➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013-11-05 22:47 by christian.heimes, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (3) | |||
|---|---|---|---|
| msg202244 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2013-11-05 22:47 | |
I find it surprising that wrap_socket() doesn't verify the server name with match_hostname() when it is called with a server_name argument. The check should be done by default. I suggest: - add validate_hostname=True flag to wrap_socket() and functions that call wrap_socket() - add SSLSocket.match_hostname(hostname=None) to validate hostname with current cert. hostname shall default to server_hostname |
|||
| msg202255 - (view) | Author: Antoine Pitrou (pitrou) * |
Date: 2013-11-06 08:51 | |
I'm not sure why it's surprising. SNI and certificate validation are two different things. Besides, this is adding a new level of complication to the wrap_socket() signature. |
|||
| msg203149 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2013-11-17 13:49 | |
I'll work on a PEP for 3.5 that will handle this issue. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:53 | admin | set | github: 63706 |
| 2013-11-17 13:49:08 | christian.heimes | set | status: open -> closed versions: + Python 3.5, - Python 3.4 messages: + msg203149 assignee: christian.heimes resolution: later |
| 2013-11-06 08:51:03 | pitrou | set | messages: + msg202255 |
| 2013-11-05 22:47:30 | christian.heimes | create | |