Message 117639 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	devin
Recipients	Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, orsenthil, pitrou, vila, zooko
Date	2010-09-29.18:42:53
SpamBayes Score	8.0660375e-06
Marked as misclassified	No
Message-id	<1285785775.01.0.823911189888.issue1589@psf.upfronthosting.co.za>
In-reply-to

Content
> Correct me if I'm wrong, but the "well-maintained pyOpenSSL > package" doesn't have the missing functionality (hostname > checking in server certificates), either. I'm pretty sure it's just a wrapper around the openssl library, which does not include it. That was Bill Janssen's argument for why the ssl module shouldn't do that verification. Well, that and the fact that there's no finalized standard for it yet. I believe this is the latest draft: http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09

> Correct me if I'm wrong, but the "well-maintained pyOpenSSL
> package" doesn't have the missing functionality (hostname
> checking in server certificates), either.

I'm pretty sure it's just a wrapper around the openssl library, which does not include it. That was Bill Janssen's argument for why the ssl module shouldn't do that verification. Well, that and the fact that there's no finalized standard for it yet. I believe this is the latest draft:
http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09

History
Date	User	Action	Args
2010-09-29 18:42:55	devin	set	recipients: + devin, zooko, janssen, orsenthil, pitrou, giampaolo.rodola, vila, heikki, ahasenack, debatem1, jsamuel, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-09-29 18:42:55	devin	set	messageid: <1285785775.01.0.823911189888.issue1589@psf.upfronthosting.co.za>
2010-09-29 18:42:53	devin	link	issue1589 messages
2010-09-29 18:42:53	devin	create