Your message dated Mon, 11 Feb 2013 09:37:42 +0100
with message-id <1360571862.4351.1.camel@kirk>
and subject line Re:Bug#700284: libghc-certificate-dev: incomplete basic
constraint parsing breaks verisign certs
has caused the Debian Bug report #700284,
regarding libghc-certificate-dev: incomplete basic constraint parsing breaks
verisign certs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
700284: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700284
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libghc-certificate-dev
Version: 1.2.3-1+b1
Severity: important
Tags: patch
Hello,
since libghc-tls-extra-dev 0.4.6.1-1, certificate extensions are checked
whether they are CA certs and cert signing is allowed. Verisign certs,
however, encode basic constraints in a format that libghc-certificate-dev
1.2.3-1+b1 fails to parse, and connection to (some) verisign-signed sites
fails.
An example of such site is https://secure.gooddata.com/.
This is likely fixed by
https://github.com/vincenthz/hs-certificate/commit/a156d857189fc880f7d0a2de3310e750994c766b
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (980, 'testing'), (980, 'stable'), (500, 'unstable'), (500,
'stable'), (200, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 3.3.8-lis64+ (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libghc-certificate-dev depends on:
ii ghc [libghc-time-dev-1.4-3e186] 7.4.1-4
ii libc6 2.13-27
ii libffi5 3.0.10-3
ii libghc-asn1-data-dev [libghc-asn1-data-dev-0.6.1.3-d0540] 0.6.1.3-2+b3
ii libghc-base-dev-4.5.0.0-c8e71 <none>
ii libghc-bytestring-dev-0.9.2.1-4adca <none>
ii libghc-crypto-pubkey-types-dev [libghc-crypto-pubkey-types- 0.1.1-1+b3
ii libghc-directory-dev-1.1.0.2-89575 <none>
ii libghc-mtl-dev [libghc-mtl-dev-2.1.1-ae9b4] 2.1.1-1
ii libghc-pem-dev [libghc-pem-dev-0.1.1-84ae4] 0.1.1-1+b3
ii libghc-process-dev-1.1.0.1-91185 <none>
ii libgmp10 2:5.0.4+dfsg-1
libghc-certificate-dev recommends no packages.
Versions of packages libghc-certificate-dev suggests:
ii libghc-certificate-doc 1.2.3-1
ii libghc-certificate-prof 1.2.3-1+b1
-- no debconf information
--
Tomáš Janoušek, a.k.a. Liskni_si, http://work.lisk.in/
--- End Message ---
--- Begin Message ---
Version: 1.3.5-1
Dear Thomas,
thanks for the report.
Am Montag, den 11.02.2013, 01:35 +0100 schrieb Tomas Janousek:
> Package: libghc-certificate-dev
> Version: 1.2.3-1+b1
> Severity: important
> Tags: patch
>
> Hello,
>
> since libghc-tls-extra-dev 0.4.6.1-1, certificate extensions are checked
> whether they are CA certs and cert signing is allowed. Verisign certs,
> however, encode basic constraints in a format that libghc-certificate-dev
> 1.2.3-1+b1 fails to parse, and connection to (some) verisign-signed sites
> fails.
>
> An example of such site is https://secure.gooddata.com/.
>
> This is likely fixed by
> https://github.com/vincenthz/hs-certificate/commit/a156d857189fc880f7d0a2de3310e750994c766b
if that is the case, there is a fixed version waiting in experimental
and will migrate to unstable soon after the release.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
[email protected] | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: [email protected] | http://people.debian.org/~nomeata
signature.asc
Description: This is a digitally signed message part
--- End Message ---
