21:44 +0100)]
fix: Somewhat sensibly split the wishlist document
This is initial work for cleaning up this document to become the spec Gigi is based on
Change-Id: Ie73b567ad9df0de3bf89eeaebec5b229feb2cd4b
INOPIAE [Tue, 21 Feb 2017 21:27:28 +0000 (22:27 +0100)]
upd: added links to imprint and data privacy in footer line
fixes issue #120
Change-Id: I3d35c68ec3e4c714a492d3ad77382b5bf1919c3f
Lucas Werkmeister [Sat, 25 Feb 2017 12:38:03 +0000 (13:38 +0100)]
upd: stray old terminology
Looks like I missed this in
08c94162 .
Change-Id: I8a4f73dd71c17dcf3e64d9f706487d6ad2986849
INOPIAE [Tue, 21 Feb 2017 19:45:18 +0000 (20:45 +0100)]
upd: replace SomeCA by variable
fixes issue #105
Change-Id: I979c5cb7f5b998694fa13b56420e4504bfd4020f
Felix Dörre [Fri, 24 Feb 2017 20:22:59 +0000 (21:22 +0100)]
upd: make Menu names more flexible
Change-Id: Iaf7301a0d4547891a61e9f02d8cf34fb1a4bdbd1
INOPIAE [Tue, 21 Feb 2017 17:07:33 +0000 (18:07 +0100)]
upd: reword of rules.template and "Web of Trust"
Change-Id: I4c49316f99946e95915cc4ba27df16bdfea0b52d
INOPIAE [Tue, 21 Feb 2017 16:15:57 +0000 (17:15 +0100)]
upd: replace MainPageNotLogin text to meet new criteria
Change-Id: Icda90ca33f3896adbe4bbd9bd2830f45042aa222
Lucas Werkmeister [Wed, 22 Feb 2017 20:37:38 +0000 (21:37 +0100)]
upd: terminology in code
Renames Java types and members and form fields. Anything facing the
database is not touched by this change.
Also fixes a handful of typos.
Change-Id: Id19c3af4627b56ee90a85fe887bd5bcdb6c9f385
Benny Baumann [Tue, 21 Feb 2017 23:15:52 +0000 (00:15 +0100)]
fix: XSS via Test Server Management interface
Change-Id: Ie69eecb2f3a9a56c71ff979348cd1ae6e26c5c36
Benny Baumann [Tue, 21 Feb 2017 22:46:13 +0000 (23:46 +0100)]
fix: Typo in field to exempt domains from pinging
Change-Id: Ia7c77aa1750324170dac71c17a888016ecfdceb9
Benny Baumann [Tue, 21 Feb 2017 22:45:22 +0000 (23:45 +0100)]
chg: Reuse code in template merging/append
Change-Id: Ibcddd77c8915a9797431adf8ecd2bf94202c46b0
Felix Dörre [Tue, 21 Feb 2017 00:10:10 +0000 (01:10 +0100)]
fix: typo in challenge
Change-Id: I758d9d610b05a111381121e0bf46bd14febf5e4e
Felix Dörre [Tue, 21 Feb 2017 00:07:38 +0000 (01:07 +0100)]
upd: cleanup more references
Change-Id: I132ad32bfe54e6714128ffea9cf2619a09c85885
Felix Dörre [Mon, 20 Feb 2017 23:58:32 +0000 (00:58 +0100)]
upd: remove old policies
Change-Id: I68df9fa720bf654d04308a76fb9652405ecc7ace
Felix Dörre [Sun, 19 Feb 2017 13:22:28 +0000 (14:22 +0100)]
upd: keep host names scalable and configurable
Change-Id: Ib942444b0fb525d94011dcf20ac656665f23a2bd
Felix Dörre [Sat, 18 Feb 2017 00:39:57 +0000 (01:39 +0100)]
upd: document variables in SprintfCommand more clearly
Change-Id: I4227c3f38cf811c5efddf0e5ff31775df16fe861
Felix Dörre [Fri, 17 Feb 2017 20:14:44 +0000 (21:14 +0100)]
upd: use a link-redirector for all external links.
Change-Id: I4403040fb94e7b6779c14c64bc9398c8f81546b6
Felix Dörre [Wed, 15 Feb 2017 20:49:02 +0000 (21:49 +0100)]
upd: rename package name and all references to it
Change-Id: Ie1e938a864ad93732201643f42a83148dd2f137d
Felix Dörre [Wed, 8 Feb 2017 19:50:28 +0000 (20:50 +0100)]
fix: ResultSet.getDate is often wrong as it fetches day-precision times
Change-Id: Id9394b12663e78de96a3610590587d3f15096e15
INOPIAE [Wed, 8 Feb 2017 08:27:58 +0000 (09:27 +0100)]
Add a hint what the "Request reping" is used for on the email page
fixes issue #56
Change-Id: I518082eb4c95beed01b846690264d174757790dd
INOPIAE [Wed, 8 Feb 2017 15:18:54 +0000 (16:18 +0100)]
Highlight expired nucleus bonus verifications in points overview
fixes issue #123
Change-Id: I796e0e2f81897c35307fcdc64255127f058696a2
Benny Baumann [Wed, 8 Feb 2017 09:20:17 +0000 (10:20 +0100)]
Merge "Temporarily disable SystemCallFilter"
Felix Dörre [Wed, 8 Feb 2017 08:02:48 +0000 (09:02 +0100)]
fix: empty-variable "version" in development runs.
Change-Id: Ia0cdebab2e2b8f7733c59280086db8a72ab73941
Lucas Werkmeister [Tue, 7 Feb 2017 23:36:51 +0000 (00:36 +0100)]
Temporarily disable SystemCallFilter
systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.
Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b
Felix Dörre [Tue, 7 Feb 2017 09:17:38 +0000 (10:17 +0100)]
upd: enhance "CSRF-missing" test case exception for better debuging
Change-Id: I3dce9fb7da31987044b23dcf8310af44f64855fb
Felix Dörre [Mon, 6 Feb 2017 22:46:29 +0000 (23:46 +0100)]
upd: move external keywords to own class
Change-Id: Iad887cf134103ed6d26aa32d1358c23de0eeebae
Felix Dörre [Mon, 6 Feb 2017 22:45:13 +0000 (23:45 +0100)]
fix: display verify information only when verification token is known.
Change-Id: I12ea06f13fddc3ad931751e9751f7d87fefd6c60
Felix Dörre [Thu, 19 Jan 2017 11:30:34 +0000 (12:30 +0100)]
fix: make the pinger daemon keep cool when missing database connection
Change-Id: Ic207edc3ab008ac765787146e9752bcd0f867f9b
Lucas Werkmeister [Fri, 27 Jan 2017 11:35:10 +0000 (12:35 +0100)]
fix: add ioctl to SystemCallFilter
Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).
Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4
Lucas Werkmeister [Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)]
upd: add more sandboxing directives to gigi-proxy.service
Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.
Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
Felix Dörre [Tue, 10 Jan 2017 21:44:36 +0000 (22:44 +0100)]
add: fix own host name on certificate issue page
Change-Id: I7fa0e2df8afbe78017067ef8e80c9ecf3a07ca68
Felix Dörre [Tue, 3 Jan 2017 10:35:19 +0000 (11:35 +0100)]
add: detect a quiz-admin directly in gigi
Change-Id: I21854cbafae2a676db624b46975624f31a49d549
Felix Dörre [Fri, 30 Dec 2016 12:01:43 +0000 (13:01 +0100)]
fix: restrict access to CATS-API even more
Change-Id: Idb32bf7e12e0f2704541108afb9a5fcc3e0762a7
Felix Dörre [Fri, 23 Dec 2016 10:45:21 +0000 (11:45 +0100)]
fix: greatly improve performance of often-executed ping-fetch-query
Change-Id: Ic574b193f65f1fd362bf7451fe343e0caa788910
Felix Dörre [Fri, 30 Dec 2016 10:13:37 +0000 (11:13 +0100)]
add: yet another nucleus test
Change-Id: I83cb4a944f8d9e26447535b0672f87a4344458e5
Felix Dörre [Fri, 30 Dec 2016 09:44:06 +0000 (10:44 +0100)]
fix: counting of nucleus verifications
Change-Id: I4a76e579049d822d3280ffc4570f5f2248cac9a4
Felix Dörre [Thu, 29 Dec 2016 16:50:51 +0000 (17:50 +0100)]
fix: send password reset emails to the correct user
Change-Id: I6e88d9fd742255a30a9572f446a3d2b35fb0fcf0
Felix Dörre [Fri, 23 Dec 2016 10:46:53 +0000 (11:46 +0100)]
add: Implement use of Cisco Umbrella 1 Million domain list
as source for high-financial-value-domains
Information about the list is available here:
http://s3-us-west-1.amazonaws.com/umbrella-static/index.html
Blogpost about it:
https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/
Change-Id: I5d8183f5dd09e3b033301cec59b3fa1e820f236c
Felix Dörre [Thu, 15 Dec 2016 09:20:39 +0000 (10:20 +0100)]
fix: Exception when using TestManager functionality
a constant date gets older than two years at some point in time
Change-Id: I804b06258d27f535a7e9af2dd75223f099170fd0
Felix Dörre [Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)]
fix: generate correct urls to static resources
Change-Id: Ibd337a102b6362fa601fc38aed68031677d3ad5d
Felix Dörre [Sun, 27 Nov 2016 15:10:34 +0000 (16:10 +0100)]
upd: enforce serverAuth EKU for SSL-pings
Change-Id: Ia98447b476eb1e6b60c7471208c7cf965e482aea
Felix Dörre [Sun, 27 Nov 2016 15:14:38 +0000 (16:14 +0100)]
upd: in SSLPinger move serverAuth EKU OID to a constant
Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05
Felix Dörre [Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)]
fix: allow SSLPinger to process certs without EKU
Change-Id: Ic4c8de9e4cf5ce617dcd5613296c473678596392
Felix Dörre [Tue, 22 Nov 2016 08:30:21 +0000 (09:30 +0100)]
fix: send unsigned mail correctly
Change-Id: I12c008ceab2e0bb7b97eb329141ef2ec82dc71f4
Felix Dörre [Mon, 31 Oct 2016 09:52:52 +0000 (10:52 +0100)]
upd: use try-with-resources to protect JDBC-Statement
Change-Id: I5084448dc134d47da6aaa0dd6ed53b4aacb1c994
Felix Dörre [Tue, 25 Oct 2016 10:26:12 +0000 (12:26 +0200)]
fix: correct SQL query for issuing repings.
Change-Id: Ibabc4851514b1ebe353c6feb1e369353728f6bae
Felix Dörre [Thu, 10 Nov 2016 11:36:36 +0000 (12:36 +0100)]
upd: use "PartOf" relation in gigi-proxy.service
This enables puppet to simply manage gigi-proxy.socket
by ensuring that a restart of gigi-proxy.socket will
also restart gigi-proxy.service.
Change-Id: I96a51f38cfb4c0f5d6b5efd7a8425d90a17534b6
Felix Dörre [Thu, 10 Nov 2016 17:59:15 +0000 (18:59 +0100)]
fix: fixed date in testcases
Change-Id: I29fbf97a27309a54ed4d36463799b92ccf8a6edd
Lucas Werkmeister [Sun, 16 Oct 2016 16:22:30 +0000 (18:22 +0200)]
Merge "fix: resource leak in template fast-debug code"
Benny Baumann [Sun, 16 Oct 2016 16:22:28 +0000 (18:22 +0200)]
Merge "add: email-management-api"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"
Felix Dörre [Fri, 7 Oct 2016 22:19:04 +0000 (00:19 +0200)]
fix: resource leak in template fast-debug code
Change-Id: I570f997bb3e61d916ccc2dfd0ad23c8225ee9020
Felix Dörre [Mon, 3 Oct 2016 12:03:38 +0000 (14:03 +0200)]
add: email-management-api
Change-Id: I4f7ca7b68e9222520738fb329ba390b07fd74b10
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API
Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default
See #119.
Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links
Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff
Felix Dörre [Thu, 29 Sep 2016 21:05:51 +0000 (23:05 +0200)]
upd: change mail footer so it is recognized by at least thunderbird.
note: significant whitespace at the end of line 5. This whitespace is
required for thunderbird to recognize the footer.
Change-Id: I3eff5903146a5b11ef522f0cb4dba1696dca2c9e
Felix Dörre [Tue, 4 Oct 2016 08:07:55 +0000 (10:07 +0200)]
Merge "fix: #112 use term “country”, not “state”"
Lucas Werkmeister [Tue, 27 Sep 2016 10:09:28 +0000 (12:09 +0200)]
fix: #112 use term “country”, not “state”
Continuation of
a1618d1 .
CertificateOwner.getById() has to be updated because users.country and
organisations.country now clash.
The User constructor is updated for consistency with the Organisation
constructor.
Change-Id: I0aeaf47fa8627ba5c4a5b35f15804e283e4a55b3
Lucas Werkmeister [Mon, 3 Oct 2016 12:35:15 +0000 (14:35 +0200)]
upd: add Also= directive to gigi-proxy.service
When the service is installed/deinstalled, install/deinstall the
accompanying socket as well. (But not the other way around: you can
install the socket alone, so that the service will only be started
on-demand.)
See systemd.unit(5).
Change-Id: I3fd4af0617e1191c96af82ae1c6491feb9dfc654
Felix Dörre [Fri, 23 Sep 2016 16:57:16 +0000 (18:57 +0200)]
upd: make output of Find-Agent-info JSON-formatted
Change-Id: I773aaff596314e83b63e8555ff8e85fce1c2cf55
Felix Dörre [Tue, 27 Sep 2016 23:21:32 +0000 (01:21 +0200)]
Merge branch 'libs/json/local'
Change-Id: Ie68cd2871a8abba4386d089f25da628ba69335cc
Felix Dörre [Tue, 27 Sep 2016 23:15:10 +0000 (01:15 +0200)]
upd: remove json-pointer feature
Change-Id: I7c19cbfbf4de25ca7545ae93f574d597b7d723dd
Felix Dörre [Tue, 27 Sep 2016 14:12:24 +0000 (16:12 +0200)]
add: import org.json
Change-Id: Ia39786f4396e70551aac44ce99ebc664366b4b0a
Felix Dörre [Tue, 27 Sep 2016 14:08:26 +0000 (16:08 +0200)]
add: import script for json.org
Change-Id: I2d67e7ce167e2ddc5a4a5d439835a0bc33861a30
Benny Baumann [Tue, 27 Sep 2016 18:21:21 +0000 (20:21 +0200)]
Merge "Fix error message"
Lucas Werkmeister [Tue, 27 Sep 2016 14:27:53 +0000 (16:27 +0200)]
Fix error message
Change-Id: Ice3d62d7f75165df86c6dce60dbc6d3e9c769918
Felix Dörre [Thu, 22 Sep 2016 21:49:48 +0000 (23:49 +0200)]
upd: make verification processes more consistent on failure
Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d
Felix Dörre [Thu, 22 Sep 2016 21:47:58 +0000 (23:47 +0200)]
fix: content of mail footer
Change-Id: I866901be3862c3646ff7911ee698c1ad23f934a6
Felix Dörre [Wed, 21 Sep 2016 11:22:21 +0000 (13:22 +0200)]
fix: S/MIME signature
See https://tools.ietf.org/html/rfc5751#section-3.1.1 for reference.
Change-Id: I9fcd558182395ec83cadb42c0d2bc5c785d49864
Benny Baumann [Tue, 20 Sep 2016 19:23:41 +0000 (21:23 +0200)]
Merge "add: support configuring SetUID behavior"
Lucas Werkmeister [Wed, 7 Sep 2016 13:03:47 +0000 (15:03 +0200)]
add: support configuring SetUID behavior
- It is now possible to skip the setuid step altogether by setting both
UID and GID to the special value -1.
- The Java code now verifies that the values are in range for an
unsigned 16-bit ID.
- The C code now verifies that the cast from jint to uid_t/gid_t does
not overflow.
- The C code now skips setuid() or setgid() if the real and effective ID
are already the desired ID.
The 16-bit limit is somewhat arbitrary. Some old UNIX systems, such as
PWB/UNIX, supported only 8-bit IDs (see for example
/usr/man/man2/getuid.2 in Henry Spencer’s tarball); Wikipedia claims
that some other UNIX systems used 15-bit values, but does not specify
which systems; Linux originally supported 16-bit IDs but then added
support for 32-bit IDs with new syscalls in Linux 2.4. On Debian
systems, the nobody user (default setuid target) is 65534, so we need to
allow at least 16-bit IDs, otherwise the default value is invalid.
Change-Id: I66600572016b18d5ff550560048cdf691dec85e8
Felix Dörre [Sat, 17 Sep 2016 20:49:13 +0000 (22:49 +0200)]
add: javadoc to "Certificate"'s constructor
Change-Id: I7f35343fde31b7eb3edf41a133d3600dd56338d9
Felix Dörre [Fri, 16 Sep 2016 12:58:05 +0000 (14:58 +0200)]
upd: factor out default client certificate profile
Change-Id: Ief1459b17cd820d0d635e89230904d2c46cd69b2
Felix Dörre [Fri, 16 Sep 2016 11:05:18 +0000 (13:05 +0200)]
add: constant for "secure." server name
Change-Id: I7cfac77e65cf965d9d7f04622e6c6322880b506e
Felix Dörre [Thu, 15 Sep 2016 18:34:49 +0000 (20:34 +0200)]
add: test redirect after login
Change-Id: I3caf0a1641a1673e13d68a5c8b9ec4885729811b
Felix Dörre [Thu, 15 Sep 2016 18:34:36 +0000 (20:34 +0200)]
fix: redirect-back after login
Change-Id: Ib416aed3f5c64909593172dcaa378fbcbd59c183
Felix Dörre [Thu, 15 Sep 2016 09:36:16 +0000 (11:36 +0200)]
add: testcase for successful certificate login
Change-Id: Ie6efe2d2a5ab6e14ca3eee95db9c5e99e498b2ce
Felix Dörre [Thu, 15 Sep 2016 07:50:53 +0000 (09:50 +0200)]
fix: deadlock possibility in "DatabaseConnection"
Change-Id: I987cd3d9a0940f1fe3cf9289ec7512b785eca5df
Felix Dörre [Thu, 15 Sep 2016 07:50:37 +0000 (09:50 +0200)]
fix: certlogin. There was a "toLower" needed instead of an "toUpper"
Change-Id: Ie233b6e920ec486a7e59d100681e86856bc7485c
INOPIAE [Thu, 15 Sep 2016 05:53:19 +0000 (07:53 +0200)]
fix: broken hyperlink formatting
Change-Id: I8209324d6fc9dbb8d5e1f0098155a3b3f3e60591
Felix Dörre [Wed, 14 Sep 2016 19:45:01 +0000 (21:45 +0200)]
Merge "upd: native Makefile improvements"
Felix Dörre [Wed, 14 Sep 2016 19:44:56 +0000 (21:44 +0200)]
Merge "upd: modified text displayed during certificate creation process"
Felix Dörre [Sat, 10 Sep 2016 14:18:48 +0000 (16:18 +0200)]
add: js-managed default values for certificate-issue-form
Change-Id: I73713d708f5fdbd505f408b6b19a7a0f7fab813b
INOPIAE [Sat, 10 Sep 2016 11:11:15 +0000 (13:11 +0200)]
upd: modified text displayed during certificate creation process
Change-Id: Ic3038b764e213e6d904ff25c115818d9b4496f7a
Felix Dörre [Sun, 11 Sep 2016 18:44:25 +0000 (20:44 +0200)]
fix: translation strings in "VerificationAgentEntered.templ"
no need to start a translation string when there is nothing
to translate
Change-Id: I2922810f617f1d9e3ec451574134dbb947c474a3
Felix Dörre [Sun, 11 Sep 2016 08:46:54 +0000 (10:46 +0200)]
upd: use serials lowercase-only
Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf
Felix Dörre [Sat, 10 Sep 2016 14:22:37 +0000 (16:22 +0200)]
fix: postgres conditional expression in SimpleSigner error query.
Change-Id: Ia55d3c3c5baf251c7f748153dc727a131502fe87
Felix Dörre [Sat, 10 Sep 2016 14:02:10 +0000 (16:02 +0200)]
fix: simple signer correctly parse profile-EKUs
Change-Id: Iec644be800d86fe687acccf779383e90a68bd780
Felix Dörre [Fri, 9 Sep 2016 23:37:33 +0000 (01:37 +0200)]
upd: enforce a more strict Form call pattern.
form management is now split into:
- initial generation (typically in doGet)
- actual submitting (typically in beforePost) resulting in
- an error (permament or non-permament)
- a submission result
- redirect
- success message
- custom
- re-emitting if needed (typically in doPost)
Change-Id: Ic226bb886a513b6dfbd844294d2092b653c5df5b
Lucas Werkmeister [Fri, 9 Sep 2016 20:19:31 +0000 (22:19 +0200)]
upd: native Makefile improvements
- Remove optimization. We don't need it, and -O3 in particular can
introduce bugs.
- Move -I directives to preprocessor flags.
- Add a separate goal for the header file instead of using shell &&.
- Use the special variable $(RM) to remove files, and ignore failures if
some files don't exist.
Change-Id: Icb7bd684bae6bdb860712a4e24d880b265db292a
Felix Dörre [Mon, 5 Sep 2016 17:05:17 +0000 (19:05 +0200)]
upd: use a more strict pattern for handling forms
Change-Id: I55e1087868820e652fccc7454c9ae290b6947119
Felix Dörre [Fri, 9 Sep 2016 12:07:05 +0000 (14:07 +0200)]
fix: make simple signer select CA certificate better.
Change-Id: I51d3a7849c1d5899a80c93c7222a2e97a3ff5dba