Your message dated Sat, 01 Nov 2014 22:49:04 +0000 with message-id <e1xkhtk-0004yv...@franck.debian.org> and subject line Bug#767692: fixed in libio-socket-ssl-perl 2.002-2 has caused the Debian Bug report #767692, regarding libio-socket-ssl-perl: Uses public suffix list to restrict wildcard certificates to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 767692: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767692 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libio-socket-ssl-perl Version: 2.002-1 Severity: normal Tags: upstream Initially ran into this with uscan, refusing to fetch source from google code. Dug in a bit, and discovered that Perl is using the Public Suffix List (https://publicsuffix.org/) to restrict wildcard certificates. e.g. HEAD https://re2.googlecode.com/files/re2-20140304.tgz 500 Can't connect to re2.googlecode.com:443 (certificate verify failed) Yet gnutls-cli and openssl s_client both have no issue with this certificate. I don't believe that this is a correct use of the PSL. The PSL lists domains that users can register/receive subdomains of, but this doesn't mean that the users control the DNS/hosting of these subdomains. There are quite a few domains in the PSL that I know have wildcard certificates issued for them: cloudfront.net s3.amazonaws.com github.io appspot.com herokuapp.com and probably many others. I even have a domain in there, that we intend to provide wildcard SSL for, in the future. Blocking wildcard certificates for TLDs makes sense. For other public suffix domains, doesn't. SR -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libio-socket-ssl-perl depends on: ii libnet-ssleay-perl 1.65-1+b1 ii netbase 5.2 ii perl 5.20.1-2 Versions of packages libio-socket-ssl-perl recommends: ii libio-socket-inet6-perl 2.72-1 ii libio-socket-ip-perl 0.32-1 ii libsocket6-perl 0.25-1+b1 ii liburi-perl 1.64-1 ii perl 5.20.1-2 ii perl-base [libsocket-perl] 5.20.1-2 Versions of packages libio-socket-ssl-perl suggests: ii ca-certificates 20141019 -- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: libio-socket-ssl-perl Source-Version: 2.002-2 We believe that the bug you reported is fixed in the latest version of libio-socket-ssl-perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 767...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libio-socket-ssl-perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Nov 2014 23:39:14 +0100 Source: libio-socket-ssl-perl Binary: libio-socket-ssl-perl Architecture: source all Version: 2.002-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: libio-socket-ssl-perl - Perl module implementing object oriented interface to SSL sockets Closes: 767692 Changes: libio-socket-ssl-perl (2.002-2) unstable; urgency=medium . * Add 0001-use-only-ICANN-part-in-public-suffix-list.patch. Fixes "Don't use public suffix list to restrict wildcard certificates." Thanks to Stefano Rivera (Closes: #767692) Checksums-Sha1: a9b1e79139ba8992b9edbfaf4edde7a30b37ca33 2604 libio-socket-ssl-perl_2.002-2.dsc 79d2e94930881ac4eeab9f3cf7943c1224e26b48 9220 libio-socket-ssl-perl_2.002-2.debian.tar.xz f8465ec656756743ef62354b764f4fce451c736d 171954 libio-socket-ssl-perl_2.002-2_all.deb Checksums-Sha256: c83926f964a24bebb754d14bb29fd5d90dc75926f97637fd3d845c740249e623 2604 libio-socket-ssl-perl_2.002-2.dsc 5409dbc2ad0f68a7c5053dcdbf4ec106094b974877ab6bb133ae83d38cd13cf7 9220 libio-socket-ssl-perl_2.002-2.debian.tar.xz 50dd16442bcb673304231163a7d90b2fad94e6684a83b98eaa3fdc3e5c0b9202 171954 libio-socket-ssl-perl_2.002-2_all.deb Files: 89354c3828c564bb8a59cc5da512c489 2604 perl optional libio-socket-ssl-perl_2.002-2.dsc 4fe5cb2c785e3c2a2c1b9a07205b1946 9220 perl optional libio-socket-ssl-perl_2.002-2.debian.tar.xz 8bf85c3dbec5561137e7a875ed180097 171954 perl optional libio-socket-ssl-perl_2.002-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUVWLbAAoJEAVMuPMTQ89E2MAP+QGyVUUbc5qPBIjHdeXR+Q1j 57oQPAm3lPpOEVGXrUDfbBQP/0VfWx8WvRHD0o4FOMVYpSGdLbH1X+VXKjHNyCF9 7mUxaHy+JL8PlBUcGUzmBPtOwvzR0Cz3zTKkG9tc0WXFrKV/L48U5thkyY8BD+q2 TtOA9XjbvrYCyfGjcngkaSL+dv3NCPuyORr/P6jF1JwzNWOCPb+0Tpu3xOMfhZRz BdJfpOcQvGRDqHomb0wpUQzULfK4JPHSbl4U7k2AtzIywlZzvycoASzVYabzAxLh 8Mi3PtX2faveQ7ejUV3sNVgv7UMC0StwLKc+2m4vnPr/5Woe8wJV6SlEoPf2K+Y3 WIKvxGICnYgjvZRlb5GswjmhrlGMNhDeSzOrCx8Tg40+szuFK0NrvtsJrMhadVf/ UsUW1MiZ8dxbp73pEvhi1naPtsXijE/j/ET3UeVWLQYuFDEsrBiHmSGo+1r90+NO QFad8IjtTF/f2IjTGOZubLbO9URMcUaQd+YfGuods6PyAm5rBgYH8p5GtGma6PsG fSG9H1ZFRe3DPC6dJnM7sUWl/pzTtWPh2ePB2J9yLGepHd4wA99+7rTeSWP44yPU SYSGf5wMRy4Rs8v4qLQL6JsvDlo4Muh5qynfYOAxyyD9VODqe9+w8EjQflz8yEj6 0N5D1ArdgOy4LzapmGzj =EbjH -----END PGP SIGNATURE-----
--- End Message ---
