Message118084
> Indeed. But, strictly speaking, there are no tests for IPs, so it
> shouldn't be taken for granted that it works, even for commonName.
> The rationale is that there isn't really any point in using an IP rather
> a host name.
I don't know if there is a point or not, but some hosts are for some
reason intended to be connected to using IP address and their
certificates thus contains IP addresses. I think we should support that
too, and I find it a bit confusing to only have partial support for
subjectAltName.
> Well, that's additional logic to code. I'm not sure it's worth it,
> especially given that the function is called match_hostname in the first
> place.
"hostname" in Python usually refers to both IP addresses and DNS
hostnames (just like in URLs), so I think it is a fair assumption that
IP addresses also works in this hostname function.
Perhaps it should be noted that CertificateError only is raised by
match_hostname so a paranoid programmer don't start catching it
everywhere - and also that match_hostname won't raise SSLError. |
|
Date |
User |
Action |
Args |
2010-10-06 21:46:02 | kiilerix | set | recipients:
+ kiilerix, zooko, janssen, orsenthil, pitrou, giampaolo.rodola, vila, heikki, ahasenack, debatem1, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker |
2010-10-06 21:46:01 | kiilerix | link | issue1589 messages |
2010-10-06 21:45:57 | kiilerix | create | |
|