update hoauth

[jgoerzen]

Rudiger, Daiki, Aditya, and John:

I know you aren't all choosing to use SSL, but I think you're all
using hoauth in packages on Hackage:
http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverse

You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.

Anyways, cheers, and happy coding!

KevinRudiger, Daiki, Aditya, and John:

I know you aren't all choosing to use SSL, but I think you're all
using hoauth in packages on Hackage:
http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverse

You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.

Anyways, cheers, and happy coding!

Kevin

Kevin Cantu

Kevin Cantu
805-669-8778