Message 196823 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	a.badger
Recipients	Arfrever, Ben.Darnell, a.badger, barry, christian.heimes, loewis, pitrou, t-8ch
Date	2013-09-03.03:59:23
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1378180764.48.0.487437798903.issue17997@psf.upfronthosting.co.za>
In-reply-to

Content
So, is this a security issue? I've been wondering if I should apply the attached patch to the backports-ssl_match_hostname module on pypi. I was hoping there'd be some information here as to whether this will be going into the stdlib in the future. Thus far, ssl_match_hostname has just been a backport of the match_hostname function but if this is a security problem, I could press for us to diverge from the python3 stdlib. It would be easier to make the case if this is seen as a critical problem that will need to be fixed even if the current patch might not be the eventual fix.

So, is this a security issue?  I've been wondering if I should apply the attached patch to the backports-ssl_match_hostname module on pypi.  I was hoping there'd be some information here as to whether this will be going into the stdlib in the future.

Thus far, ssl_match_hostname has just been a backport of the match_hostname function but if this is a security problem, I could press for us to diverge from the python3 stdlib.  It would be easier to make the case if this is seen as a critical problem that will need to be fixed even if the current patch might not be the eventual fix.

History
Date	User	Action	Args
2013-09-03 03:59:24	a.badger	set	recipients: + a.badger, loewis, barry, pitrou, christian.heimes, Arfrever, Ben.Darnell, t-8ch
2013-09-03 03:59:24	a.badger	set	messageid: <1378180764.48.0.487437798903.issue17997@psf.upfronthosting.co.za>
2013-09-03 03:59:24	a.badger	link	issue17997 messages
2013-09-03 03:59:23	a.badger	create