This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, ssivakorn
Date 2017-03-16.08:23:23
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1489652603.51.0.300019540072.issue29824@psf.upfronthosting.co.za>
In-reply-to
Content
I don't see 1) as a problem. You won't be able to resolve these names in DNS, would you?

Regarding 2). Yes, it would be beneficial to have more elaborate checks to protect against wildcard attacks like *.com. However Python is not a browser. It's really hard to do it right and even harder to keep the rule set up to date. Some TLDs like .uk have sublevel namespaces, e.g. co.uk. *.co.uk is also invalid.

The problem is going to shift anyway. For Python 3.7 I'm going to deprecate support for OpenSSL < 1.0.2 and use OpenSSL's hostname verification code instead of ssl.match_hostname().
History
Date User Action Args
2017-03-16 08:23:23christian.heimessetrecipients: + christian.heimes, ssivakorn
2017-03-16 08:23:23christian.heimessetmessageid: <1489652603.51.0.300019540072.issue29824@psf.upfronthosting.co.za>
2017-03-16 08:23:23christian.heimeslinkissue29824 messages
2017-03-16 08:23:23christian.heimescreate