Message 274417 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Alex Warhawk, Mark.Ribau, Ye.Wang, alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou, xiang.zhang
Date	2016-09-05.18:26:27
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1473099987.65.0.740313645076.issue19500@psf.upfronthosting.co.za>
In-reply-to

Content
Note to future me: Don't forget to take care of X.509 client authentication. A server is allowed to bypass client cert validation when a SSL session is resumed. SSLContext.load_cert_chain() should invalidate session caches. (CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html)

Note to future me:
Don't forget to take care of X.509 client authentication. A server is allowed to bypass client cert validation when a SSL session is resumed. SSLContext.load_cert_chain() should invalidate session caches. (CVE-2016-5419 https://curl.haxx.se/docs/adv_20160803A.html)

History
Date	User	Action	Args
2016-09-05 18:26:27	christian.heimes	set	recipients: + christian.heimes, janssen, pitrou, giampaolo.rodola, alex, dstufft, Ye.Wang, Mark.Ribau, xiang.zhang, Alex Warhawk
2016-09-05 18:26:27	christian.heimes	set	messageid: <1473099987.65.0.740313645076.issue19500@psf.upfronthosting.co.za>
2016-09-05 18:26:27	christian.heimes	link	issue19500 messages
2016-09-05 18:26:27	christian.heimes	create