➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2016-09-17 18:15 by christian.heimes, last changed 2022-04-11 14:58 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| Add-RFC4985-SRVName-to-SAN.patch | christian.heimes, 2016-09-17 20:55 | review | ||
| Messages (3) | |||
|---|---|---|---|
| msg276810 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2016-09-17 18:15 | |
The standard subject alternative DNS name contains only a relationship between a cert and a host name. A host may have multiple services like HTTPS web server, IMAP server, mail servers etc. https://tools.ietf.org/html/rfc4985 defines a mechanism to define a relationship between a X.509 cert, a DNS name and a service, e.g. _https.www.example.org for service https on www.example.org. OpenSSL is not yet able to convert a RFC4985 SRVName to a string. I have a patch, https://github.com/tiran/cpython/commits/feature/ssl_srvname |
|||
| msg301490 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2017-09-06 17:26 | |
In the future, hostname matching will be handled by OpenSSL. Let's not over-complicate our implementation. |
|||
| msg301500 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2017-09-06 19:26 | |
FYI, I opened an upstream PR in OpenSSL to add SRVName: https://github.com/openssl/openssl/pull/4342 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:37 | admin | set | github: 72378 |
| 2017-09-06 19:26:32 | christian.heimes | set | messages: + msg301500 |
| 2017-09-06 17:26:48 | christian.heimes | set | status: open -> closed resolution: postponed messages: + msg301490 stage: patch review -> resolved |
| 2016-09-18 11:13:07 | christian.heimes | link | issue28196 dependencies |
| 2016-09-17 20:55:41 | christian.heimes | set | files:
+ Add-RFC4985-SRVName-to-SAN.patch keywords: + patch |
| 2016-09-17 18:15:02 | christian.heimes | create | |