Message117641
> > Correct me if I'm wrong, but the "well-maintained pyOpenSSL
> > package" doesn't have the missing functionality (hostname
> > checking in server certificates), either.
>
> I'm pretty sure it's just a wrapper around the openssl library, which
> does not include it. That was Bill Janssen's argument for why the ssl
> module shouldn't do that verification. Well, that and the fact that
> there's no finalized standard for it yet. I believe this is the latest
> draft:
> http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09
Well, to be clear, it shouldn't be done *automatically*. But providing a
helper function that implements the feature and lets higher layers like
http.client and urllib.request call it if desired would be more than
reasonable.
(openssl may not provide such a function, but gnutls does, by the way) |
|
Date |
User |
Action |
Args |
2010-09-29 18:46:28 | pitrou | set | recipients:
+ pitrou, zooko, janssen, orsenthil, giampaolo.rodola, vila, heikki, ahasenack, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker |
2010-09-29 18:46:26 | pitrou | link | issue1589 messages |
2010-09-29 18:46:26 | pitrou | create | |
|