Skip to content

Commit

Permalink
Merge v1.26.2 into community
Browse files Browse the repository at this point in the history
  • Loading branch information
GovernikusAusweisApp2 committed Jan 18, 2023
2 parents 4d5601d + e071038 commit a0c0d8d
Show file tree
Hide file tree
Showing 1,704 changed files with 2,469 additions and 2,159 deletions.
2 changes: 2 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Dockerfile
resources/jenkins/docker/Dockerfile
44 changes: 44 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: "CodeQL"

on:
push:
branches: [ "community" ]
pull_request:
branches: [ "community" ]
schedule:
- cron: "46 18 * * 5"

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write

strategy:
fail-fast: false
matrix:
language: [ cpp ]

steps:
- name: Checkout
uses: actions/checkout@v3

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Install dependencies
run: sudo apt install -y cmake pkg-config libssl-dev libudev-dev libhttp-parser-dev libpcsclite-dev libqt6svg6-dev libqt6websockets6-dev qt6-base-dev qt6-base-private-dev qt6-declarative-dev qt6-scxml-dev qt6-tools-dev qt6-tools-dev-tools libqt6opengl6-dev libqt6shadertools6-dev libgl1-mesa-dev qt6-l10n-tools

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{ matrix.language }}"
4 changes: 2 additions & 2 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ if(UNIX AND NOT IOS)
set(CMAKE_OSX_DEPLOYMENT_TARGET 10.15 CACHE STRING "Required macOS version")
endif()

project(AusweisApp2 VERSION 1.26.1 LANGUAGES ${LANGUAGES})
project(AusweisApp2 VERSION 1.26.2 LANGUAGES ${LANGUAGES})

# Set TWEAK if not defined in PROJECT_VERSION above to
# have a valid tweak version without propagating it
Expand Down Expand Up @@ -143,7 +143,7 @@ set(TEST_DIR ${PROJECT_SOURCE_DIR}/test)
set(DOCS_DIR ${PROJECT_SOURCE_DIR}/docs)
set(RESOURCES_DIR ${PROJECT_SOURCE_DIR}/resources)
set(PACKAGING_DIR ${RESOURCES_DIR}/packaging)
set(COPYRIGHT_TEXT "2014-2022 ${VENDOR}")
set(COPYRIGHT_TEXT "2014-2023 ${VENDOR}")
if(APPLE)
string(REPLACE " \& " " \& " COPYRIGHT_TEXT ${COPYRIGHT_TEXT})
endif()
Expand Down
9 changes: 5 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
ARG ALPINE_VERSION=3.16
ARG ALPINE_VERSION=3.17

FROM alpine:$ALPINE_VERSION as builder
# Install development stuff
RUN apk --no-cache upgrade -a && \
apk --no-cache add patch cmake ccache make ninja g++ pkgconf pcsc-lite-dev binutils-gold eudev-libs perl python3 linux-headers

# Use optional secondary ccache
# Use optional remote ccache
# redis://YOUR_SERVER:6379|share-hits=false
ARG CCACHE_SECONDARY_STORAGE=""
ENV CCACHE_SECONDARY_STORAGE=$CCACHE_SECONDARY_STORAGE CCACHE_RESHARE=true CCACHE_DIR=/build/ccache
ARG CCACHE_REMOTE_STORAGE=""
ENV CCACHE_REMOTE_STORAGE=$CCACHE_REMOTE_STORAGE CCACHE_REMOTE_ONLY=true CCACHE_RESHARE=true CCACHE_DIR=/build/ccache

# Build Libraries
COPY cmake/Helper.cmake cmake/DVCS.cmake cmake/Messages.cmake libs /src/libs/
Expand Down Expand Up @@ -59,4 +59,5 @@ RUN apk --no-cache upgrade -a && \
USER ausweisapp
VOLUME ["/home/ausweisapp/.config"]
ENTRYPOINT ["/sbin/tini", "--"]
EXPOSE 24727
CMD ["AusweisApp2", "--address", "0.0.0.0"]
4 changes: 2 additions & 2 deletions LICENSE.officially.txt
Original file line number Diff line number Diff line change
Expand Up @@ -350,12 +350,12 @@ Die verwendeten Open-Source-Bibliotheken unterliegen den folgenden Nutzungsbedin

OpenSSL
Lizenz: Apache 2.0
Version: 3.0.5
Version: 3.0.7
Adresse: https://www.openssl.org/

Qt
Lizenz: LGPL v3
Version: 6.3.1
Version: 6.4.1
Adresse: https://www.qt.io/

http_parser
Expand Down
4 changes: 2 additions & 2 deletions LICENSE.txt
Original file line number Diff line number Diff line change
Expand Up @@ -318,12 +318,12 @@ Die verwendeten Open-Source-Bibliotheken unterliegen den folgenden Nutzungsbedin

OpenSSL
Lizenz: Apache 2.0
Version: 3.0.5
Version: 3.0.7
Adresse: https://www.openssl.org/

Qt
Lizenz: LGPL v3
Version: 6.3.1
Version: 6.4.1
Adresse: https://www.qt.io/

http_parser
Expand Down
45 changes: 45 additions & 0 deletions cmake/Helper.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -385,6 +385,51 @@ function(FETCH_TARGET_LOCATION _destination _target)
set(${_destination} ${tmp} PARENT_SCOPE)
endfunction()

function(list_add_if_not_present list elem)
list(FIND "${list}" "${elem}" exists)
if(exists EQUAL -1)
list(APPEND "${list}" "${elem}")
set("${list}" "${${list}}" PARENT_SCOPE)
endif()
endfunction()

macro(target_get_linked_libraries_internal _target _outlist)
list_add_if_not_present("${_outlist}" "${_target}")

get_target_property(target_type "${_target}" TYPE)
if(${target_type} STREQUAL "INTERFACE_LIBRARY")
get_target_property(libs "${_target}" INTERFACE_LINK_LIBRARIES)
else()
get_target_property(libs "${_target}" LINK_LIBRARIES)
endif()

foreach(lib IN LISTS libs)
# Required for libs linked as "debug" like "$<$<CONFIG:DEBUG>:$<TARGET_NAME:AusweisAppUiAidl>>"
string(REGEX REPLACE ".*(AusweisApp[a-zA-Z:]+).*" "\\1" lib "${lib}")
string(REPLACE "::" "" lib "${lib}")

if(NOT TARGET "${lib}")
continue()
endif()

if(NOT "${lib}" MATCHES "AusweisApp")
continue()
endif()

list(FIND "${_outlist}" "${lib}" exists)
if(NOT exists EQUAL -1)
continue()
endif()

target_get_linked_libraries_internal("${lib}" "${_outlist}")
endforeach()
endmacro()

function(target_get_linked_libraries _target _outlist)
set(${_outlist} "${_target}")
target_get_linked_libraries_internal(${_target} ${_outlist})
set(${_outlist} ${${_outlist}} PARENT_SCOPE)
endfunction()

function(map_set_value _map _key _value)
set(${_map}_${_key} "${_value}" PARENT_SCOPE)
Expand Down
8 changes: 8 additions & 0 deletions cmake/Install.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,14 @@ elseif(UNIX)
install(FILES ${RESOURCES_DIR}/images/npa.png DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor/96x96/apps COMPONENT Application RENAME AusweisApp2.png)
install(FILES ${DOCS_DIR}/AusweisApp2.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1 COMPONENT Application)
endif()

# This is for internal use only! It is not recommended to split the AusweisApp2 into multiple libs!
if(BUILD_SHARED_LIBS)
target_get_linked_libraries(AusweisApp libraries)
foreach(libTarget ${libraries})
install(TARGETS ${libTarget} DESTINATION ${CMAKE_INSTALL_LIBDIR} COMPONENT Application)
endforeach()
endif()
endif()


Expand Down
6 changes: 3 additions & 3 deletions cmake/Packaging.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -105,13 +105,13 @@ if(WIN32)
# disable above line, enable beneath line to build MSI for english
# set(CPACK_WIX_CULTURES en-US)
set(CPACK_WIX_TEMPLATE ${PACKAGING_DIR}/win/WIX.template.in)
set(CPACK_WIX_EXTRA_SOURCES ${PACKAGING_DIR}/win/install_settings.wxs ${PACKAGING_DIR}/win/runtime_settings.wxs ${PACKAGING_DIR}/win/gui.wxs)
set(CPACK_WIX_EXTRA_SOURCES ${PACKAGING_DIR}/win/executable.wxs ${PACKAGING_DIR}/win/install_settings.wxs ${PACKAGING_DIR}/win/runtime_settings.wxs ${PACKAGING_DIR}/win/gui.wxs)
set(CPACK_WIX_UI_BANNER ${RESOURCES_DIR}/images/wix_banner.jpg)
set(CPACK_WIX_UI_DIALOG ${RESOURCES_DIR}/images/wix_dialog.jpg)
set(CPACK_WIX_EXTENSIONS WixUtilExtension WixFirewallExtension)
set(CPACK_WIX_LIGHT_EXTRA_FLAGS -loc ${PACKAGING_DIR}/win/WIX.Texts.de-DE.wxl -loc ${PACKAGING_DIR}/win/WIX.Texts.en-US.wxl)
# suppress warning LGHT1076/ICE61 caused by AllowSameVersionUpgrades
set(CPACK_WIX_LIGHT_EXTRA_FLAGS -sw1076 ${CPACK_WIX_LIGHT_EXTRA_FLAGS})
# suppress errors related to the shortcuts (HKCU/HKLM)
set(CPACK_WIX_LIGHT_EXTRA_FLAGS -sice:ICE38 -sice:ICE43 -sice:ICE57 ${CPACK_WIX_LIGHT_EXTRA_FLAGS})

configure_file(${CMAKE_DIR}/PrepareProxy.cmake.in ${CMAKE_BINARY_DIR}/PrepareProxy.cmake @ONLY)
set(CPACK_PRE_BUILD_SCRIPTS "${CMAKE_BINARY_DIR}/PrepareProxy.cmake")
Expand Down
24 changes: 13 additions & 11 deletions cmake/PrepareProxy.cmake.in
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
set(WIX_BUILD_DIR "@CMAKE_BINARY_DIR@/_CPack_Packages/win64/WIX")
file(GLOB WIX_INSTALL_DIR RELATIVE ${WIX_BUILD_DIR} ${WIX_BUILD_DIR}/@PROJECT_NAME@-*)

list(LENGTH WIX_INSTALL_DIR DIR_COUNT)
if(NOT DIR_COUNT EQUAL 1 OR NOT IS_DIRECTORY "${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}")
message(FATAL_ERROR "No unique CPack installation directory was found: ${WIX_INSTALL_DIR}")
endif()

execute_process(COMMAND ${CMAKE_COMMAND} -E copy
"${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}/@PROJECT_NAME@@CMAKE_EXECUTABLE_SUFFIX@"
"${WIX_BUILD_DIR}/Proxy@PROJECT_NAME@@CMAKE_EXECUTABLE_SUFFIX@")
set(WIX_BUILD_DIR "@CMAKE_BINARY_DIR@/_CPack_Packages/win64/WIX")
file(GLOB WIX_INSTALL_DIR RELATIVE ${WIX_BUILD_DIR} ${WIX_BUILD_DIR}/@PROJECT_NAME@-*)

list(LENGTH WIX_INSTALL_DIR DIR_COUNT)
if(NOT DIR_COUNT EQUAL 1 OR NOT IS_DIRECTORY "${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}")
message(FATAL_ERROR "No unique CPack installation directory was found: ${WIX_INSTALL_DIR}")
endif()

set(PROJECT_EXECUTABLE_NAME "@PROJECT_NAME@@CMAKE_EXECUTABLE_SUFFIX@")

file(RENAME
"${WIX_BUILD_DIR}/${WIX_INSTALL_DIR}/${PROJECT_EXECUTABLE_NAME}"
"${WIX_BUILD_DIR}/${PROJECT_EXECUTABLE_NAME}")
40 changes: 34 additions & 6 deletions cmake/cmd.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,43 @@ function(CREATE_HASH)
endfunction()

function(CHECK_WIX_WARNING)
list(APPEND EXPECTED_WARNINGS "CNDL1077.*WixShellExecTarget.*INSTALL_ROOT")
list(APPEND EXPECTED_WARNINGS "CNDL1077.*WixShellExecTarget.*ProductName")
list(APPEND EXPECTED_WARNINGS "LGHT1076.*ICE03.*CustomInstallDirDlg.SystemSettingsCheckBox")
list(APPEND EXPECTED_WARNINGS "LGHT1076.*ICE30.*AusweisApp2.*ProxyService")
list(APPEND EXPECTED_WARNINGS "LGHT1076.*ICE30.*AusweisApp2.*ProxyService")
list(APPEND EXPECTED_WARNINGS "LGHT1076.*ICE61.*product.*version")
list(LENGTH EXPECTED_WARNINGS EXPECTED_COUNT)

file(STRINGS "${FILE}" WIX_WARNINGS REGEX "warning")
list(LENGTH WIX_WARNINGS WARNING_COUNT)
if(WARNING_COUNT GREATER 0)
foreach(m ${WIX_WARNINGS})
message(STATUS "${m}\n")
foreach(m ${WIX_WARNINGS})
unset(KNOWN_WARNING)
foreach(e ${EXPECTED_WARNINGS})
string(REGEX MATCH "${e}" KNOWN_WARNING "${m}")
if(KNOWN_WARNING)
MATH(EXPR WARNING_COUNT "${WARNING_COUNT}+1")
break()
endif()
endforeach()
message(FATAL_ERROR "Found ${WARNING_COUNT} new WIX warnings")
if(NOT KNOWN_WARNING)
message(STATUS "${m}\n")
MATH(EXPR UNKNOWN_WARNINGS "${UNKNOWN_WARNINGS}+1")
endif()
endforeach()

if(UNKNOWN_WARNINGS)
message(FATAL_ERROR "WiX log: Found ${UNKNOWN_WARNINGS} new warnings")
endif()

if(WARNING_COUNT EQUAL EXPECTED_COUNT)
message(STATUS "WiX log: Expectation met")
return()
endif()

if(WARNING_COUNT GREATER EXPECTED_COUNT)
message(FATAL_ERROR "WiX log: Found unexpected warnings")
else()
message(STATUS "No WIX warnings found")
message(FATAL_ERROR "WiX log: Missing expected warnings")
endif()
endfunction()

Expand Down
2 changes: 1 addition & 1 deletion cmake/tests/openssl.cpp
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* \copyright Copyright (c) 2021-2022 Governikus GmbH & Co. KG, Germany
* \copyright Copyright (c) 2021-2023 Governikus GmbH & Co. KG, Germany
*/

#include <QSslCipher>
Expand Down
25 changes: 12 additions & 13 deletions docs/installation/README.de.rst
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ alle unterstützten Parameter, die im Anschluss erläutert werden.
INSTALLDIR
Gibt das Installationsverzeichnis an. Ohne Angabe wird der Ordner
"C:\\Programme (x86)\\AusweisApp2" genutzt.
"C:\\Programme\\AusweisApp2" genutzt.

SYSTEMSETTINGS
Betrifft die Erstellung von Firewall-Regeln der Windows Firewall. Ohne Angabe
Expand Down Expand Up @@ -146,11 +146,6 @@ zu optimieren, kann die Systemvariable "QT_QUICK_BACKEND" auf den Wert
Versuch die Grafikbeschleunigung zu nutzen und startet direkt mit dem
alternativen Softwarerenderer.

Bei Durchführung eines Updates der AusweisApp2 können keine systemweiten
Standardeinstellungen durch neue Kommandozeilenparameter ergänzt werden.
Werden neue Parameter benötigt, so muss die AusweisApp2 deinstalliert und mit
den neuen Kommandozeilenparametern neuinstalliert werden.

macOS
-----

Expand Down Expand Up @@ -308,16 +303,20 @@ CA-Zertifikate im Windows-Truststore werden daher ignoriert.
:header: "Referenz", "Protokoll", "Port", "Richtung", "Optional", "Zweck", "Anmerkungen"
:widths: 8, 8, 8, 8, 8, 35, 25

"eID1", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Online-Ausweisvorgang, eID-Aktivierung [#TR-03124]_", "Nur erreichbar von localhost [#TR-03124]_"
"eID2", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum Anbieter, TLS-1-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID3", TCP, 443, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum eID-Server, TLS-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID-SDK", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Verwendung der SDK-Schnittstelle", "Nur erreichbar von localhost [#TR-03124]_"
"SaK1", UDP, 24727 [#aa2proxy]_, "eingehend", "Ja", "Smartphone als Kartenleser, Erkennung [#TR-03112]_", "Broadcasts"
"SaK2", TCP, , "ausgehend", "Ja", "Smartphone als Kartenleser, Verwendung [#TR-03112]_", "Verbindung im lokalen Subnetz"
"Update", TCP, 443, "ausgehend", "Ja", "Updates [#govurl]_ zu Anbietern und Kartenlesern sowie Informationen zu neuen AusweisApp2-Versionen [#updatecheck]_ .", "Die Zertifikate der TLS-Verbindung werden mit in der AusweisApp2 mitgelieferten CA-Zertifikaten validiert. Im Betriebssystem hinterlegte CA-Zertifikate werden ignoriert."
"eID1", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Online-Ausweisvorgang, eID-Aktivierung [#TR-03124]_", "Nur erreichbar von localhost [#TR-03124]_"
"eID2", TCP, 443 [#eidports]_, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum Anbieter, TLS-1-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID3", TCP, 443 [#eidports]_, "ausgehend", "Nein", "Online-Ausweisvorgang, Verbindung zum eID-Server, TLS-2-Kanal [#TR-03124]_", "TLS-Zertifikate verschränkt mit Berechtigungs-Zertifikat [#TR-03124]_"
"eID-SDK", TCP, 24727 [#aa2proxy]_, "eingehend", "Nein", "Verwendung der SDK-Schnittstelle", "Nur erreichbar von localhost [#TR-03124]_"
"SaK1", UDP, 24727 [#aa2proxy]_, "eingehend", "Ja", "Smartphone als Kartenleser, Erkennung [#TR-03112]_", "Broadcasts"
"SaK2", TCP, , "ausgehend", "Ja", "Smartphone als Kartenleser, Verwendung [#TR-03112]_", "Verbindung im lokalen Subnetz"
"Update", TCP, 443, "ausgehend", "Ja", "Updates [#govurl]_ zu Anbietern und Kartenlesern sowie Informationen zu neuen AusweisApp2-Versionen [#updatecheck]_ .", "Die Zertifikate der TLS-Verbindung werden mit in der AusweisApp2 mitgelieferten CA-Zertifikaten validiert. Im Betriebssystem hinterlegte CA-Zertifikate werden ignoriert."

.. [#aa2proxy] Oder ein zufälliger Port bei Verwendung des AusweisApp2-Proxys.
.. [#TR-03124] Siehe TR-03124 des BSI
.. [#eidports] Port 443 wird für die initiale Kontaktaufnahme zum Anbieter bzw.
eID-Server verwendet. Durch die Konfiguration des Dienstes durch den
Diensteanbieter können durch Weiterleitungen beliebige andere Ports zum
Einsatz kommen.
.. [#TR-03112] Siehe TR-03112-6 des BSI
.. [#govurl] Erreichbar unter dem URL https://appl.governikus-asp.de/ausweisapp2/
.. [#updatecheck] Die Überprüfung auf neue AusweisApp2-Versionen kann deaktiviert werden, siehe
Expand Down
24 changes: 11 additions & 13 deletions docs/installation/README.en.rst
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ contains all supported arguments, which are explained below.
INSTALLDIR
States the installation directory. If not specified, the folder
"C:\\Program Files (x86)\\AusweisApp2" is used.
"C:\\Program Files\\AusweisApp2" is used.

SYSTEMSETTINGS
Concerns the settings of firewall rules of the Windows Firewall. When not
Expand Down Expand Up @@ -135,11 +135,6 @@ acceleration, the system variable "QT_QUICK_BACKEND" can be set to the value
"software". In this case, the AusweisApp2 does not attempt to use graphics
acceleration and starts directly with the alternative software renderer.

When installing an AusweisApp2 update new commandline parameters cannot be added
to the system-wide default settings. If new commandline parameters are needed
the AusweisApp2 has to be deinstalled and then reinstalled with the new
parameters.

macOS
-----

Expand Down Expand Up @@ -286,16 +281,19 @@ TLS termination proxy.
:header: "Reference", "Protocol", "Port", "Direction", "Optional", "Purpose", "Note"
:widths: 8, 8, 8, 8, 8, 35, 25

"eID1", TCP, 24727 [#aa2proxy]_, "incoming", "no", "Online eID function, eID activation [#TR-03124]_", "Only accessible from localhost [#TR-03124]_"
"eID2", TCP, 443, "outgoing", "no", "Online eID function, connection to the provider, TLS-1-2 channel [#TR-03124]_", "TLS certificates interlaced with authorization certificate [#TR-03124]_"
"eID3", TCP, 443, "outgoing", "no", "Online eID function, connection to eID-Server, TLS-2 channel [#TR-03124]_", "TLS certificates interlaced with authorization certificate [#TR-03124]_"
"eID-SDK", TCP, 24727 [#aa2proxy]_, "incoming", "no", "Usage of the SDK functionality", "Only accessible from localhost [#TR-03124]_"
"SaC1", UDP, 24727 [#aa2proxy]_, "incoming", "yes", "Smartphone as Card Reader, detection [#TR-03112]_", "Broadcasts"
"SaC2", TCP, , "outgoing", "yes", "Smartphone as Card Reader, usage [#TR-03112]_", "Connection in local subnet"
"Update", TCP, 443, "outgoing", "yes", "Updates [#govurl]_ of provider and card reader information as well as information on new AusweisApp2 versions [#updatecheck]_ .", "TLS certificates will be validated against CA certificates included in the AusweisApp2. CA certificates provided by the OS are ignored."
"eID1", TCP, 24727 [#aa2proxy]_, "incoming", "no", "Online eID function, eID activation [#TR-03124]_", "Only accessible from localhost [#TR-03124]_"
"eID2", TCP, 443 [#eidports]_, "outgoing", "no", "Online eID function, connection to the provider, TLS-1-2 channel [#TR-03124]_", "TLS certificates interlaced with authorization certificate [#TR-03124]_"
"eID3", TCP, 443 [#eidports]_, "outgoing", "no", "Online eID function, connection to eID-Server, TLS-2 channel [#TR-03124]_", "TLS certificates interlaced with authorization certificate [#TR-03124]_"
"eID-SDK", TCP, 24727 [#aa2proxy]_, "incoming", "no", "Usage of the SDK functionality", "Only accessible from localhost [#TR-03124]_"
"SaC1", UDP, 24727 [#aa2proxy]_, "incoming", "yes", "Smartphone as Card Reader, detection [#TR-03112]_", "Broadcasts"
"SaC2", TCP, , "outgoing", "yes", "Smartphone as Card Reader, usage [#TR-03112]_", "Connection in local subnet"
"Update", TCP, 443, "outgoing", "yes", "Updates [#govurl]_ of provider and card reader information as well as information on new AusweisApp2 versions [#updatecheck]_ .", "TLS certificates will be validated against CA certificates included in the AusweisApp2. CA certificates provided by the OS are ignored."

.. [#aa2proxy] Or a random port when using AusweisApp2 proxy.
.. [#TR-03124] See TR-03124 specification from the BSI
.. [#eidports] Port 443 is used for the initial contact with the provider or
eID server. Due to configuration of the service on the service provider's
behalf, any other port might be used by forwarding.
.. [#TR-03112] See TR-03112-6 specifiaction from the BSI
.. [#govurl] All updates are based on the URL https://appl.governikus-asp.de/ausweisapp2/
.. [#updatecheck] Automatic checks for new AusweisApp2 versions can be deactivated, see commandline parameter
Expand Down
2 changes: 1 addition & 1 deletion docs/installation/conf.py.in
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ master_doc = 'index'

# General information about the project.
project = 'AusweisApp2 Installation'
copyright = '2018-2022, Governikus GmbH & Co. KG'
copyright = '2018-2023, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'

# The version info for the project you're documenting, acts as replacement for
Expand Down
Loading

0 comments on commit a0c0d8d

Please sign in to comment.