[Pkg-haskell-maintainers] Bug#700284: libghc-certificate-dev: incomplete basic constraint parsing breaks verisign certs

Mon Feb 11 00:35:20 UTC 2013

Package: libghc-certificate-dev
Version: 1.2.3-1+b1
Severity: important
Tags: patch

Hello,

since libghc-tls-extra-dev 0.4.6.1-1, certificate extensions are checked
whether they are CA certs and cert signing is allowed. Verisign certs,
however, encode basic constraints in a format that libghc-certificate-dev
1.2.3-1+b1 fails to parse, and connection to (some) verisign-signed sites
fails.

An example of such site is https://secure.gooddata.com/.

This is likely fixed by
https://github.com/vincenthz/hs-certificate/commit/a156d857189fc880f7d0a2de3310e750994c766b

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (980, 'testing'), (980, 'stable'), (500, 'unstable'), (500, 'stable'), (200, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.3.8-lis64+ (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libghc-certificate-dev depends on:
ii  ghc [libghc-time-dev-1.4-3e186]                              7.4.1-4
ii  libc6                                                        2.13-27
ii  libffi5                                                      3.0.10-3
ii  libghc-asn1-data-dev [libghc-asn1-data-dev-0.6.1.3-d0540]    0.6.1.3-2+b3
ii  libghc-base-dev-4.5.0.0-c8e71                                <none>
ii  libghc-bytestring-dev-0.9.2.1-4adca                          <none>
ii  libghc-crypto-pubkey-types-dev [libghc-crypto-pubkey-types-  0.1.1-1+b3
ii  libghc-directory-dev-1.1.0.2-89575                           <none>
ii  libghc-mtl-dev [libghc-mtl-dev-2.1.1-ae9b4]                  2.1.1-1
ii  libghc-pem-dev [libghc-pem-dev-0.1.1-84ae4]                  0.1.1-1+b3
ii  libghc-process-dev-1.1.0.1-91185                             <none>
ii  libgmp10                                                     2:5.0.4+dfsg-1

libghc-certificate-dev recommends no packages.

Versions of packages libghc-certificate-dev suggests:
ii  libghc-certificate-doc   1.2.3-1
ii  libghc-certificate-prof  1.2.3-1+b1

-- no debconf information

-- 
Tomáš Janoušek, a.k.a. Liskni_si, http://work.lisk.in/