vincenthz
commented
9 years ago Sorry I'm a bit slow, but that looks good. Can you remove the cabal versioning update though, as it doesn't play nice with how I sign and release package to hackage
Closed pbrisbin closed 9 years ago
vincenthz
commented
9 years ago Sorry I'm a bit slow, but that looks good. Can you remove the cabal versioning update though, as it doesn't play nice with how I sign and release package to hackage
pbrisbin
commented
9 years ago Absolutely, will do soon.
pbrisbin
commented
9 years ago All set
vincenthz
commented
9 years ago excellent ! very fast too ;)
vincenthz
commented
9 years ago will try to make a release sometimes tomorrow. don't hesitate to prod me if it doesn't appear on hackage
pbrisbin
commented
9 years ago That'd be awesome. Thanks!
pbrisbin
commented
9 years ago Hi. It doesn't look like this has been released yet.
vincenthz
commented
9 years ago sorry about this, has been released as x509-validation-1.5.2
This reverses the logic to check SAN values if present. Previously, CN was checked first and caused a NoCommonName failure immediately when not present.
As per RFC 6125, the validator must check SAN first, and if SAN exists, then CN should not be checked.
See #47 -- this gets things working in that case. I don't have much crypto experience, so I very much could've overlooked something. I open this PR to start the discussion, not as a proposal of what I'm sure is the right fix.
I've bumped the version so I can reference it in my own cabal file -- let me know if I should revert that, or bump it to something else.