}
else if (!cg->trust_first)
{
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Trust on first use is disabled."), 1);
- trust = HTTP_TRUST_INVALID;
+ /*
+ * See if we have a site CA certificate we can compare...
+ */
+
+ if (!httpLoadCredentials(NULL, &tcreds, "site"))
+ {
+ if (cupsArrayCount(credentials) != (cupsArrayCount(tcreds) + 1))
+ {
+ /*
+ * Certificate isn't directly generated from the CA cert...
+ */
+
+ trust = HTTP_TRUST_INVALID;
+ }
+ else
+ {
+ /*
+ * Do a tail comparison of the two certificates...
+ */
+
+ http_credential_t *a, *b; /* Certificates */
+
+ for (a = (http_credential_t *)cupsArrayFirst(tcreds), b = (http_credential_t *)cupsArrayIndex(credentials, 1);
+ a && b;
+ a = (http_credential_t *)cupsArrayNext(tcreds), b = (http_credential_t *)cupsArrayNext(credentials))
+ if (a->datalen != b->datalen || memcmp(a->data, b->data, a->datalen))
+ break;
+
+ if (a || b)
+ trust = HTTP_TRUST_INVALID;
+ }
+
+ if (trust != HTTP_TRUST_OK)
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Credentials do not validate against site CA certificate."), 1);
+ }
+ else
+ {
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Trust on first use is disabled."), 1);
+ trust = HTTP_TRUST_INVALID;
+ }
}
if (trust == HTTP_TRUST_OK && !cg->expired_certs && !SecCertificateIsValid(secCert, CFAbsoluteTimeGetCurrent()))
}
else if (!cg->trust_first)
{
- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Trust on first use is disabled."), 1);
- trust = HTTP_TRUST_INVALID;
+ /*
+ * See if we have a site CA certificate we can compare...
+ */
+
+ if (!httpLoadCredentials(NULL, &tcreds, "site"))
+ {
+ if (cupsArrayCount(credentials) != (cupsArrayCount(tcreds) + 1))
+ {
+ /*
+ * Certificate isn't directly generated from the CA cert...
+ */
+
+ trust = HTTP_TRUST_INVALID;
+ }
+ else
+ {
+ /*
+ * Do a tail comparison of the two certificates...
+ */
+
+ http_credential_t *a, *b; /* Certificates */
+
+ for (a = (http_credential_t *)cupsArrayFirst(tcreds), b = (http_credential_t *)cupsArrayIndex(credentials, 1);
+ a && b;
+ a = (http_credential_t *)cupsArrayNext(tcreds), b = (http_credential_t *)cupsArrayNext(credentials))
+ if (a->datalen != b->datalen || memcmp(a->data, b->data, a->datalen))
+ break;
+
+ if (a || b)
+ trust = HTTP_TRUST_INVALID;
+ }
+
+ if (trust != HTTP_TRUST_OK)
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Credentials do not validate against site CA certificate."), 1);
+ }
+ else
+ {
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Trust on first use is disabled."), 1);
+ trust = HTTP_TRUST_INVALID;
+ }
}
if (trust == HTTP_TRUST_OK && !cg->expired_certs)
msgstr ""
"Project-Id-Version: CUPS 1.6\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "Created"
msgstr ""
-#: cups/tls-darwin.c:695 cups/tls-gnutls.c:539
+#: cups/tls-darwin.c:726 cups/tls-gnutls.c:560
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
+#: cups/tls-darwin.c:737 cups/tls-gnutls.c:577
msgid "Credentials have expired."
msgstr ""
msgid "Never"
msgstr ""
-#: cups/tls-darwin.c:664 cups/tls-gnutls.c:502
+#: cups/tls-darwin.c:668 cups/tls-gnutls.c:502
msgid "New credentials are not valid for name."
msgstr ""
-#: cups/tls-darwin.c:654 cups/tls-gnutls.c:492
+#: cups/tls-darwin.c:658 cups/tls-gnutls.c:492
msgid "New credentials are older than stored credentials."
msgstr ""
msgid "No authentication information provided."
msgstr ""
-#: cups/tls-darwin.c:604 cups/tls-gnutls.c:439
+#: cups/tls-darwin.c:608 cups/tls-gnutls.c:439
msgid "No common name specified."
msgstr ""
msgid "No request-id"
msgstr ""
-#: cups/tls-darwin.c:684 cups/tls-gnutls.c:522
+#: cups/tls-darwin.c:688 cups/tls-gnutls.c:522
msgid "No stored credentials, not valid for name."
msgstr ""
msgid "Roll 9"
msgstr ""
-#: cups/adminutil.c:2083
+#: cups/adminutil.c:2100
#, c-format
msgid "Running command: %s %s -N -A %s -c '%s'"
msgstr ""
msgid "Self Adhesive Film"
msgstr ""
-#: cups/tls-darwin.c:701 cups/tls-gnutls.c:546
+#: cups/tls-darwin.c:743 cups/tls-gnutls.c:584
msgid "Self-signed credentials are blocked."
msgstr ""
msgid "Server Stopped"
msgstr ""
-#: cups/tls-darwin.c:1133 cups/tls-gnutls.c:1225
+#: cups/tls-darwin.c:1183 cups/tls-gnutls.c:1263
msgid "Server credentials not set."
msgstr ""
msgid "Triple Wall Cardboard"
msgstr ""
-#: cups/tls-darwin.c:644 cups/tls-darwin.c:689 cups/tls-gnutls.c:482
-#: cups/tls-gnutls.c:527
+#: cups/tls-darwin.c:648 cups/tls-darwin.c:730 cups/tls-gnutls.c:482
+#: cups/tls-gnutls.c:564
msgid "Trust on first use is disabled."
msgstr ""
msgid "Unable to copy Windows 9x printer driver files (%d)."
msgstr ""
-#: cups/tls-darwin.c:610 cups/tls-gnutls.c:445
+#: cups/tls-darwin.c:614 cups/tls-gnutls.c:445
msgid "Unable to create credentials from array."
msgstr ""
msgid "Unable to create printer."
msgstr ""
-#: cups/tls-darwin.c:1394 cups/tls-gnutls.c:1413
+#: cups/tls-darwin.c:1444 cups/tls-gnutls.c:1451
msgid "Unable to create server credentials."
msgstr ""
msgid "Unable to edit cupsd.conf files larger than 1MB"
msgstr ""
-#: cups/tls-darwin.c:1561
+#: cups/tls-darwin.c:1611
msgid "Unable to establish a secure connection to host (certificate chain invalid)."
msgstr ""
-#: cups/tls-darwin.c:1551
+#: cups/tls-darwin.c:1601
msgid "Unable to establish a secure connection to host (certificate not yet valid)."
msgstr ""
-#: cups/tls-darwin.c:1546
+#: cups/tls-darwin.c:1596
msgid "Unable to establish a secure connection to host (expired certificate)."
msgstr ""
-#: cups/tls-darwin.c:1556
+#: cups/tls-darwin.c:1606
msgid "Unable to establish a secure connection to host (host name mismatch)."
msgstr ""
-#: cups/tls-darwin.c:1566
+#: cups/tls-darwin.c:1616
msgid "Unable to establish a secure connection to host (peer dropped connection before responding)."
msgstr ""
-#: cups/tls-darwin.c:1541
+#: cups/tls-darwin.c:1591
msgid "Unable to establish a secure connection to host (self-signed certificate)."
msgstr ""
-#: cups/tls-darwin.c:1536
+#: cups/tls-darwin.c:1586
msgid "Unable to establish a secure connection to host (untrusted certificate)."
msgstr ""
-#: cups/tls-darwin.c:1593 cups/tls-sspi.c:1277 cups/tls-sspi.c:1294
+#: cups/tls-darwin.c:1643 cups/tls-sspi.c:1277 cups/tls-sspi.c:1294
msgid "Unable to establish a secure connection to host."
msgstr ""
msgid "Unable to find printer."
msgstr ""
-#: cups/tls-darwin.c:1407
+#: cups/tls-darwin.c:1457
msgid "Unable to find server credentials."
msgstr ""
msgid "Unable to resolve printer-uri."
msgstr ""
-#: cups/adminutil.c:2119
+#: cups/adminutil.c:2136
#, c-format
msgid "Unable to run \"%s\": %s"
msgstr ""
msgid "Unknown scheme in URI"
msgstr ""
-#: cups/http-addrlist.c:781
+#: cups/http-addrlist.c:783
msgid "Unknown service name."
msgstr ""
msgid "scheduler is running"
msgstr ""
-#: cups/adminutil.c:2190
+#: cups/adminutil.c:2207
#, c-format
msgid "stat of %s failed: %s"
msgstr ""
"Cotton Envelope" = "Cotton Envelope";
"Cover" = "Cover";
"Created" = "Created";
+"Credentials do not validate against site CA certificate." = "Credentials do not validate against site CA certificate.";
"Credentials have expired." = "Credentials have expired.";
"Custom" = "Custom";
"CustominCutInterval" = "CustominCutInterval";
msgstr ""
"Project-Id-Version: CUPS 1.4.6\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2012-09-29 11:21+0200\n"
"Last-Translator: Àngel Mompó <mecatxis@gmail.com>\n"
"Language-Team: Catalan <ca@dodds.net>\n"
msgid "Created"
msgstr "Creat"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 1.6\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2012-09-14 10:26+0100\n"
"Last-Translator: Jan Bartos <jan.bartos@madeta.cz>\n"
"Language-Team: Czech\n"
msgid "Created"
msgstr "Vytvořeno"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 2.0\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2016-04-22 12:25+0100\n"
"Last-Translator: Joachim Schwender <joachim.schwender@web.de>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "Created"
msgstr "Erstellt"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 2.2\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2016-06-26 21:17+0100\n"
"Last-Translator: Juan Pablo González Riopedre <jpgriopedre@yahoo.es>\n"
"Language-Team: Spanish\n"
msgid "Created"
msgstr "Creado"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 1.6\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2012-12-12 11:12+0100\n"
"Last-Translator: denis meramdjougoma <dcmeram@libertysurf.fr>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
msgid "Created"
msgstr "Créé"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 1.6\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2013-07-14 12:00+0200\n"
"Last-Translator: Giovanni Scafora <giovanni@archlinux.org>\n"
"Language-Team: Arch Linux Italian Team <giovanni@archlinux.org>\n"
msgid "Created"
msgstr "Creato"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 2.0\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2014-11-15 19:27+0900\n"
"Last-Translator: OPFC TRANSCUPS <opfc-transcups@sourceforge.jp>\n"
"Language-Team: OPFC TRANSCUPS <opfc-transcups@sourceforge.jp>\n"
msgid "Created"
msgstr "ジョブ作成"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 2.1.2\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2016-01-31 16:45-0200\n"
"Last-Translator: Rafael Fontenelle <rffontenelle@gmail.com>\n"
"Language-Team: Brazilian Portuguese <traducao-cups-pt-br@googlegroups.com>\n"
msgid "Created"
msgstr "Criada"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""
msgstr ""
"Project-Id-Version: CUPS 2.0\n"
"Report-Msgid-Bugs-To: http://www.cups.org/str.php\n"
-"POT-Creation-Date: 2016-08-25 09:50-0400\n"
+"POT-Creation-Date: 2016-08-30 16:00-0400\n"
"PO-Revision-Date: 2015-01-28 12:00-0800\n"
"Last-Translator: Aleksandr Proklov\n"
"Language-Team: PuppyRus Linux Team\n"
msgid "Created"
msgstr "Создано"
+msgid "Credentials do not validate against site CA certificate."
+msgstr ""
+
msgid "Credentials have expired."
msgstr ""