This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients naif, pitrou
Date 2011-12-22.22:45:29
SpamBayes Score 2.637795e-06
Marked as misclassified No
Message-id <1324593933.28.0.35578581684.issue13647@psf.upfronthosting.co.za>
In-reply-to
Content 
> There is a new "match_hostname" that doesn't implement all the 
> required, standard SSL/TLS Client security checks that should be done.

Indeed, as the name indicates, it just checks the hostname.
Please detail what the other security checks are (bonus points if you provide a patch + tests).

> It has been noticed by the well known security researcher Dan Kaminsky

What's the URL for this?

> A) Integrate the Mozilla CA pack into Python, updating it with each
> security release.

I suggest you discuss this on python-dev:
http://mail.python.org/mailman/listinfo/python-dev
History
Date User Action Args
2011-12-22 22:45:33pitrousetrecipients: + pitrou, naif
2011-12-22 22:45:33pitrousetmessageid: <1324593933.28.0.35578581684.issue13647@psf.upfronthosting.co.za>
2011-12-22 22:45:29pitroulinkissue13647 messages
2011-12-22 22:45:29pitroucreate