Wish: Update of libio-socket-ssl-perl to 1.14
Christopher Odenbach
odenbach at uni-paderborn.de
Mon Aug 18 07:03:19 UTC 2008
Hi,
some time ago I discovered some security related problems in Net::SSLeay
and IO::Socket::SSL:
- Net::SSLeay contained a few bugs regarding SubjectAltNames. These bugs
have been cleared out with version 1.35, which is already available in
Testing. Thanks for that.
- Users of IO::Socket::SSL were not able to verify the hostname of the
presented certificate. The version 1.14 now contains some new routines
to do this, it also deals with internationalized domain names (IDN) and
different verification schemes. Unfortunately this new version is not
yet available in Debian.
Without the new version of IO::Socket::SSL other Perl modules like
Net::LDAP cannot verify the hostname and therefore cannot guarantee that
the server connection is valid.
Thanks,
Christopher
--
======================================================
Dipl.-Ing. Christopher Odenbach
Zentrum fuer Informations- und Medientechnologien
Universitaet Paderborn
Raum N5.122
odenbach at uni-paderborn.de
Tel.: +49 5251 60 5315
======================================================
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20080818/57ec04bd/attachment.pgp
More information about the pkg-perl-maintainers
mailing list