This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author kiilerix
Recipients Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, kiilerix, orsenthil, pitrou, vila, zooko
Date 2010-10-06.21:45:57
SpamBayes Score 4.905339e-06
Marked as misclassified No
Message-id <4CACEE0E.8080101@kiilerich.com>
In-reply-to <1286392173.3133.17.camel@localhost.localdomain>
Content 
> Indeed. But, strictly speaking, there are no tests for IPs, so it
> shouldn't be taken for granted that it works, even for commonName.
> The rationale is that there isn't really any point in using an IP rather
> a host name.

I don't know if there is a point or not, but some hosts are for some 
reason intended to be connected to using IP address and their 
certificates thus contains IP addresses. I think we should support that 
too, and I find it a bit confusing to only have partial support for 
subjectAltName.

> Well, that's additional logic to code. I'm not sure it's worth it,
> especially given that the function is called match_hostname in the first
> place.

"hostname" in Python usually refers to both IP addresses and DNS 
hostnames (just like in URLs), so I think it is a fair assumption that 
IP addresses also works in this hostname function.

Perhaps it should be noted that CertificateError only is raised by 
match_hostname so a paranoid programmer don't start catching it 
everywhere - and also that match_hostname won't raise SSLError.
History
Date User Action Args
2010-10-06 21:46:02kiilerixsetrecipients: + kiilerix, zooko, janssen, orsenthil, pitrou, giampaolo.rodola, vila, heikki, ahasenack, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-10-06 21:46:01kiilerixlinkissue1589 messages
2010-10-06 21:45:57kiilerixcreate