Bug#862122: unblock: ssl-cert/1.0.39

Mon, 08 May 2017 12:27:33 -0700 

Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock

Hi release team,

Please unblock package ssl-cert

At least the current version of chrome does not accept the default
certificates generated by ssl-cert 1.0.38 anymore, because they don't
contain the host name as SubjectAltName. Therefore it makes sense to
have the new version of ssl-cert in stretch.

Debdiff is attached.

unblock ssl-cert/1.0.39

Cheers,
Stefan

diff -Nru ssl-cert-1.0.38/debian/changelog ssl-cert-1.0.39/debian/changelog
--- ssl-cert-1.0.38/debian/changelog    2016-05-29 13:44:46.000000000 +0200
+++ ssl-cert-1.0.39/debian/changelog    2017-04-28 21:58:22.000000000 +0200
@@ -1,3 +1,12 @@
+ssl-cert (1.0.39) unstable; urgency=medium
+
+  * Always put the common name also in the SubjectAltName. This is required
+    to make newer web browsers happy. Closes: #861185
+    The wording in the debconf questions will be adjusted later, to avoid
+    having to fix so many translation shortly before the release.
+
+ -- Stefan Fritsch <[email protected]>  Fri, 28 Apr 2017 21:58:22 +0200
+
 ssl-cert (1.0.38) unstable; urgency=medium
 
   * Update Turkish translation. Thanks to Atila KOÇ. Closes: #807559
diff -Nru ssl-cert-1.0.38/make-ssl-cert ssl-cert-1.0.39/make-ssl-cert
--- ssl-cert-1.0.38/make-ssl-cert       2016-05-29 13:39:30.000000000 +0200
+++ ssl-cert-1.0.39/make-ssl-cert       2017-04-28 21:53:33.000000000 +0200
@@ -32,8 +32,10 @@
     db_input high make-ssl-cert/altname || true
     db_go
     db_get make-ssl-cert/altname
-    AltName="$RET"
+    AddAltName="$RET"
     db_fset make-ssl-cert/altname seen false
+    SubjectAltName="DNS:$HostName"
+    [ -z "$AddAltName" ] || SubjectAltName="$SubjectAltName,$AddAltName"
 }
 
 make_snakeoil() {
@@ -44,15 +46,14 @@
         echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil 
--force-overwrite'
         echo make-ssl-cert: again.
     fi
+    SubjectAltName="DNS:$HostName"
     if [ ${#HostName} -gt 64 ] ; then
-        AltName="DNS:$HostName"
         HostName="$(hostname)"
     fi
 }
 
 create_temporary_cnf() {
-    sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
-    [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
+    sed -e s#@HostName@#"$HostName"# -e s#@SubjectAltName@#"$SubjectAltName"# 
$template > $TMPFILE
 }
 
 # Takes two arguments, the base layout and the output cert.
diff -Nru ssl-cert-1.0.38/ssleay.cnf ssl-cert-1.0.39/ssleay.cnf
--- ssl-cert-1.0.38/ssleay.cnf  2016-05-29 13:39:30.000000000 +0200
+++ ssl-cert-1.0.39/ssleay.cnf  2017-04-28 21:54:35.000000000 +0200
@@ -18,3 +18,4 @@
 
 [ v3_req ]
 basicConstraints        = CA:FALSE
+subjectAltName          = @SubjectAltName@

Reply via email to