Closed pbrisbin closed 9 years ago
Sorry I'm a bit slow, but that looks good. Can you remove the cabal versioning update though, as it doesn't play nice with how I sign and release package to hackage
Absolutely, will do soon.
All set
excellent ! very fast too ;)
will try to make a release sometimes tomorrow. don't hesitate to prod me if it doesn't appear on hackage
That'd be awesome. Thanks!
Hi. It doesn't look like this has been released yet.
sorry about this, has been released as x509-validation-1.5.2
This reverses the logic to check SAN values if present. Previously, CN was checked first and caused a NoCommonName failure immediately when not present.
As per RFC 6125, the validator must check SAN first, and if SAN exists, then CN should not be checked.
See #47 -- this gets things working in that case. I don't have much crypto experience, so I very much could've overlooked something. I open this PR to start the discussion, not as a proposal of what I'm sure is the right fix.
I've bumped the version so I can reference it in my own cabal file -- let me know if I should revert that, or bump it to something else.