Debian Bug report logs - #401447
lynx doesn't accept wildcard certificates

version graph

Package: lynx; Maintainer for lynx is Atsuhito KOHDA <kohda@debian.org>; Source for lynx is src:lynx-cur.

Reported by: Martin Schulze <joey@infodrom.org>

Date: Sun, 3 Dec 2006 16:48:11 UTC

Severity: important

Tags: patch

Found in version lynx/2.8.5-2sarge2.2

Done: Thomas Dickey <dickey@his.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
New Bug report received and forwarded. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: submit@bugs.debian.org
Subject: lynx doesn't accept wildcard certificates
Date: Sun, 3 Dec 2006 17:18:05 +0100
Package: lynx
Version: 2.8.5-2sarge2.2
Severity: important

According to RFC 2818 Section 3.1 certificates may contain the wildcard
character * which is considered to match any single domain name component
or component fragment. E.g., *.a.com matches foo.a.com but not
bar.foo.a.com. f*.com matches foo.com but not bar.com.

Lynx in its current implementation in Debian sid does not understand this.

Since the misdetection of SSL certificates is of severity important I
assume that this is as well as it renders valid certificates sort of
invalid.

Regards,

	Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #10 received at 401447@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 401447@bugs.debian.org
Subject: Re: Bug#401447: lynx doesn't accept wildcard certificates
Date: Sun, 3 Dec 2006 18:23:59 +0100
[Message part 1 (text/plain, inline)]
Martin Schulze wrote:
> Package: lynx
> Version: 2.8.5-2sarge2.2
> Severity: important
> 
> According to RFC 2818 Section 3.1 certificates may contain the wildcard
> character * which is considered to match any single domain name component
> or component fragment. E.g., *.a.com matches foo.a.com but not
> bar.foo.a.com. f*.com matches foo.com but not bar.com.
> 
> Lynx in its current implementation in Debian sid does not understand this.
> 
> Since the misdetection of SSL certificates is of severity important I
> assume that this is as well as it renders valid certificates sort of
> invalid.

Attached is a patch to fix this.

Regards,

	Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.
[08_wildcard_cert.dpatch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #15 received at 401447@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: 401447@bugs.debian.org
Subject: Re: Bug#401447: lynx doesn't accept wildcard certificates
Date: Sun, 3 Dec 2006 18:41:24 +0100
Martin Schulze wrote:
> > According to RFC 2818 Section 3.1 certificates may contain the wildcard
> > character * which is considered to match any single domain name component
> > or component fragment. E.g., *.a.com matches foo.a.com but not
> > bar.foo.a.com. f*.com matches foo.com but not bar.com.
> > 
> > Lynx in its current implementation in Debian sid does not understand this.
> > 
> > Since the misdetection of SSL certificates is of severity important I
> > assume that this is as well as it renders valid certificates sort of
> > invalid.
> 
> Attached is a patch to fix this.

Here's a package that incorporates this and two other patches for
those who want to use fixed packages:

http://people.debian.org/~joey/NMU/lynx/lynx_2.8.5-2sarge2.2.2.diff.gz
http://people.debian.org/~joey/NMU/lynx/lynx_2.8.5-2sarge2.2.2.dsc
http://people.debian.org/~joey/NMU/lynx/lynx_2.8.5-2sarge2.2.2_i386.changes
http://people.debian.org/~joey/NMU/lynx/lynx_2.8.5-2sarge2.2.2_i386.deb
http://people.debian.org/~joey/NMU/lynx/lynx_2.8.5-2sarge2.2.2_i386.log

Regards,

	Joey

-- 
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.



Tags added: patch Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@radix.net>:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #22 received at 401447@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@radix.net>
To: Martin Schulze <joey@infodrom.org>, 401447@bugs.debian.org
Subject: Re: Bug#401447: lynx doesn't accept wildcard certificates
Date: Sun, 3 Dec 2006 17:20:50 -0500
[Message part 1 (text/plain, inline)]
On Sun, Dec 03, 2006 at 06:40:08PM +0100, Martin Schulze wrote:
> Martin Schulze wrote:
> > Package: lynx
> > Version: 2.8.5-2sarge2.2

btw, lynx-cur contains something analogous.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #27 received at 401447@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Thomas Dickey <dickey@radix.net>
Cc: 401447@bugs.debian.org
Subject: Re: Bug#401447: lynx doesn't accept wildcard certificates
Date: Mon, 4 Dec 2006 08:38:17 +0100
Thomas Dickey wrote:
> On Sun, Dec 03, 2006 at 06:40:08PM +0100, Martin Schulze wrote:
> > Martin Schulze wrote:
> > > Package: lynx
> > > Version: 2.8.5-2sarge2.2
> 
> btw, lynx-cur contains something analogous.

You mean, lynx-cur has this fixed?  Or that it suffers from the
same problem?

Regards,

	Joey

-- 
Those who don't understand Unix are condemned to reinvent it, poorly.

Please always Cc to me when replying to me on the lists.



Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Thomas Dickey <dickey@radix.net>:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>. Full text and rfc822 format available.

Message #32 received at 401447@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@radix.net>
To: Martin Schulze <joey@infodrom.org>
Cc: Thomas Dickey <dickey@radix.net>, 401447@bugs.debian.org
Subject: Re: Bug#401447: lynx doesn't accept wildcard certificates
Date: Mon, 4 Dec 2006 06:08:50 -0500
[Message part 1 (text/plain, inline)]
On Mon, Dec 04, 2006 at 08:38:17AM +0100, Martin Schulze wrote:
> Thomas Dickey wrote:
> > On Sun, Dec 03, 2006 at 06:40:08PM +0100, Martin Schulze wrote:
> > > Martin Schulze wrote:
> > > > Package: lynx
> > > > Version: 2.8.5-2sarge2.2
> > 
> > btw, lynx-cur contains something analogous.
> 
> You mean, lynx-cur has this fixed?  Or that it suffers from the
> same problem?

It has some code (two variants - GNUTLS and OpenSSL - from two other people)
which does the same thing.

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Andreas Metzler <ametzler@downhill.at.eu.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. Full text and rfc822 format available.

Message #37 received at 401447@bugs.debian.org (full text, mbox):

From: Andreas Metzler <ametzler@downhill.at.eu.org>
To: 401447@bugs.debian.org
Cc: Martin Schulze <joey@infodrom.org>
Subject: Re: lynx doesn't accept wildcard certificates
Date: Sat, 19 Jul 2008 08:21:15 +0200
This is supposed to be fixed in 2.8.7dev9-1.2 (lynx-cur codebase).
Since I do not know a site using a wildcard certificate, I cannot
verify this.
cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#401447; Package lynx. Full text and rfc822 format available.

Acknowledgement sent to Joey Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. Full text and rfc822 format available.

Message #42 received at 401447@bugs.debian.org (full text, mbox):

From: Joey Schulze <joey@infodrom.org>
To: Andreas Metzler <ametzler@downhill.at.eu.org>
Cc: 401447@bugs.debian.org
Subject: Re: lynx doesn't accept wildcard certificates
Date: Sat, 19 Jul 2008 08:48:22 +0200
Andreas Metzler wrote:
> This is supposed to be fixed in 2.8.7dev9-1.2 (lynx-cur codebase).
> Since I do not know a site using a wildcard certificate, I cannot
> verify this.

Good to know!  Thanks.

Regards,

	Joey

-- 
MIME - broken solution for a broken design.  -- Ralf Baechle

Please always Cc to me when replying to me on the lists.




Reply sent to dickey@his.com:
You have taken responsibility. (Sat, 29 Aug 2009 14:36:12 GMT) Full text and rfc822 format available.

Notification sent to Martin Schulze <joey@infodrom.org>:
Bug acknowledged by developer. (Sat, 29 Aug 2009 14:36:12 GMT) Full text and rfc822 format available.

Message #47 received at 401447-done@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 401447-done@bugs.debian.org
Subject: re: #401447 lynx doesn't accept wildcard certificates
Date: Sat, 29 Aug 2009 10:34:46 -0400
[Message part 1 (text/plain, inline)]
-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 27 Sep 2009 07:32:45 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 21:05:48 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.