Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1

To: 795892@bugs.debian.org
Subject: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
From: Stefan Fritsch <sf@sfritsch.de>
Date: Fri, 21 Aug 2015 20:25:26 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1508212020060.13153@eru.sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 795892@bugs.debian.org
In-reply-to: <[🔎] 1440168404.13537.13.camel@adam-barratt.org.uk>
References: <[🔎] E1ZROst-0004oV-74@eru.sfritsch.de> <[🔎] 1440168404.13537.13.camel@adam-barratt.org.uk>

On Fri, 21 Aug 2015, Adam D. Barratt wrote:
> On Sun, 2015-08-16 at 13:43 +0200, Stefan Fritsch wrote:
> > Please review ssl-cert_1.0.32+deb7u1 for inclusion in oldstable. The
> > main change is switching from sha1 to sha256 for new certificates
> > because browsers start marking sha1 as insecure.
> 
> I'm assuming that tools in wheezy either cope with SHA256 or have
> corresponding bugs about fixing that.

Yes. The well-known crypto libs are fine. According to some web sites, 
only ancient stuff like openssl < 0.9.8o, windows XP, and java < 1.4.2 
don't support sha256 in certs. [1]

> #773815 should get a fixed version, rather than being tagged squeeze
> +wheezy with version tracking that claims it affects unstable.

done and uploaded



[1] 
https://support.globalsign.com/customer/portal/articles/1499561-sha-256-compatibility

Reply to:

Follow-Ups:
- Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
  - From: Stefan Fritsch <sf@sfritsch.de>
- Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#765639: wheezy-pu: openssl new upstream version
Next by Date: Processed: reassign 791067 to src:hdf5
Previous by thread: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
Next by thread: Bug#795892: wheezy-pu: package ssl-cert/1.0.32+deb7u1
Index(es):
- Date
- Thread