Control: tags -1 moreinfo Hi,
On Wed, May 31, 2017 at 11:58:16AM +0200, Mike Gabriel wrote: > Please consider unblocking not-yet-uploaded package e2guardian > > Quite recently Google Chrome changed its policy regarding certificate > requirements. Certs without a subjectAltName field get now rejected. > > In the e2guardian content filter system, there is support for filtering > SSL encrypted http traffic by decrypting, checking its content and then > re-encrypting SSL-encrypted content. Whereas some consider this as a > m-i-t-m attack, in some setups this makes good sense (e.g. in school > networks). > > For re-encrypting the content, a self-signed set of certs gets used. > In previous versions, these certs lack the SAN field. With a patch > from upstream (that they backported to the 3.4 branch of e2guardian esp. > for Debian 9), this issue has now been fixed. > > See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862855 for details. > > unblock e2guardian/3.4.0.3-2 We're quite close to the release date, so I suggest you upload it now, and remove the moreinfo tag from this bug once it's in unstable. I'll take a closer look at that point. Cheers, Ivo
