[Haskell-cafe] [ANN] tls-extra 0.6.1 - security update, please upgrade.

Vincent Hanquez tab at snarc.org
Tue Jan 22 08:08:19 CET 2013


On Sun, Jan 20, 2013 at 08:27:07PM +0100, Alexander Kjeldaas wrote:
> Regarding testing, it looks like the Tests directory hasn't been updated to
> cover this bug.  What would really give confidence is a set of tests
> encoding fixed security vulnerabilities in OpenSSL (and similar libraries).
>  That should also give you a lot of confidence in your library.
> 
> But anyways, this is fantastic work you're doing.  Keep it up!

Thanks,

Regarding tests, a good test suite is a hard and long job.

Some security properties are just insanely hard to codify, and
some others need a lots of tests.

My time being very limited, it's hard to pull off, but i have plan to
add some tests for the certificate validation functions. Specially
since i want to harden some functions a bit more, and it will come handy
to verify i'm not breaking anything :-)

-- 
Vincent



More information about the Haskell-Cafe mailing list