This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: ssl module falls over with internationalized domain names
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.6
Status: open Resolution: duplicate
Dependencies: Superseder: SSL match_hostname fails for internationalized domain names
View: 28414
Assigned To: christian.heimes Nosy List: christian.heimes, mcasadevall
Priority: normal Keywords:

Created on 2018-11-13 16:06 by mcasadevall, last changed 2022-04-11 14:59 by admin.

File name Uploaded Description Edit mcasadevall, 2018-11-13 16:06
Messages (2)
msg329852 - (view) Author: Michael Casadevall (mcasadevall) Date: 2018-11-13 16:06
Test case attached.

In Python 3.6, ssl tries to validate the hostname on its own, but fails to convert the SSL certificates hostname from IDNA back to UTF-8 and mismatches. Python 3.7 and master are unaffected since this got fixed by accident when validation was changed to depend on OpenSSL alone and not do it in python though the underlying match_hostname function is still bugged.
msg329853 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-11-13 16:24
This is a duplicate of #28414. I decided to not fix Python 3.6 because I had to break an existing API to fix the problem.

And no, it didn't get fixed by accident. Nathaniel and I poured a lot of time and effort into untangling this mess. The fix is unrelated to the new verification code.
Date User Action Args
2022-04-11 14:59:08adminsetstatus: pending -> open
github: 79415
2018-11-13 16:24:39christian.heimessetstatus: open -> pending
superseder: SSL match_hostname fails for internationalized domain names
messages: + msg329853

resolution: duplicate
stage: resolved
2018-11-13 16:06:02mcasadevallcreate