Bug#767692: libio-socket-ssl-perl: Uses public suffix list to restrict wildcard certificates
Stefano Rivera
stefanor at debian.org
Sat Nov 1 21:55:34 UTC 2014
Control: severity -1 serious
Control: tags -1 patch
> I don't believe that this is a correct use of the PSL. The PSL lists
> domains that users can register/receive subdomains of, but this doesn't
> mean that the users control the DNS/hosting of these subdomains.
Aha. Upstream recently came to the same decision, and applied this patch
https://github.com/noxxi/p5-io-socket-ssl/commit/1f9482771fd8d71083a2e388634b3787bd9fe147
Raising the severity of the bug to RC, as that's how I intended to
submit it.
SR
--
Stefano Rivera
http://tumbleweed.org.za/
+1 415 683 3272
More information about the pkg-perl-maintainers
mailing list