Your message dated Fri, 12 Jul 2019 11:50:34 +0000
with message-id <[email protected]>
and subject line Bug#897042: fixed in pound 2.8-2
has caused the Debian Bug report #897042,
regarding pound: Enable sending the certificate in a single header line
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
897042: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897042
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pound
Version: 2.7-1.3
When pound listens on an https connection it will forward client certificate in
the X-SSL-certificate header. By default it will transfer the certificate in
multiple lines as was allowed historically in http.
RFC7230 deprecates this behaviour and more and more http servers reject
requests with such headers and return a 400 Bad Request error message.
As discussed in the pound mailing list
(http://www.apsis.ch/pound/pound_list/archive/2018/2018-04/1524178583000#1524337674000)
pound is capable to send the X-SSL-certificate in a single line and thus
conform to the RFC by compiling it using the --enable-cert1l option on
configure. But one must specify this option, it is not the default.
To conform to RFC7230 the pound package should be rebuilt using the
—enable-cert1l option when doing the configure step.
Thank you very much,
claudio
--
Claudio Nieder, Ruhestrasse 7, CH-8045 Zürich, Tel +4179 357 6743,
www.claudio.ch
--- End Message ---
--- Begin Message ---
Source: pound
Source-Version: 2.8-2
We believe that the bug you reported is fixed in the latest version of
pound, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carsten Leonhardt <[email protected]> (supplier of updated pound package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Jul 2019 00:13:59 +0200
Source: pound
Architecture: source
Version: 2.8-2
Distribution: unstable
Urgency: low
Maintainer: Carsten Leonhardt <[email protected]>
Changed-By: Carsten Leonhardt <[email protected]>
Closes: 697064 859557 888786 897042
Changes:
pound (2.8-2) unstable; urgency=low
.
* Upstream fixed CVE-2016-10711 in version 2.8a (Closes: #888786).
* Instead of following Rick O'Sullivan's fork, keep changes to a
minimum.
* Support for OpenSSL 1.1 from Sergey Poznyakoff (Closes: #859557).
* Version 2.8 made single line headers the default (Closes: #897042).
* Update to standards version 4.4.0.
* Update FAQ about virtual hosting with HTTPS (Closes: #697064).
* Fix wrong use of fallback SCSV. Thanks to Frank Schmirler.
Checksums-Sha1:
7cdddaa5586ee23ae67d9dd8f1552cc245d2c65a 1934 pound_2.8-2.dsc
22eeec67a3fd0f4c4d532a6ce752d39b7da76286 14040 pound_2.8-2.debian.tar.xz
Checksums-Sha256:
d2301ac9d542c28a266e4ae44c366b8875e87445b2e901a4e7478413e417b088 1934
pound_2.8-2.dsc
d03ea5136b42bc9af305df8c167bf0a9cf9be74b95929f5329495424118bf912 14040
pound_2.8-2.debian.tar.xz
Files:
f96fd59c10221c289a3c336474fee293 1934 net optional pound_2.8-2.dsc
9bd6834af798a921d7dcdde5720860c0 14040 net optional pound_2.8-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEETxO/995XSygF6EUmKrIctfbulV4FAl0ochwPHGxlb0BkZWJp
YW4ub3JnAAoJECqyHLX27pVeF3MQAJDDbZnyRCld4xfb4+QBk5/+D52E8Zpw/ks2
78F6VRA/JRLAWHhR/UtYgV0074kp7Uv7DtJIAWojE0Q48cuE4fV9yQy8gsT4pUtF
sLp/21e7MNddh3zeg+cpznpZcaq81FxusrVWcs6Jurdyxjb9jAG/65z2URDL7Rmr
lmJLZBJmYHQn0EOsh8jXvqaNp7rsptQro3+neK1rqJF6Rjs6rongsc7SVqF7Ru1r
hjF4G4gAJeeWJzha4OOgm1b3e0Dxx5uIFdl0cMI7SAfKLvpR3O8xdyRZplsKvK6K
ncR1buDwn2ZmHDajLZSBJhnq0KdDJSkS/nu26KVbRIL7j7oftP+vySaAf+C3bigK
m2k8WSu3+3SKFEZSBWrY3lXyiPBgi0AqcIdq+H0O6ktqSxy7YmcIZSuNeduxqnAK
/IUeGgLx5fe0mq+LKmrNk72ohQ+WXGxx7y9XFoYIix4/qK+XDft6ghBdtjKSIhHD
PyvL/oXbYdUuy2ZNtZSA9z9oMejHZ3kdmHw/IdCjklkQHY/ycDelMBXm0gXl11LS
0h9gk7KEaGAmM7x7bLoAc5QqTdbueHZwnHLOXavCiYksi+Ao1Bw1LxaJvTA8BaCN
45kLg+nBviKKxyYgqfnVHFp/6QgKtrgyMBtorntOxAAMHA87D2jq38NsSdirXTil
yZfKTnR9
=77u8
-----END PGP SIGNATURE-----
--- End Message ---
