--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi release team,
Please unblock package ssl-cert
At least the current version of chrome does not accept the default
certificates generated by ssl-cert 1.0.38 anymore, because they don't
contain the host name as SubjectAltName. Therefore it makes sense to
have the new version of ssl-cert in stretch.
Debdiff is attached.
unblock ssl-cert/1.0.39
Cheers,
Stefan
diff -Nru ssl-cert-1.0.38/debian/changelog ssl-cert-1.0.39/debian/changelog
--- ssl-cert-1.0.38/debian/changelog 2016-05-29 13:44:46.000000000 +0200
+++ ssl-cert-1.0.39/debian/changelog 2017-04-28 21:58:22.000000000 +0200
@@ -1,3 +1,12 @@
+ssl-cert (1.0.39) unstable; urgency=medium
+
+ * Always put the common name also in the SubjectAltName. This is required
+ to make newer web browsers happy. Closes: #861185
+ The wording in the debconf questions will be adjusted later, to avoid
+ having to fix so many translation shortly before the release.
+
+ -- Stefan Fritsch <sf@debian.org> Fri, 28 Apr 2017 21:58:22 +0200
+
ssl-cert (1.0.38) unstable; urgency=medium
* Update Turkish translation. Thanks to Atila KOÇ. Closes: #807559
diff -Nru ssl-cert-1.0.38/make-ssl-cert ssl-cert-1.0.39/make-ssl-cert
--- ssl-cert-1.0.38/make-ssl-cert 2016-05-29 13:39:30.000000000 +0200
+++ ssl-cert-1.0.39/make-ssl-cert 2017-04-28 21:53:33.000000000 +0200
@@ -32,8 +32,10 @@
db_input high make-ssl-cert/altname || true
db_go
db_get make-ssl-cert/altname
- AltName="$RET"
+ AddAltName="$RET"
db_fset make-ssl-cert/altname seen false
+ SubjectAltName="DNS:$HostName"
+ [ -z "$AddAltName" ] || SubjectAltName="$SubjectAltName,$AddAltName"
}
make_snakeoil() {
@@ -44,15 +46,14 @@
echo make-ssl-cert: 'make-ssl-cert generate-default-snakeoil --force-overwrite'
echo make-ssl-cert: again.
fi
+ SubjectAltName="DNS:$HostName"
if [ ${#HostName} -gt 64 ] ; then
- AltName="DNS:$HostName"
HostName="$(hostname)"
fi
}
create_temporary_cnf() {
- sed -e s#@HostName@#"$HostName"# $template > $TMPFILE
- [ -z "$AltName" ] || echo "subjectAltName=$AltName" >> $TMPFILE
+ sed -e s#@HostName@#"$HostName"# -e s#@SubjectAltName@#"$SubjectAltName"# $template > $TMPFILE
}
# Takes two arguments, the base layout and the output cert.
diff -Nru ssl-cert-1.0.38/ssleay.cnf ssl-cert-1.0.39/ssleay.cnf
--- ssl-cert-1.0.38/ssleay.cnf 2016-05-29 13:39:30.000000000 +0200
+++ ssl-cert-1.0.39/ssleay.cnf 2017-04-28 21:54:35.000000000 +0200
@@ -18,3 +18,4 @@
[ v3_req ]
basicConstraints = CA:FALSE
+subjectAltName = @SubjectAltName@
--- End Message ---