[Haskell-cafe] [ANN] tls-extra 0.6.1 - security update, please upgrade.
tab at snarc.org
Tue Jan 22 08:08:19 CET 2013
On Sun, Jan 20, 2013 at 08:27:07PM +0100, Alexander Kjeldaas wrote:
> Regarding testing, it looks like the Tests directory hasn't been updated to
> cover this bug. What would really give confidence is a set of tests
> encoding fixed security vulnerabilities in OpenSSL (and similar libraries).
> That should also give you a lot of confidence in your library.
> But anyways, this is fantastic work you're doing. Keep it up!
Regarding tests, a good test suite is a hard and long job.
Some security properties are just insanely hard to codify, and
some others need a lots of tests.
My time being very limited, it's hard to pull off, but i have plan to
add some tests for the certificate validation functions. Specially
since i want to harden some functions a bit more, and it will come handy
to verify i'm not breaking anything :-)
More information about the Haskell-Cafe