On Sun, 2020-11-15 at 11:29 +0100, Sebastian Andrzej Siewior wrote: > control: retitle -1 buster-pu: package openssl/1.1.1h-1 > > On 2020-05-02 22:34:40 [+0100], Adam D. Barratt wrote: > > > > Do we have any feeling for how widespread such certificates > > > > might be? > > > > The fact that there have been two different upstream reports > > > > isn't particularly comforting. > > > > > > This is correct. I don't know if there is tooling that is > > > generating broken certificates or just some individuals. I > > > updated my two OpenVPN instances and I saw clients connecting > > > again. > > > > Thanks for the information. > > look at that. I deployed it locally and forgot all about it. Now I > was going to open a pu for 1.1.1h and noticed that I didn't finish > this one. > > I hereby propose an update to 1.1.1h.
Predictably we're again quite close to a point release. :-( (One week from freeze, specifically.) Looking at the upstream issues regarding certificate validation changes between 1.1.1e and f/g, #11456 appears to have been addressed already, but #11625 is still open and looks stalled. Have you seen any more reports of that issue? Regards, Adam
