[Pkg-openssl-devel] Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
Raphael Geissert
geissert at debian.org
Fri Sep 9 01:34:08 UTC 2011
On Thursday 08 September 2011 16:57:56 Kurt Roeckx wrote:
> On Wed, Sep 07, 2011 at 10:06:55PM -0500, Raphael Geissert wrote:
> > The patch for 0.9.8 is also attached, but I haven't tested it yet. It was
> > made based on squeeze's openssl and it seems to apply fine to lenny's
> > openssl (just a few lines of difference.)
>
> I wonder why you don't use the same patch for both. I think the
> check_name_constraints() actually tries to test something else,
> like that it's a well-formed name or something. So the new function
> makes more sense to me.
Yes, I rewrote the patch for 1.0.0 after my last message but it was pending a
rebuild and re-test. I've attached it now.
I had the chance of testing the 098.v1 patch on squeeze and it passed all my
tests. I haven't tested it on lenny yet, since the build system seems to be
tricky and keeps modifying files even on debian/rules clean.
> > Kurt, what do you think? would upstream be interested in the patch, or at
> > least in reviewing it?
>
> I can always try and ask them.
It'd be great if you handled that part.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: block_diginotar.100.v3.patch
Type: text/x-patch
Size: 1839 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110908/f04b98e1/attachment.bin>
More information about the Pkg-openssl-devel
mailing list