classification
Title: ssl module falls over with internationalized domain names
Type: behavior Stage: resolved
Components: SSL Versions: Python 3.6
process
Status: pending Resolution: duplicate
Dependencies: Superseder: SSL match_hostname fails for internationalized domain names
View: 28414
Assigned To: christian.heimes Nosy List: christian.heimes, mcasadevall
Priority: normal Keywords:

Created on 2018-11-13 16:06 by mcasadevall, last changed 2018-11-13 16:24 by christian.heimes.

Files
File name Uploaded Description Edit
ssl_test.py mcasadevall, 2018-11-13 16:06
Messages (2)
msg329852 - (view) Author: Michael Casadevall (mcasadevall) Date: 2018-11-13 16:06
Test case attached.

In Python 3.6, ssl tries to validate the hostname on its own, but fails to convert the SSL certificates hostname from IDNA back to UTF-8 and mismatches. Python 3.7 and master are unaffected since this got fixed by accident when validation was changed to depend on OpenSSL alone and not do it in python though the underlying match_hostname function is still bugged.
msg329853 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2018-11-13 16:24
This is a duplicate of #28414. I decided to not fix Python 3.6 because I had to break an existing API to fix the problem.

And no, it didn't get fixed by accident. Nathaniel and I poured a lot of time and effort into untangling this mess. The fix is unrelated to the new verification code.
History
Date User Action Args
2018-11-13 16:24:39christian.heimessetstatus: open -> pending
superseder: SSL match_hostname fails for internationalized domain names
messages: + msg329853

resolution: duplicate
stage: resolved
2018-11-13 16:06:02mcasadevallcreate