Author pitrou
Recipients Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, orsenthil, pitrou, vila, zooko
Date 2010-09-29.18:46:26
SpamBayes Score 8.22603e-09
Marked as misclassified No
Message-id <1285785983.3194.15.camel@localhost.localdomain>
In-reply-to <1285785775.01.0.823911189888.issue1589@psf.upfronthosting.co.za>
Content
> > Correct me if I'm wrong, but the "well-maintained pyOpenSSL
> > package" doesn't have the missing functionality (hostname
> > checking in server certificates), either.
> 
> I'm pretty sure it's just a wrapper around the openssl library, which
> does not include it. That was Bill Janssen's argument for why the ssl
> module shouldn't do that verification. Well, that and the fact that
> there's no finalized standard for it yet. I believe this is the latest
> draft:
> http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09

Well, to be clear, it shouldn't be done *automatically*. But providing a
helper function that implements the feature and lets higher layers like
http.client and urllib.request call it if desired would be more than
reasonable.

(openssl may not provide such a function, but gnutls does, by the way)
History
Date User Action Args
2010-09-29 18:46:28pitrousetrecipients: + pitrou, zooko, janssen, orsenthil, giampaolo.rodola, vila, heikki, ahasenack, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-09-29 18:46:26pitroulinkissue1589 messages
2010-09-29 18:46:26pitroucreate