Bug#863796: unblock: e2guardian/3.4.0.3-2
Control: tags -1 moreinfo
Hi,
On Wed, May 31, 2017 at 11:58:16AM +0200, Mike Gabriel wrote:
> Please consider unblocking not-yet-uploaded package e2guardian
>
> Quite recently Google Chrome changed its policy regarding certificate
> requirements. Certs without a subjectAltName field get now rejected.
>
> In the e2guardian content filter system, there is support for filtering
> SSL encrypted http traffic by decrypting, checking its content and then
> re-encrypting SSL-encrypted content. Whereas some consider this as a
> m-i-t-m attack, in some setups this makes good sense (e.g. in school
> networks).
>
> For re-encrypting the content, a self-signed set of certs gets used.
> In previous versions, these certs lack the SAN field. With a patch
> from upstream (that they backported to the 3.4 branch of e2guardian esp.
> for Debian 9), this issue has now been fixed.
>
> See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862855 for details.
>
> unblock e2guardian/3.4.0.3-2
We're quite close to the release date, so I suggest you upload it now, and
remove the moreinfo tag from this bug once it's in unstable. I'll take a
closer look at that point.
Cheers,
Ivo
Reply to: