➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-04-16 18:26 by bli2020, last changed 2022-04-11 14:59 by admin.
| Messages (4) | |||
|---|---|---|---|
| msg366620 - (view) | Author: (bli2020) | Date: 2020-04-16 18:26 | |
Issue31997 I know this issue was previously closed https://bugs.python.org/issue31997 because "it works as expected and should be handled in the application layer". But, could the team add a flag in SSLContext which will handle the trailing dot hostname appropriately (for the hostname check, since openssl does not support trailing dots in the hostname). Previously in 2.7 and 3.6/before I was able to override ssl.match_hostname to add some extra checks, but now I am unable to do so because openssl is used instead. This extra flag/implementation would help solve this problem. |
|||
| msg366621 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2020-04-16 18:37 | |
I prefer not to interfere with hostname matching. Could you please open a feature request with OpenSSL and request a verification flag to ignore trailing dot? I'm happy to expose the feature if OpenSSL implements it. |
|||
| msg366622 - (view) | Author: (bli2020) | Date: 2020-04-16 18:38 | |
sure, that sounds reasonable. I will open up a feature request with OpenSSL |
|||
| msg391474 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2021-04-20 20:20 | |
OpenSSL feature request: https://github.com/openssl/openssl/issues/11560 |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:29 | admin | set | github: 84486 |
| 2021-04-20 20:20:30 | christian.heimes | set | messages:
+ msg391474 versions: + Python 3.10, - Python 3.7 |
| 2020-04-16 18:38:35 | bli2020 | set | messages: + msg366622 |
| 2020-04-16 18:37:30 | christian.heimes | set | messages: + msg366621 |
| 2020-04-16 18:26:55 | bli2020 | create | |