Message289709
I don't see 1) as a problem. You won't be able to resolve these names in DNS, would you?
Regarding 2). Yes, it would be beneficial to have more elaborate checks to protect against wildcard attacks like *.com. However Python is not a browser. It's really hard to do it right and even harder to keep the rule set up to date. Some TLDs like .uk have sublevel namespaces, e.g. co.uk. *.co.uk is also invalid.
The problem is going to shift anyway. For Python 3.7 I'm going to deprecate support for OpenSSL < 1.0.2 and use OpenSSL's hostname verification code instead of ssl.match_hostname(). |
|
Date |
User |
Action |
Args |
2017-03-16 08:23:23 | christian.heimes | set | recipients:
+ christian.heimes, ssivakorn |
2017-03-16 08:23:23 | christian.heimes | set | messageid: <1489652603.51.0.300019540072.issue29824@psf.upfronthosting.co.za> |
2017-03-16 08:23:23 | christian.heimes | link | issue29824 messages |
2017-03-16 08:23:23 | christian.heimes | create | |
|