[Haskell-cafe] Taking the TLS package for a spin ... and failing

Florian Weimer fw at deneb.enyo.de
Tue Dec 14 22:24:29 CET 2010


* Mads Lindstrøm:

> I got it to work :) But there seems to be some bugs in the Haskell
> server certificate handling. It seems that TLS do not transfer the ST
> (state, as in California) parameter in the X509 subject field. It also
> seems that the Haskell server do not send the email-address.

And in reality, DER encoding isn't reversible, so you better serve the
exact certificate blob which was passed to the server.  Decoding and
reencoding does not work reliably because sometimes, a non-DER version
of the certificate has been signed.



More information about the Haskell-Cafe mailing list