Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support RFC4985 SRVName in SAN name #72378

Closed
tiran opened this issue Sep 17, 2016 · 3 comments
Closed

Support RFC4985 SRVName in SAN name #72378

tiran opened this issue Sep 17, 2016 · 3 comments
Assignees
@tiran
Labels
3.7 (EOL) end of life topic-SSL type-security A security issue

Comments

@tiran
Copy link
Member

tiran commented Sep 17, 2016

BPO 28191
Nosy @tiran
Files
  • Add-RFC4985-SRVName-to-SAN.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2017-09-06.17:26:48.304>
created_at = <Date 2016-09-17.18:15:02.146>
labels = ['type-security', 'expert-SSL', '3.7']
title = 'Support RFC4985 SRVName in SAN name'
updated_at = <Date 2017-09-06.19:26:32.543>
user = 'https://github.com/tiran'

    bugs.python.org fields:

    activity = <Date 2017-09-06.19:26:32.543>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2017-09-06.17:26:48.304>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2016-09-17.18:15:02.146>
creator = 'christian.heimes'
dependencies = []
files = ['44722']
hgrepos = []
issue_num = 28191
keywords = ['patch']
message_count = 3.0
messages = ['276810', '301490', '301500']
nosy_count = 1.0
nosy_names = ['christian.heimes']
pr_nums = []
priority = 'normal'
resolution = 'postponed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue28191'
versions = ['Python 3.6', 'Python 3.7']
    @tiran
    Copy link
    Member Author

    tiran commented Sep 17, 2016

    The standard subject alternative DNS name contains only a relationship between a cert and a host name. A host may have multiple services like HTTPS web server, IMAP server, mail servers etc. https://tools.ietf.org/html/rfc4985 defines a mechanism to define a relationship between a X.509 cert, a DNS name and a service, e.g. _https.www.example.org for service https on www.example.org.

    OpenSSL is not yet able to convert a RFC4985 SRVName to a string. I have a patch, https://github.com/tiran/cpython/commits/feature/ssl_srvname

    @tiran tiran added the 3.7 (EOL) end of life label Sep 17, 2016
    @tiran tiran self-assigned this Sep 17, 2016
    @tiran tiran added topic-SSL type-security A security issue labels Sep 17, 2016
    @tiran
    Copy link
    Member Author

    tiran commented Sep 6, 2017

    In the future, hostname matching will be handled by OpenSSL. Let's not over-complicate our implementation.

    @tiran tiran closed this as completed Sep 6, 2017
    @tiran
    Copy link
    Member Author

    tiran commented Sep 6, 2017

    FYI, I opened an upstream PR in OpenSSL to add SRVName: openssl/openssl#4342

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.7 (EOL) end of life topic-SSL type-security A security issue
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @tiran